As with most types of online security threats, DDoS attacks are on the rise. One of the reasons for this is that the technology behind the attacks is readily available and can be wielded by inexperienced hackers. You can also buy a week-long DDoS attack for as little as 150 dollars on the black market. If you are in the hosting business or have a website or web-app with lots of traffic chances are you will encounter one of these attacks. According to a Kaspersky Labs report, large companies lose an average of 417 thousand dollars a year as a result of a DDoS attacks.
What is DDoS?
DDoS, or ‘distributed denial of service’ attacks, are a malicious method of slowing down legitimate web traffic which often leads to bringing down entire websites or systems. This attack works by flooding the target server, application or network with fake traffic and requests. DDoS hackers utilize armies of zombie devices known as bots to cause sudden spikes in traffic to cripple or take down a website. The individual bots form a system called a botnet which can consist of hacked computers, websites or IoT devices such as security cameras.
This problem is so prevalent that real time maps exist to track worldwide DDoS attack statistics. Not being prepared for such attacks can affect so much more than just your online traffic. If your website, app or service is down for prolonged periods of time it is likely you will experience a loss of revenue. What is even more devastating for any business is that an unreliable online product or service will inevitably adversely affect your reputation and bring down customer trust. Here are some methods you can use to prevent DDoS attacks.
Activate a Web Application Firewall
A web application firewall, or WAF, is a protective layer between your website and the web traffic it receives. Unlike a regular firewall that provides security between servers, a WAF filters the HTTP traffic of a specific web app. Although most hosting services have some degree of inbuilt website security, implementing a standalone WAF is recommended.
By closely monitoring the weakest points of an application, a WAF can detect security misconfigurations and web application security flaws within the code. Another distinct advantage of WAF is that it provides a layer of protection against zero day exploits. These exploits are particularly dangerous since they are newly created malware not yet detectable by conventional behavior analysis tools.
Make a DDoS Response Plan
Regardless of the size of your business, having a DDoS response plan is crucial if you want to minimize the fallout from an attack. Some larger enterprises have complex structures in place for this, along with dedicated DDoS planning and response teams. When you do get hit with a DDoS attack, time is money – so moving fast is a priority. Your emergency response team should be fully aware of their roles and responsibilities and your data center should always be prepared to take action.
In addition to a dedicated response team, you should also have a detailed systems checklist of all of your security assets. This includes filtering, assessment and threat detection tools, as well as hardware and software protection systems. Once the checklist is in place, it is necessary to define selection and notification procedures so there is no ambiguity regarding the action plan and chain of command. The final piece of the response plan is a list of external and internal contacts that need to be informed about the breach.
Adhere to Basic Network Security Best Practices
A low tech but very important way of protecting your online assets is to minimize the possibility of user errors by implementing strong and consistent security practices. This can be as simple as requiring all users to use strong passwords and to change them regularly. It also includes anti-phishing measures and regular employee training. Although these security measures will not quite stop malicious attacks, they will serve as a strong security foundation on which to build your online security system.
Strong Network Architecture
Your online security will only be as strong as your network architecture. To minimize potential downtime, it is important to have the right backup resources available. These resources are invaluable if, for example, one server is attacked and goes down. The backup servers then pick up the slack and handle the extra traffic while keeping you in business. Whenever possible, servers should be located in different locations. This applies for all other resources, never keep all your eggs in the same basket.
Make use of the Cloud
If you lack the time or knowledge to set up your own DDoS prevention system, you can outsource these security activities to dedicated cloud-based service providers. Leveraging the cloud has several advantages including greater bandwidth and more resources than an internal solution. In addition, cloud-based apps are not homogenous, and their diffuse nature makes them a slippery target for would-be attackers. A further advantage of using cloud-based DDoS protection is that these services employ professional IT engineers whose job is to keep track of the latest DDoS attacks. This increases your protection coverage and continuous threat monitoring.
Know What to Look For
Many DDoS attacks remain undetected until it is too late – until the site, service or app goes completely down. Understanding the early warning signs of an attack will help you react quickly and mitigate the risks. The most common symptoms of a DDoS attack are sketchy connectivity, unexpected network slowdowns and intermittent crashes. Most attacks are characterized by a server crash, and this should be your first clue. “Service unavailable” errors can also be an indicator of an attack. As a rule of thumb any irregularity in performance, lagging or degradation in service is ground for further investigation and remedial action.