It’s one of the oldest cyberattack methods in existence – and one that’s been around for nearly as long as the Internet itself. I am referring, of course, to the Distributed Denial of Service (DDoS) attack. Although there are many different attack vectors a DDoS may exploit and many different methods through which it may achieve its purpose, at its core, every DDoS attack is the same – it floods its victim with bogus traffic or requests until that victim’s infrastructure buckles under the strain.
Occasionally, this is done just to cause chaos, as was the case with Lizard Squad. More frequently, however, a DDoS attack is a distraction tactic – like driving a bus through the front window of a store so no one notices a robber in the back. While a business is overwhelmed dealing with the fact that they are unable to function, hackers might make off with valuable data.
Generally, a DDoS is perpetrated by something known as a botnet – a collection of devices infected with some form of malware that allow them to be controlled via a central platform. Traditionally, such botnets primarily consisted of ‘zombie’ computers, and the odd printer or router. Unfortunately, this has changed.
Thanks to the Internet of Things, we are now seeing botnets comprised of a staggering variety of devices. Fridges, coffee machines, webcams, televisions…if it connects to the web, it can be hacked. And if it can be hacked, it can be forcibly inducted into a botnet.
Now more than ever, you need to consider how you will protect your business from such attacks.
Learn To Recognize The Signs of an Impending DDoS Attack
If you do not already have network and server monitoring tools in place, install them. Familiarize yourself with your typical inbound traffic. If, for example, you typically receive 2000 visitors on Tuesday afternoon, it may be cause for concern if you suddenly see ten thousand pings on your website.
Pay close attention to your server’s performance, as well. If you notice routine tasks are taking an unusually long time or certain resources are unavailable, contact your host. While there is a chance it may simply be a service outage, there is also a possibility that you are under attack.
Finally, keep a close watch on any email accounts that are linked to your server, and the comments sections of any websites hosted on that server. A dramatic increase in spambot activity could indicate that it is time to shore up your defenses.
Take Preventative Measures With Your Server
As the old saying goes, an ounce of prevention is worth a pound of cure. While it is relatively little you can do against a complex DDoS attack without some sort of mitigation appliance, there are a few measures you can take to defeat bog-standard attempts. In addition to over-provisioning bandwidth (or choosing a host that can dynamically provision bandwidth to your site), you should take the following precautions:
- Use an IDS/IPS or WAF to detect attacks early.
- Add filters that block packets from obvious sources of attacks (bogus/blacklisted IPs, infected devices, etc.).
- Drop all malformed and spoofed packets.
- Lower your thresholds for SYN, ICMP, and UDP Flood drops.
Use a DDoS Failsafe
A DDoS attack is meant to bring you offline – whatever secondary purpose it may serve, it is intended to deny legitimate users access to whatever services you offer. One way you can get around that is by implementing some form of failsafe tool. If a user is locked out from your site as a result of traffic blocking during a DDoS attack, give them the opportunity to reach out and address the issue.
Botnets lack the capacity to do so, which means you likely won’t have to worry about any unauthorized traffic making it through as a result.
Account For DDoS Attacks In Your Disaster Recovery Plan
DDoS attacks should be right up there with hardware failure, power failure, and natural disasters as a potential source of data loss – and you should have firm policies and processes in place for dealing with them before, during, and afterwards. Employees should be able to refer to a clear, step-by-step guide that gets them through even the worst denial of service attack.
Install DDoS Mitigation Tools
Especially for large attacks, your best bet is to rely on a DDoS mitigation platform or appliance. Equipped with a powerful infrastructure and advanced detection and monitoring technology, these platforms make prevention and protection far easier than if you attempted to weather such a storm on your own.
It’s important that such tools reduce the apparent impact a DDoS attack has on your website or services. Ideally, you don’t want your users to have to wait to access your site during an attack – that’s how you lose your audience. Instead, the DDoS prevention platform you choose should allow legitimate users to access your site or application as though nothing is wrong.
Pay Attention To Other Suspicious Activity During An Attack
Last but certainly not least, remember that DDoS attacks are very often a mask for something far more insidious. You need to keep a close eye on your server while it is under attack. Install monitoring tools that automatically notify you of suspicious activity such as unusually large downloads, deletions, or duplication.
This will allow you to mitigate not just the DDoS attack, but the actual purpose behind it.
Let Liquid Web Keep You Safe, Secure, And Stable
DDoS attacks can cripple your company if you let them – and not every business has the IT resources or staff necessary to operate a DDoS mitigation platform. That’s where Liquid Web comes in. We include free, basic DDoS protection with every server, in addition to offering two levels of service to detect and mitigate larger, more sophisticated, sustained DDoS attacks.
Contact us today to learn why we’re the most helpful humans in hosting – and what we can do to help you.
The post Prevention vs. Protection: How Should You Mitigate DDoS Attacks Against Your Server? appeared first on Liquid Web.