Website owners, do you know what to do in case of a Distributed Denial of Service (DDoS) attack?
DDoS attacks are nearly unpreventable and can happen to anyone, but understanding how to prevent them can help you lose less sleep over the potentiality of something worse occurring! If you ever see a site go down, whether it be VISA or the CIA, it is more than likely a DDoS attack. DDoS is a go-to tool for attacks by hacktivist groups like Anonymous and its various splinter groups, as well as terrorist groups around the world. And DDoS can happen to anyone, as the nonprofit computer hardware organization Raspberri Pi found out last week.
What IS a DDoS attack?
A DDoS attack is one of many types of Denial of Service attacks (DoS attacks). DoS attacks include a wide variety of methods that center on the idea of sending an artificially high number of requests to a server or network, thereby overloading, or “flooding” a crucial part of the system and causing the site to be inaccessible to legitimate traffic. DDoS attacks are the most infamous of all DoS attacks because they’re the largest and hardest to defend against. A DDoS attack involves a number of sources acting in a coordinated attack (rather than a single source sending all the illegitimate requests). This means that defending against a DDoS attack can be like a game of whack-a-mole: once you identify and defend against an attacking system, another flood of bogus requests comes from another.
Risks of DDoS Attacks
DDoS threats are scary for anyone running a website, most site owners can find solace in knowing that targets of broad, well-orchestrated attacks are usually organizations with connections to national security, big money, and web infrastructure/hosting. If your site doesn’t fall into those categories, the kinds of DDoS attacks you’re likely to encounter will be less sophisticated and less tenacious than the “statement” attacks that make the headlines. In fact, following these five steps can help mitigate and even block these attacks and avoid major site disruptions.
1. Install the latest updates to your servers
Where there are weaknesses in your network, attackers will find a way to exploit them. If you haven’t updated your server software recently, there may be some outstanding software patches that address certain network-level weaknesses. Don’t let out-of-date software be the entry point for an attacker! Be vigilant about your software updates.
2. Use application-level security products
DDoS attacks are increasingly targeting the application level of the technology stack. It takes less artificial traffic to flood requests for dynamic pages within applications than it does to go straight to the network and flood the pipes in the data center. Security products like Barracuda’s web application firewall exist to filter unwanted traffic on the application layer.
3. Invest in protective infrastructure
Also in the application layer, larger sites routinely invest in products like F5’s BIG-IP Product Suite. These infrastructure add-ons give you additional firewall capability at your application servers, beyond what’s offered in your basic infrastructure setup.
4. Use forward caches to your advantage
It’s not just your application servers that need protection: your caching servers are at risk as well. Create understanding in your forward caches like Varnish and Squid that will turn away unwanted traffic.
5. Use a CDN to deliver static assets
One of the benefits of a content delivery network (CDN) is that it relieves strain on origin servers by serving requests from edge servers around the world. In a properly set-up CDN, only a few requests, like dynamic assets and secure transactions, will have to be served by the origin. This means that even if a low-level DDoS attack hits the main servers, the site could still operate with limited functionality via the CDN caches, rather than being completely down. And if the attack is small enough, the origin servers might even have enough extra bandwidth to absorb the attack, thanks to the CDN offload.