DDoS Mitigation: Preparing for the Worst
A Distributed Denial of Service (DDoS) attack is an attempt to slow down or bring a site or network completely offline by hounding the network with traffic from multiple IP addresses. This is usually done through a botnet which is a network of ‘zombie’ computers taken over to perform tasks without the owner’s knowledge. A successful DDoS attack makes the target site or network unavailable throughout the duration of the attack which can last from a few hours to weeks.
Though DDoS attacks are growing more common and aggressive there are still steps that can be taken to protect your network and keep unwanted traffic out and the legitimate traffic in.
- Integrate DDoS prevention into your disaster recovery plan – Have a layed out plan of steps to be taken in the case of an attack as time is of the essence and the longer your site is down the more costly it could be for your company. Also, determine in advance how much would be financially lost if you are down for a specific period of time so that DDoS mitigation expenditures can be justified.
- Be aware of the indicators of an active attack – If your website/network is significantly slower or down for an extended period of time rather than a spike of traffic as would be expected during a campaign, it is possible that your systems are being overwhelmed by illegitimate traffic. Also, if the same data is being requested by the same IP address before the Time to Live (TTL) has expired, this could also be an indication of a DDoS attack.
- A customised DDoS mitigation service is absolutely necessary – Don’t trust your firewall to protect your network from aggressive DDoS assaults, even UTM (Unified Threat Management) firewalls with some DDoS mitigation features are not equipped to deal with all forms of attacks. There are services available which are designed to deal with all the types of DDoS attacks executed.
- If you don’t have DDoS mitigation in place find a company to keep on file to call in the case of a DDoS attack – Do your research ahead of time and find a company with the required capabilities to call on in an emergency.
- Block traffic from areas/countries you don’t do business with – Be aware of your customers and their global locations and if you tend to not receive business transactions from Aisa or Eastern Europe, for example, it may be possible to block inbound traffic from particular areas through your firewall or DDoS service.
- If a victim, look for fraud, data breeches and illegal activity – Though DDoS attacks alone do not breech site security, it might be a distraction used to hide more nefarious hacking activity. The vast amounts of incoming data during a DDoS attack could contain malware packets that may compromise the security of your network.
With DDoS attacks becoming more and more common it is no longer a question of if you will ever be attacked, but when. Take the proper steps now to prevent and minimize any future assaults.