The 5 Essentials of DDoS Mitigation
DISTRIBUTED DENIAL OF Service (DDoS) attacks are a real threat businesses and organizations deal with daily, but this does not mean they have to endure the slashes of service or slow downs attacks bring on. Organizations do not have to be digitally blindsided when there are options to aggressively resist attacks.
How? Think like a crook and outsmart them. Think like the clandestine figures that use wits, brainpower and computer power to break past your firewalls and defense in depth. Like playing a video game, if you want to get to the next level, you must be a deviant strategist and look for the secret passage, or in a hacker’s case, find the vulnerability.
DDoS attacks can take websites and servers down either by slamming the site with data or by flooding an application server with requests that only appear valid, but in fact are not.
Thinking like a crook could be as simple as asking the right questions and exploring your options. More than one technology has stepped up to the combative lines. These include:
- Appliances deployed within the data center
- Hardened hosting platforms
- Cloud Based DDoS mitigation services
Regardless of the type of solution best suited to be effective against attacks, here are five “must–haves” for your DDoS Mitigation checklist:
- Transparent mitigation. Hackers count on users losing access to your site during an attack. Some users never return. Since your users do not need to know and do not care that you are under attack, any mitigation technology must continue to let people into your site without delay and without being sent through holding areas, splash screens or receiving outdated cached content. Once hackers know their attacks are going unnoticed, they are unlikely to return.
- Bots can’t talk, humans can. Hackers conduct DDoS attacks to cause a nuisance by inconveniencing websites and users. Give users a legitimate fail-safe outlet for complaining or addressing automated lockouts. Users will appreciate that you are thinking ahead of the hackers plot, giving them the outlet to report their experience. Plus, this outlet provides you with further insight into how well, or lack thereof your anti-DDoS system is performing.
- Make sure you whack all the bots. Most sites have very little headroom; even 50 excess page views per second can slow down or take down your site. Make sure your screening is airtight, blocking all application layer bot requests. However, it should not come at the expense of blocking the good bots such as Google, Bing and all other benevolent Internet bots that should be granted access at all times.
- Expect the biggest tidal wave. Network attacks are getting bigger and amplification techniques are getting more widely used. For example, sending a 100byte spoofed DNS request to an open DNS or open “public” SNMP server results in 20 times the amount of traffic hitting your website. Ensure that your site can absorb an arbitrary amount of traffic. Service providers do this by building large 20 Gig data centers and distributing traffic among them, when possible. Network DDoS is less about brute force and more about preparing a database of open DNS servers, or SNMP servers with open “public” communities.
- Without accurate detection, it will be too late. There are actually two parts to DDoS protection: the first is detecting a site is under attack and the second is applying an effective defense. Detection often gets overlooked, due to its tricky nature. Be sure your solution is capable of accurately detecting the attack but remains inactive when the site is not under attack. Needless defensive measures are just as bad as no defense measures at all.
Whether you are a C-level executive or the director of IT, understanding the tactics of hackers helps you gauge how to economize and optimize your forces against a hacker’s efforts. After all, no one builds a winning race car by mounting up turbo power without maximizing safety for the driver as well. Remember, the hacker’s goal, whether motivated by revenge, a competitive ego, or money lust is to keep you from running a business or providing a service. By educating yourself and asking the right questions you are refusing to be an easy target, but rather a cunning match for a hacker.
Source | Wired