IT Trends & Technology Blog | FNTS

Steps to Prevent DDOS Attacks

Written by Don Pecha, CISO | April 30, 2019

 

What started as an average Monday at Yahoo headquarters in 2000 turned out to be one of the first widely reported distributed denial-of-service (DDoS) attacks. After an attacker took over and redirected a university’s computers to flood Yahoo’s internet portal traffic, the media company fell victim to a three-hour blackout that left many scratching their heads, wondering what had just happened.

Unfortunately, since then, such synchronized attacks from multiple internet-connected devices against one target’s website or servers have only become more sophisticated and more prevalent. With the arrival of high-speed internet, faster computers, and a large increase in the sheer volume of computers around the world, there is a much larger pool of devices that can be used for these attacks. In fact, in 2018, one of the largest DDoS attacks hit Github’s site with 1.3 terabytes of traffic per second, twice the size of the previous record attack, which took place in 2016.

As brands rely more and more on the success of their web presence for business, the damage from a DDoS attack can be enormous, with impacts ranging from a minor annoyance to wide-scale disruption and lasting brand damage. We’ve laid out four ways your business can be prepared to fight back.

Distribute Services Across Data Centers

Although there are several different types of DDoS attacks—ranging from those that aim to overload your servers with protocol attacks to the more commonly known volume-based attacks—one of the best things an organization can do is to distribute their services across different data centers. By spreading your primary and backup applications and services across multiple locations, you can ensure that a single DDoS attack will not be able to completely take down all of your services. Fail-over and redistribution mechanisms can help spread out the impact.

Consider a Content Delivery Network

Another strategy employed to help limit the impact of a DDos attack—or prevent it from happening in the first place—is using a content delivery network (CDN) upstream from your internal web services. By using a CDN, which helps to make the delivery of your web-based services more efficient by putting them closer to your audience, not only will your web servers consume less resources overall in responding to web requests, but the direct channels to your services will be masked to potential attackers. Though your web traffic may be slowed, the CDN will help to shield your business from the full brunt of an attack, giving your team time to respond.

Partner with a Managed Services Provider

Organizations can also establish a partnership with a managed services provider, who can take a holistic view of your network infrastructure, web services, and applications and provide built-in DDoS protections. Managed services providers offer many layers of DDoS defenses, ranging from distributed data centers to dedicated network technicians to intelligence traffic monitoring services to large bandwidth capacity, all of which can reduce your exposure and limit the impact from a DDoS attack—often without you even knowing.

Limit Your Attack Profile

In addition to flooding your network with  spoofed packets, attackers can also flood your network with bandwidth-based and application-directed DDoS attacks, so the vulnerabilities that enable these forms also need to be addressed.

Bandwidth-based attacks come in the form of vast amounts of spam or junk requests for information sent to your network, resulting in the loss of available bandwidth and equipment resources to handle legitimate services. In turn, by rate-limiting your routers, adding filters to drop incomplete or known bad packets, closing unused ports, and increasing your bandwidth, your organization can reduce the likelihood that your network will be overwhelmed.

Application-directed attacks can similarly be mitigated with dedicated monitoring and detection software built in on host-based firewalls. Thresholds for the number and length of connections that are allowed open can also be set to prevent applications from being busy handling false traffic, freeing up time to handle legitimate requests.

Staying Ahead of Attackers

By following these four strategies, businesses can make large strides toward protecting themselves against DDoS attacks. With the average small and medium-sized business facing $120,000 in cleanup costs and lost revenue in the wake of a DDoS attack, prioritizing an investment in your network security can quickly have a large return on investment.

To learn more about how your business can be prepared for DDoS attacks and much more, Reach out to the experienced team at FNTS.