How to Protect Yourself From a DDoS Attack
A Distributed Denial of Service (DDoS) attack can be devastating for your business. What kind of preventative measures can you take?
You type in your website address, press load and nothing happens. Eventually you’re served a desultory “page not found” notice. You open a new tab and type in a news site, it loads fine. Your website is clearly down.
[post-quote content='Attacks vary in sophistication and size.
Some attackers disguise their requests as network junk traffic, others are created to look like real requests, others rely on brute force.' position="right"]
Perhaps the reason is innocuous. Perhaps you’re being targeted by a DDoS attack.
Whatever the cause, downtime can cost your business big money and, if it is a DDoS attack, the security of your organization could be endangered. It’s important to understand some of the ways you can protect your organization from such threats. In this blog we’ll discuss four options to shore up your defences against DDoS attacks.
Know Your Enemy
The aim of a DDoS attack is to overwhelm your systems by bombarding them with more requests than they are able to handle. When the server is clogged by requests from the DDoS attack, it becomes unable to serve actual users the information they are requesting from it.
Typically attackers will use a network of hijacked computers to perform their nefarious deeds for them.
Attacks vary in sophistication and size. Some attackers disguise their requests as network junk traffic, others are created to look like real requests, others don’t attempt to dress up the traffic at all and rely on brute force.
More complex attacks will attempt to simulate user-behaviour on a site rather than just requesting an address. They’ll do things like manipulate forms asking the website to process specific actions in order to overwhelm servers.
Four Ways to Protect
The Simple Script Option
The simplest option is rarely the most effective, simple scripts are no exception. A script is installed on the server in order to try to filter out bad traffic.
This can provide protection for a time, but can be soon overwhelmed under the duress of a large attack.
[post-quote content="Your Internet Service Provider can turn into your Internet Service Protector if they offer the necessary capabilities." position="right"]
The On-Site Hardware Option
Dedicated DDoS mitigation appliances are on-site hardware options designed to sit in front of servers and routers to watch all incoming traffic and protect everything behind them against attacks.
Such devices are expensive though, both in terms of up-front cost and operation management. They’re also limited by network capacity and can be overwhelmed if the DDoS attack is large enough.
The Internet Service Provider (ISP) Option
Your Internet Service Provider can turn into your Internet Service Protector if they offer the necessary capabilities. Due to their larger bandwidth capabilities, ISPs can be better placed to deal with large attacks.
However, there are issues. Many large enterprises will use more than one ISP in order to protect against downtime from a single point of failure. DDoS mitigation services cost money, and if you want DDoS protection via ISP, and have more than one ISP, you’re doubling or tripling those costs.
You’re also tied to trusting the competency of your ISP’s defences.
The Cloud Mitigation Provider Option
Using cloud providers for DDoS mitigation has a lot of advantages. Cloud providers are uniquely placed in having amongst the vastest networks on the net: if any service could cope with a DDoS attack, it would be the networks of Cloud providers.
Having to provide critical services to so many enterprises means that Cloud providers need to be at the cutting edge of protecting against DDoS attacks.