Distributed Denial of Service (DDoS), these words strike fear into the hearts of organizations who rely on their servers. Whole government have been brought to their knees by the terrifying DDoS attack…well for a few hours at least. DDoS attacks are automated and spontaneous traffic sent to your website with the end goal of overwhelming your server. In effect, preventing genuine visitors from accessing your website. During a sustained attack it can cost a company an average of $22K/minute with an average downtime of 54 minutes. Costs for business has risen to $2.5 million per attack. This is why the term DDoS strikes fear into the IT hearts of organizations! While these attacks are not preventable, there are measures you can take to defend against DDoS attacks and mitigate their impact.
DDoS attacks are only successful because they overwhelm the set web traffic provision in servers. In many cases preventing a server failure is impossible however it would help to expand the capacity to handle visitors to your server. This can be done by identifying your peak traffic numbers and provision for 10 times that amount. Some remote server providers allow for auto-scaling which also aids with preventing a successful attack. This will increase your expenses too but it is less expensive than suffering an attack.
If your server is being overwhelmed it may be tough to be notified of it until long after the attack has happened. This is why remote monitoring is a strong way to identify when an attack is happening and taking measures to mitigate the impacts of the attack. This way alerts can be setup to let you and your service provider know when an attack is happening. Without this the standard troubleshooting process may be attempted to carried out by you and your provider, which would fail because anything on the server would be inaccessible. Most service providers should provide this service.
Server logs, they provide valuable data to draw insights from when it comes to forensic analysis. However, during a server attack they often become very burdensome. In addition to the traffic the data buildup from the logs can continue keeping genuine visitors from being able to access your website or for your company operations to continue if you work off of your own server. After the attack is over it is good practice to dump the logs if they have become so large that they prevent visitors from access.
IP Anycast is an internet standard that allows for the mirroring of an IP Address to multiple servers which distributes resources and traffic. So when it comes to DDoS attacks this means that it will not be concentrated to only one server. If the network is large enough then it could be distributed in a manner where no one server is overloaded. This has been a critical defensive tool against DDoS attacks and likely one that needs to be worked out with your vendor if you have a remote server.
When is the last time you checked in with your host provider? With ongoing threats they can provide valuable insight to know what measures and security integrations to incorporate for protection. When it comes to DDoS the mitigation of damage should be top priority. Work with your host provider to understand their practices and what you can do on your end to best protect against these attacks. We discussed here provisioning, monitoring, mirroring, and log dumping. However some of these may be better implemented by your host provider.
These are some defensive measures against DDoS attacks that can help ensure the safety of your server and keep your operations going strong. DDoS is a cheap accessible methods for malicious actors to attack an organization. This is at times done in tandem with another type of cyber attack. Malicious actors do not discriminate so never assume you are unlikely to be targeted.
Lafrance, A. (2017, October 21). How Much Will Today’s Internet Outage Cost? Retrieved from https://www.theatlantic.com/technology/archive/2016/10/a-lot/505025/
Osborne, C. (2017, May 2). The average DDoS attack cost for businesses rises to over $2.5 million [Web log post]. Retrieved from http://www.zdnet.com/article/the-average-ddos-attack-cost-for-businesses-rises-to-over-2-5m/
Ponemon Institute LLC. (2012). Cyber Security on the Offense: A Study of IT Security Experts. Retrieved from https://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdf