Technical network security ideas for the SOTA tech team

Not sure if this post belongs in this part of the forum, but I couldn't find any other area it might fit in.
Mods, please feel to move.

During the last 24 hour marathon, the tech guys mentioned that they are looking into different solutions to ensure the security of the network etc.

DDOS
As to DDOS defense, it was mentioned that you simply try not to make people angry enough to do a DDOS attack.
As a security specialist I know for sure that a DDOS isnt necessarily triggered by people being angry, so you still want your defenses up or at least prepared.
In my days as an Operations manager for a Hosting company, we used RioRey http://www.riorey.com/ which in my opinion of the best solutions out there.
Now its expensive as hell. The type needed for SOTA costs a few hundred grand and you likely need more than 1 for redundancy. Last time I checked you can rent them as well on a need to have basis, I believe cost is around 35.000 a year but obviously means it might take a few hours before its in place when a DDOS happens.
Where as owning the system yourself protects your network/Cloud within 90 seconds.
You may want to give them call.


Identified traffic only
One of the things also mentioned was the use of signed messages/cookies, though a final choice wasn't made yet on how to implement.

In my opinion the best way to make sure that you are only dealing with identified users, even before they access your SOTA network environment, is to use client side X.509 certificates. This also protects your users and network against Man-in-the-Middle and network sniffing attacks for example when your network is reachable over HTTPS/SSL connections.

The major advantage of client side X.509 certificates is that you can configure your network to only allow access to those who have a valid certificate. Validity is basically determined by your firewall only trusting your Certificate Authority (CA). Making your own CA is easy (OpenSSL) and loads cheaper than using Verisign or GlobalSign or GoDaddy for example. Also using your own CA isnt an issue since you will be using a gameclient which can simply trust your own CA and doesnt require your users to set it as trusted manually.

A client certificate contains user credentials (either anonymized or not by you), so the network will exactly know who is connecting. Thus also any brute force attacks for example, will be directly tracable back to a user, or his/her infected machine.

Another huge advantage is that the client X.509 certificate is the defacto standard for digitally signing datapackages, which was mentioned by the SOTA team as something you wanted.

Now X.509 client certificates are a huge pain to manage, especially in an environment with hundreds of thousands or millions of players. However the technology market hasn't stood still and the distribution is fully automated using technology of 3rd parties, even to a point where your network administrators dont even need to work with CRLs for example.

Some of these 3rd parties have gone as far to make the technology available as a client side API/SDK, so you can put it into your own game client all under your own control.
Additionally have added features such as trusted user device characteristics mapping, and allowing you to use any type of authentication solutions you already embrace. So as a result you can optionally offer your users a method to protect against Phishing attacks, without the need to implement usually cumbersome to implement and manage soft or hard tokens.

Parties that I know offer such solutions are http://www.secureauth.com/, and http://www.dss-asia.com/ and http://www.keytalk.com/


Well possibly useful or not, but just my idea on how you could secure your network.

 

I think we are talking about an indie game and not a Fortune 500 Financial firm, so a lot of what you suggest would just add a lot of cost. The team probably has an idea of how they want to handle authentication if not the full implementation. I would personally like to understand their tech in a little more detail before getting into how to protect it. However, even with authentication DDOS attacks just generate traffic, and a rejected authentication can be utilized just as efficiently and can sometimes actually create more bottlenecks.

I had thought they discussed cloud hosting the servers, and this would give them some protection from increased traffic and all the benefits of the systems that protect the cloud providers network. If this is offloaded they may not to put too much into anything but resisting unauthorized access. DDOS protection would be provided by the hosting provider and upstream provide who can afford the tools necessary. These systems are quite resilient against or initiating attacks. Of course this assumes they cloud host with one of the big providers.

As someone who works for a Fortune 500 Transportation company where system outages can cost billions for mere minutes of downtime, I have had the pleasure of having a marketing company's fudged Amazon hosted advertising services simulate an extreme DDOS attack on an application I support. There is nothing you can do or reasonably afford to protect your own network from that type of attack. Usually expensive systems are put in place just to satisfy investors or customers without any real hope of making any impact on even an unintentional but serious DDOS attack, and - as such - we had them and a good security team. All we could do was trace the source and contact the responsible provider to turn off the firehose.

Now maybe I just don't understand exactly what you are suggesting because I am sitting in a sleep deprived stupor, and if so I apologize. But I am sure during the alpha and beta this will be worked out, and we will be tasked with testing out these type systems.