- Do you have an IPS with DDoS signatures enabled?
- Is your router/firewall configured with rate limiting?
- Should you consider blocking certain countries on your edge?
- And many more…
From an application layer perspective, know where you weak points are. How many connections can you database hold without dying? Do you have the opportunity to failover or cluster websites, DNS, etc to push the load of traffic to other sites or distribute the traffic to where you want it?
Knowing what you currently have in your arsenal can really come in handy when you’re attacked later. Also, there are on site or premise devices that are strictly there to protect your network and applications against DDoS attacks. These are looking at the traffic coming into your network and will start mitigating once bad traffic is identified. The problem here is what happens when the load is too much for that system, the routers or your internet connection? I’m glad you asked.
Some options to consider:
- Partner with Your ISP - Once you’ve done your due diligence on verifying what you own internally, it might be time to understand how third parties can extend this protection. If you can’t handle a DDoS with your current infrastructure it’s very important to reach out for help. One of the ways of doing this is partnering with your ISP and attempting to get assistance upstream from them. Since these attacks have to come over their network they sometimes have the capability to block certain IP addresses from ever hitting your network. This can become like playing whack-a-mole if it’s based solely off IP address, but it’s something to keep in your back pocket.
- Examine CDN Services - If you’re a large company and are using CDNs (Content Distribution Networks) to help get your site out to the world more quickly and efficiently, it might be worth taking a look at services they offer. Since these services are meant to return any traffic sent to them, many times they have the ability to absorb simple DDoS attacks by design, but they don’t cover everything.
No comments:
Post a Comment