Here are some best practices for preventing DDoS attacks | ZDNet

http://www.zdnet.com/article/here-are-some-best-practices-for-preventing-ddos-attacks/

DDoS attacks have become more common and bigger in volume. Here are some tips to prevent them from disturbing your business…

1 Comment

  1. Tomi Engdahl says:

    Here are some best practices for preventing DDoS attacks
    Preventing Distributed Denial of Service attacks is both a technical and business issue.
    http://www.zdnet.com/article/here-are-some-best-practices-for-preventing-ddos-attacks/

    Distributed denial-of-service (DDoS) made lots of headlines in late October when a massive DDoS attack on Domain Name System (DNS) service provider Dyn temporarily disrupted some of the most popular sites on the internet.

    DDoS attacks are clearly on the rise. A report by content delivery network provider Akamai earlier this year said such incidents are increasing in number, severity and duration. It noted a 125 percent increase in DDoS attacks year over year and a 35 percent jump in the average attack duration.

    When the Software Engineering Institute (SEI) at Carnegie Mellon University recently posted a blog titled, “Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response,” it became SEI’s most visited post of the year after only two days, according to a spokesman for the institute.

    Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response
    https://insights.sei.cmu.edu/sei_blog/2016/11/distributed-denial-of-service-attacks-four-best-practices-for-prevention-and-response.html

    Architecture. To fortify resources against a DDoS attack, it is important to make the architecture as resilient as possible.

    The following steps will help disperse organizational assets as to avoid presenting a single rich target to an attacker:

    Locate servers in different data centers.
    Ensure that data centers are located on different networks.
    Ensure that data centers have diverse paths.
    Ensure that the data centers, or the networks that the data centers are connected to, have no notable bottlenecks or single points of failure.

    Hardware. Deploy appropriate hardware that can handle known attack types and use the options that are in the hardware that would protect network resources. Again, while bolstering resources will not prevent a DDoS attack from happening, doing so will lessen the impact of an attack.
    In particular, certain types of DDoS attacks have been in existence for quite some time, and a lot of network and security hardware is capable of mitigating them. For example, many commercially available network firewalls, web application firewalls, and load balancers can defend against layer 4 attacks

    Bandwidth. If affordable, scale up network bandwidth. For volumetric attacks, the solution some organizations have adopted is simply to scale bandwidth up to be able to absorb a large volume of traffic if necessary.

    Outsourcing. There are several large providers that specialize in scaling infrastructure to respond to attacks. These providers can implement cloud scrubbing services for attack traffic to remove the majority of the problematic traffic before it ever hits a victim’s network.
    An ISP can offer DDoS mitigation services that will help organizations respond in the wake of an attack.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*