On Friday 21st October 2016 (around 17:00 GMT), some of the most successful websites in the world broke down. These included Twitter, Reddit, PayPal and Spotify. They malfunctioned thanks to a DDoS attack on Dyn, a company of which the above are all customers. A DDoS attack hijacks a large number of connected devices and drives substantial online traffic towards a particular target. In theory, this causes the server to overload and the website will crash. It serves as a stark reminder of how vulnerable connected devices can be without observing best safety practices.
Some companies rely on perimeter router or firewall defences to protect them from the initial hijacking of devices. Others try to write security scripts to filter malicious traffic, or depend on overall traffic thresholds. Some even try to deploy more servers in the event of suspicious activity. These methods are unreliable and outdated; the attacks are too large and complex for these methods to withstand them. Below are some of the other options businesses have also embraced.
- Assess The Most Vulnerable Areas
As a preliminary measure to all other protections, be aware of what areas of your network might be targeted. Try to draft an emergency response or disaster recovery procedure, according to which applications and network services may be most lucrative to attack. This will help your business assemble its own internal attack information, in order to fight back.
- Greater Bandwidth From Internet Service Provider
Some businesses try using their ISP (Internet Service Provider) to mitigate the threat of DDoS. This method works simply by granting the business greater bandwidth, so the system is harder to overload. However, this method is also problematic. ISPs have no obligation to invest in greater bandwidth. Nor does this method take account of businesses using multiple internet providers, or cloud-based applications split between data centres.
- Properly Configuring Server Applications
Your IT administrators are naturally at the heart of your anti-DDoS strategy. Perhaps the most crucial thing they can do is expressly determine what resources can be used, by each of your applications. Configuring these appropriately, and establishing how they respond to clients, is a vital step towards protecting your network. This optimises the server and bolsters its chances of carrying on as normal through a DDoS assault.
- Manual Intrusion Detection Systems
There are a number of anomaly-detection systems on the market. These are often able to recognise malignant activity, identifying the exploitation of valid protocols as a method of attack. Moreover, developments in cloud-based machine learning has developed security systems that operate like the human immune system: identifying what is normal activity and what is not. However, these are not necessarily automated and require manual operation by humans.
- Specialist On-Premises Equipment
Rather than depend on firewalls or defensive scripts, a business might choose to put their faith in specialist hardware. These are designed explicitly with protecting against DDoS in mind, and filter malevolent online traffic. However, they are expensive and require consistent manual upgrading. They also struggle when the attacks far exceed network capacity.
- Cloud Mitigation Providers
This is the expert way of combatting DDoS attacks. The scalable bandwidth provided in the cloud outstrips any on-premise solution that might support a business. This capacity has been built out at multiple points around the internet, providing a far greater enterprise bandwidth. Working with a cloud provider also grants the business additional expertise in dealing with problems that do arise. They are also able to take advantage of multiple forms of technology to deal with issues. Cloud mitigation providers constitute the most cost-effective, scalable way of countering the threat of DDoS.
Businesses should also bear in mind a post-attack procedure. This includes an incident report, root cause analysis and so on. Any successful attack can at least help a business be proactive in the future. They might also consider a system of automated communication with customers, to confirm legitimate online traffic. Ultimately, there is no cybersecurity system or strategy that is 100% perfect. Remember that many software systems have been constructed based on attacks that have already been seen. When the attacks, they leave the defences behind again and we have to adapt to keep up. However, the methods mentioned above – particularly the last regarding cloud mitigation – will go some way to supporting that endeavour.
For information on protecting yourself and your business against email-related viruses, click here.
Viastak work with official partners Amazon Web Services and Citrix to deliver secure cloud-based IT solutions, both in the UK and overseas. We have an exemplary track record in granting businesses the power to streamline their regular practices through the use of cutting-edge technology. To find out more, please get in touch.