DDoS Attack Prevention and Mitigation





Talk about a DDoS attack, and we'll tell you that it's the worst form of cybercrime that may hit you. It mostly involves the attacker using a network of compromised computers (called a botnet) to send superfluous requests to the target server. Consequently, the server fails to respond to the regular traffic, a happening that translates to a failed network system.


Top Examples of DDoS Attacks


On the 21st of October 2016, tens of millions of IP addresses were used by attackers to invade DYN servers (a DNS service provider). Attackers sent quite a several DNS requests from the addresses, which overwhelmed DYN's server, causing a denial of service to millions of users across America and Europe.


Another major attack in history was the one that hit GitHub in 2015. Experts attributed it to politics. The strike lasted days, and experts say it came from China, with most people suspecting that the Chinese government had a hand. It was a sophisticated attack that adapted to defense mechanisms set in place against it. A couple of days later, experts managed to eradicate it.


In 2013, Spamhaus was the hardest hit by a DDoS attack that came from Britain. Spamhaus is a service that helps its users to keep spam emails and other spammy activities at bay. The attack most likely targeted Spamhaus for being the service responsible for filtering over 80% of spam. The British teen attacker drove 300 Gbps of traffic to Spamhaus. However, the attack was brought down quite a few days later.


The Three Main Categories of DDoS Attacks


DDoS attacks can either be protocol, volume-based, or application attacks. Below is further insight into each.


1. Volume-Based Attacks


UDP and ICMP floods are the two main types of volumetric attacks. They involve overwhelming a network's ports with false data requests. As a result, the system cannot respond to regular traffic; thus, a denial of service to regular users occurs.


2. Application Layer Attacks


A network has a layered infrastructure (the OSI network model). The seventh layer is the one closest to the user — and the one often attacked in Application Layer attacks. Since it uses a smaller number of machines, this attack is quite challenging to detect. In the long run, however, it gets worse.


3. Protocol Attacks


Protocol attacks include the SYN attack, the Ping of Death, and others. They often take up server resources and intermediate equipment — like load balancers and firewalls. Its magnitude is expressed in packets/second.


You don't want your website/server to have an experience like the case scenarios the above, do you? I won't take yes for an answer. That's precisely why you need to know what is right to do before an attack knocks at your door. Read on.


How To Mitigate The Attacks


1. Use Cloud Services


Giving the job to a specialized institution has far more perks than doing it yourself, especially if you don't have the skills. Cloud services often have more bandwidth, more resources, and other stuff that work better than the private network. Also, the staff behind cloud services usually monitor the web all the time for any attacks. If you know what it feels like to owe someone a service, that's what cloud services think.


2. Have A Strong Network Hardware Layout


Hardware setups can be a godsend to your security against DDoS attacks. A proper hardware configuration, for example, one that triggers the blockage of DNS on your router or firewall, will prove helpful. If you can't do this on your own, you can ask the experts to offer you the service.


3. Build Redundancy In Your Network


Spreading your servers across different geographical locations is one example of a measure of building redundancy in your network. Ensuring that the servers have a connection to various networks is a better step. If you further configure the data centers to have no fixed points of attack, takes you to another league.


When servers are in different locations, attackers will find it almost impossible to attack more than one of them. What's more, the secure servers will always process requests on behalf of the attacked one, keeping your services up and running as you fix the mess.


4. Know The Warning Signs


While a network may be slow due to other reasons than an attack, a severe network slowdown, connection blind spot, occasional web shutdowns, and other unwelcome signs are indicators of a DDoS attack.


5. Know The Basics Of Repeat Security Practices


Mitigating small, redundant errors is one way of keeping up to top security measures that form a good foundation for preventing DDoS attacks. Some examples of these measures include using strong passwords, changing passwords regularly, using firewalls, and others.


The Bottom Line


There are even more measures to these, but it's quite impossible to exhaust the entire list. These, however, are some of the primary measures that you can put in place.

Comments