Securing data and intellectual property access via a physical network is a key issue in IT today. In 2020, malware attacks have been increasing in frequency and ferocity, and over new attack vectors. Phishing is increasing because users still click on links in their emails.
One particular threat to Cyber Security that can bring down a business is the brute-force attack, better known as a Distributed Denial of Service (“DDoS”) attack. An extended period of downtime could be fatal for an e-commerce site, and the FBI suspects that some organizations have been orchestrating DDoS attacks on their competitors.
What is DDoS?
DDoS attacks are usually launched from a network of computers at different locations, often a botnet of infected computers. Their objective is to flood a server with service requests. They initially used megabytes of bandwidth. Today terabytes are becoming the norm.
What is DDoS Protection?
It’s really quite simple. DDoS Protection is using Cyber Security hardware and software, as part of a risk mitigation plan designed to ensure the server’s continuing availability that keeps you up and running if you are attacked.
Why Do You Need DDoS Protection
GitHGub suffered an attack at 1.35 Tb per second in 2018, at the ame time as an attack on an unnamed site at 1.7Tbps. More recently, Amazon Web Services recorded an exploit at 2.3 Tbps in February 2020. Both GitHub and Amazon went offline.
The FBI reckons that DDoS attacks account for at least one-third of all downtime.
What Can You Do for Protection?
Most organizations cannot, in all probability, stop a DDoS attack using their resources because, by the time they recognize that an attack is underway, they are reacting to it rather than preventing it.
Create a mitigation plan that deploys measures as soon as you detect an attack. In most cases, even with one. by the time you have reacted, the DDoS activity can be enough to bring the server down for several hours. Without one, you have little chance of recovery before your business suffers.
Create protection steps in your mitigation plan to mitigate DDoS attacks
- Detect a DDos Attack earlyThe quicker you recognize an attack is underway, the more likely you are to survive it successfully. You need to be able to identify standard traffic patterns, with the ability to distinguish between a “normal” abnormal traffic pattern and a DDoS attack starting up. Is it DDoS or new traffic following a marketing programme?
- Make sure you have Solid Perimeter DefencesKeep hardware and software defences up to date, properly configured and operational. You can do a few things to lessen the effects of a DDoS attack:
- Provide increased bandwidth. That may give you extra time to put your other measures in place. The attack will continue but won’t overwhelm the server.
- Apply Rate Limits to incoming traffic to protect the Web Server.
- Drop spoofed and malformed packets.
- Drop non-essential services like FTP transfers or peer-to-peer networking.
Understand, though, that this won’t stop an attack. All these measures are likely to do is to give you some time to bring other actions into play.
- Watch out for External Consequences and seek External AssistanceSeveral actions by you, or an upstream service provider are possible:
- You could divert all incoming traffic to a cleaning service or a “scrubber.” The scrubber drops evident DDoS packets before forwarding hopefully legitimate ones to your web server.
- If you don’t liaise with your ISP, they could drop you to protect the rest of their network. You will have no service while they resolve the situation.
- Another approach, especially for massive DDoS attacks, is to call in an attack specialist.DDoS Mitigation Specialists use a very large infrastructure and a range of specialist tools to keep servers up. They are highly experienced in DDoS. Their infrastructure can handle high traffic volumes. All incoming traffic diverts to them for cleaning. When cleaned, they forward it to your website.
It may seem extreme to plan for such attacks, but as already noted, they are increasing in frequency and virulence. The increasing dependence on online services as a result of the pandemic makes it increasingly important for an organization to put effective Cybver security measures in place.