How To Defend Against A DDoS Attack
With “always on” internet access, real-time applications, and online transaction processing central to the economic activity of many of today’s enterprises, a scenario in which access to a website, portal, or online resource becomes impossible – and stays that way for extended periods – should rightly be of concern.
Such a situation results from a particular species of cyber-assault: the DDoS attack.
What’s a DDoS Attack?
A Distributed Denial of Service or DDoS attack is a form of organised cyber-assault aimed specifically at denying users access to a website or online resource.
DDoS attacks exploit a core principle of the internet itself: the transmission of data packets from almost any source, to almost any destination – because intended or legitimate packets of data are nearly impossible to distinguish from illegitimate ones.
A typical attack scenario involves an immense number of login attempts or calls to a website or server. The huge volume of requests swamps the targeted resource, which loses the ability to tend to its legitimate users.
Attacks may vary in scale and their level of sophistication. Skilled cyber-attackers can mask a fake access request so that it looks like random noise on a network, or dress it up to resemble legitimate web traffic.
A bandwidth attack is a high-volume assault, in which the sheer number of data packets overwhelms the targeted site or server.
An application attack may simulate the actions of a genuine user trying to access a web application (e.g., searching for site content). Ultimately, the resources on the site are prevented from processing normal requests and transactions.
Why Do They Happen?
The reasons given for DDoS attacks may be as varied as the individuals or groups who mount them. Attacks have been attributed to disgruntled ex-workers, rival businesses, government agencies, organised crime, terrorists, and “hacktivists”.
Extortion, social or political protest, general mischief, terror, or a smokescreen to hide other activities have been cited as motives for assault.
It takes a fair amount of computing power to launch a DDoS assault – attackers may assemble the attacke themselves, or go down the route of infecting the systems of unsuspecting users around the globe with malware, which then turns these unsuspecting-third-party computers into transmitters for bogus web traffic.
However, the technology is cheap and readily available. There are even “DDoS for Hire” services out there, that advertise (if you know the right places to look).
How Common Are They?
Cyber-criminals are especially partial to DDoS attacks, since they’re so easy to mount. Victims (especially corporate ones) are often reluctant to admit to having been hacked, so statistics may be difficult to confirm.
But a 2015 report by IT Pro in conjunction with B2B International suggests that almost 50% of IT companies have been affected by DDoS, at some time.
What’s the Damage?
DDoS attacks may vary in impact from the annoying and comparatively trivial (slowing down a network or website) to the catastrophic (forcing a company out of business).
An attack claimed by the Lizard Squad on Christmas Day 2015 effectively shut out an entire online gaming community (Microsoft Xbox Live, and the Sony PlayStation Network).
And the media is rife with tales of attacks on high-profile targets like Citibank, Wells Fargo, and the Bank of America.
But you don’t have to be a huge financial institution to suffer the effects of DDoS. Whatever trade you’re in, if your network is taken down and you can’t service your customers, you’ll lose revenue – not to mention the trust and loyalty of the people you do business with, the damage to your brand and reputation, and/or the legal complications from potential lawsuits and damages claims.
These days, it’s not a question of “if” you’ll become a victim of a DDoS attack, but “when”. So you need to be prepared.
Your General Defensive Strategy
Detecting an attack early enough to do something about it, is your first line of defence.
Chances are that some illegitimate data has already made it through to your network or website. So your next move lies in filtering out the traffic that was generated by the cyber-assault.
There are several methods you can employ to filter out the traffic stemming from a DDoS attack. Each has its plus and minus points.
Do It Yourself: If you have some programming knowledge, you could write some scripts in Python to exclude bad network traffic, or configure your firewalls to try and block it. For the simplest of attacks, this may be effective. But with DDoS attacks increasing in size and complexity, the strain on firewalls (and your scripting prowess) may soon prove too great.
Install Special Hardware: DDoS mitigation appliances are specialist bits of hardware which you can install on your business premises. They reside in your data centre and serve as a barrier and bogus traffic filter for your network servers and routers.These units can be quite expensive to buy and to operate. You’ll need specially trained staff to monitor and manage them. And, for long periods between attacks (if you’re attacked at all) they’ll be sitting on your floor space doing nothing.
Rely on Your ISP: Internet Service Providers may have the resources and bandwidth to keep their clients connected, even in the midst of an attack. They may also have specialist equipment and tools in place to filter out DDoS traffic. But they may lack the expertise and current knowledge to keep up with the latest threats. And DDoS protection will add an additional fee to the services you’re already paying for.
Hire a Consultant: Experts in DDoS protection can make modifications to your filtering hardware, use specialist monitoring techniques, and improve your filtering mechanisms. They’ll also keep up to date with the methods used by cyber-criminals, and can quickly point out areas of potential vulnerability in your network. It’s an additional expense, and you’ll need to do some research of your own to assess the competence and good intentions (or otherwise) of the person you employ.
Cloud Mitigation Services: These are service providers specialising in cloud-based DDoS defence and remediation. Using remote servers and infrastructure, they can guarantee abundant bandwidth allowances and traffic filtering spread over multiple sites, in the event of an attack.
It’s a pay-on-demand solution, and you’ll get what you pay for: if you use several ISPs, hosted services, and/or data centres, the cost of protection may soon mount up. But it’s a highly effective option if you choose the right supplier.
Your Proactive Defence and Mitigation Strategy
It’s not enough to sit back and wait for an attack to happen then try frantically to clean up afterwards. Fortunately, there are steps you can take to ensure that your risk of becoming a victim is minimised – and that your response to potential attacks is sound.
- Assess your network and web resources for potential vulnerabilities.
- Configure your network properly, and specify implicitly which applications are allowed to use which resources.
- Consider buying in extra bandwidth or redundant network hardware to handle fluctuations in demand.
- Have a contingency plan in place, and one or more of the mitigation options described above.
- Consult with trusted partners in your industry and share ideas on DDoS handling strategies.
- Stay up to date with the latest news, blogs, products and publications relating to cyber-security and DDoS issues.