Wednesday, March 27, 2013

An In-Depth Look at DDoS – Part 2: Considerations to Improve Your DDoS Defense

Okay so if you’ve read Part 1 of this blog series, you now know what DDoS is (and if you don't, you're on the wrong site!). Now what? Well now we start the phase of defending against these attacks. The first thing you need to look at is your infrastructure and determine what tools you currently have in your toolbox that might be able to defend against it.
  • Do you have an IPS with DDoS signatures enabled?
  • Is your router/firewall configured with rate limiting?
  • Should you consider blocking certain countries on your edge?
  • And many more…
Cyber attacks bankThere are many things that can be done with existing network equipment to protect against network layer attacks. If you know that your equipment can barely handle the current production load then being hit with a small DDoS is going to tip you over.

From an application layer perspective, know where you weak points are. How many connections can you database hold without dying? Do you have the opportunity to failover or cluster websites, DNS, etc to push the load of traffic to other sites or distribute the traffic to where you want it?

Knowing what you currently have in your arsenal can really come in handy when you’re attacked later. Also, there are on site or premise devices that are strictly there to protect your network and applications against DDoS attacks. These are looking at the traffic coming into your network and will start mitigating once bad traffic is identified. The problem here is what happens when the load is too much for that system, the routers or your internet connection? I’m glad you asked.
Some options to consider:
  1. Partner with Your ISP - Once you’ve done your due diligence on verifying what you own internally, it might be time to understand how third parties can extend this protection. If you can’t handle a DDoS with your current infrastructure it’s very important to reach out for help. One of the ways of doing this is partnering with your ISP and attempting to get assistance upstream from them.  Since these attacks have to come over their network they sometimes have the capability to block certain IP addresses from ever hitting your network. This can become like playing whack-a-mole if it’s based solely off IP address, but it’s something to keep in your back pocket.
  2. Examine CDN Services - If you’re a large company and are using CDNs (Content Distribution Networks) to help get your site out to the world more quickly and efficiently, it might be worth taking a look at services they offer. Since these services are meant to return any traffic sent to them, many times they have the ability to absorb simple DDoS attacks by design, but they don’t cover everything.
Read the rest of my article for www.algosec.com here: http://blog.algosec.com/2013/03/an-in-depth-look-at-ddos-part-2-considerations-to-improve-your-ddos-defense-.html

No comments:

Post a Comment