If your site is publicly known, you might be worrying about attracting the attention of hackers. Distributed Denial of Service attacks (DDoS) are a common tactic that they employ, as they can deny the general public access to your website, costing you untold amounts in sales.
What’s worse, it is often used as a distraction tactic for intrusion attempts, allowing them to make off with your precious data while you busy trying to stop massive amounts of traffic from hitting your web site.
How do you defend yourself against a DDoS attack? This article will help you build a strategy to protect you from this common tactic.
1) Install protective website apps
Security against DDoS attacks begins with the installation of website apps designed to counter these threats. Despite many people think of the so-called SiteLock scam, this service and others recognize the signatures of the most common types of this cyber attack.
There are many hackers that will make use of the simpler scripts and smaller botnets out there – security apps can easily swat these intrusion attempts like a housefly on a kitchen wall.
2) Use your firewall to block common characteristics of DDoS traffic
Back in the early 2000’s, DDoS attacks were so simplistic that most system administrators could use their firewalls to deny access to a hacker by simply blocking their IP addresses. In the past decade or so though, these sieges had become infinitely more complex, as traffic sources are sourced from all over the globe.
However, any attack will have a common thread running through it, no matter how hard the perpetrator attempts to differentiate the traffic assailing your servers. Do a packet capture of the traffic pouring in, and chances are, a pattern will emerge.
Places to look include referring servers, user agents, and URI’s. Once you find a commonality, place a block on it and watch the large chunk of the offending traffic disappear almost instantly.
3) Work with your ISP
If you end up getting targeted by a massive volumetric attack, attempting to block it with your firewall will be as effective as attempting to stop a falling boulder with an umbrella. If you end up in the cross hairs of a big-time hacker, you’re going to need the help of your ISP to help deflect the onslaught.
Build a relationship with them before anything bad happens, as this will make the process of disrupting a DDoS attack smoother. They often have the ability to detect incoming hostile actions, and to squelch large quantities of traffic with data of their own upon your request.
4) Enlist the help of the cloud
Some of the worst DDoS attacks out there have even overwhelmed ISP’s, as their servers are usually concentrated in one place. If you think that you might be a target for an attack of this size and complexity, it may be advisable to contact a cloud mitigation provider.
They have the ability to beat the hackers at their own game, as they have massive amounts of bandwidth at their beck-and-call at multiple locations across the internet. Each of these servers comes equipped with hardware that is designed to filter out bad traffic from good.
5) Debrief with a CSIRT team
During and after getting hit with a DDoS, you will want to coordinate with a CSIRT team. A team of professionals that specializes in cyber security, the information that they will be able to glean from your experience will help them immensely in their quest to catch the criminals that perpetrate these crimes.
They also possess cutting edge knowledge that will help you turn back the worst attacks – they have spent their whole career studying these intrusions, so they know every trick in the book.