Distributed denial of service or DDoS attacks is very common to disrupt a network. There can be various reasons behind a network attack, from taking servers offline to causing damage to a business’s reputation. In this article, you will learn How to Protect your Network from DDoS attacks from hackers and cybercriminals. DDoS attacks can be very dangerous are can take down your entire infrastructure. This can lead to many disasters including users unable to access resources and important files.
Denial of Service can come in many shapes and sizes. There can be some that may only slow down your network or servers. The other can take it completely offline for a good amount of times. This can range from minutes to hours, the worst even the whole day. You should secure your network and have all types of mitigations in place for staying safe and secure.
Below we are going to share 6 essential tips for DDoS protection.
- 1 Have DDoS Protection, Defense and Mitigation arrangements
- 2 Be ready for the high-volume attacks and not just the small ones
- 3 Contact your hosting company or Internet Service Provider
- 4 Defend your Network at the perimeter level
- 5 Keep Monitoring Traffic (If you host the servers)
- 6 Keep an eye on the application-layer
- 7 Final Words
Have DDoS Protection, Defense and Mitigation arrangements
You should always have a DDoS mitigation plan about how you will react if an attack occurs. The rise of cloud technologies has brought some great services with it. There are many cloud-based DDoS mitigation services out there. If you are choosing such a service make sure it is transparent and seamless. The users should not know or feel that there is an attack going on. Everyone hates a slow website, network and so on. Be aware that there are products out there that offer built-in ‘DDoS-Protection’ but they don’t! They are not as powerful and as capable anymore. The criminals have advanced a lot in the last few years.
Devices like load balancers, firewalls, intrusion-detection systems (IDS) and intrusion-prevention systems (IPS) won’t work. Your first goal should be to not let the attack reach these devices. They are highly vulnerable. An example would be that if you have a 5 Gbps network and the attack is of around 60 Gbps, there is no chance you will be able to stop it. You will need to have some upstream network providers to stop and mitigate attacks. They will make sure that the attack is stopped before it reached your networks.
Below is a list of some popular companies that provide DDoS protection services:
Be ready for the high-volume attacks and not just the small ones
Make sure to have extra bandwidth available. You should have more bandwidth that you need at all times. There are a number of reasons why you should do this.
- If there is a sudden increase in traffic your server will be able to handle it.
- If you are advertising a new product or service, the impact on the site performance will be much less.
- You should have at least a compromise of around 200% to 600% for bandwidth. The reason behind this is because, if you can a DDoS attack you will have a couple of minutes to mitigate the attack until your servers are overwhelmed.
Contact your hosting company or Internet Service Provider
Try to call the ISP you are using and if you are not hosting your own servers, contact the hosting provider. You need to tell them that your servers and the whole network is under attack. It is always a good choice to have your server in a datacentre that is powerful. By this, I mean that it should have much higher bandwidth links. They might also have much more experienced and professional employees in their security department. This will help them deal with such an attack more efficiently.
They can stop the attack by doing ‘null route‘ to your traffic. This will stop any malicious packets from reaching your server.
Defend your Network at the perimeter level
You can mitigate a network and have defenses at the perimeter. As soon as an attack starts taking place, in the first minutes you can take a few steps to make sure to lower the impact. You can take a number of steps to ensure these technical changes. Below are a few you can do in such a situation:
- Connections that are not responsive and half-opened.
- Packages and packets that are spoofed and not formed properly should be dropped.
- Rate limiting your router also helps.
- Add filters to your firewall/router to block traffic from malicious sources.
- Make sure ICMP (Internet Control Message Protocol), SYN (Synchronization), UDP (User Datagram Protocol) and other protocols have lower values/thresholds.
- Changing IP addresses can also be handy in some scenarios.
Keep Monitoring Traffic (If you host the servers)
The quicker you identify if you are being attacked or there is a major spike in traffic. The more time you will have to better act on the problem and stop it. To get good at this you should keep looking at your traffic more often especially inbound traffic. When you get yourself familiar with how the so-called ‘normal’ traffic to your network looks like. It will be much easier for you to spot for abnormalities and attacks.
Some common signs are a sudden huge spike in traffic. You should always have a plan on how to secure the network from a denial of service attack.
Keep an eye on the application-layer
Criminals are getting smart along with the technology. They are using new and new techniques and methods to go stealth and updated every day. Attacks that happen on the application-layer are much harder to detect. They are not as high-volume but are mainly targetted to disrupt access to an application. Start inspecting your packets more and more. See what is going on in that layer.
A web protection tool can help you mitigate an application-layer DoS attack. Another great tip is to deploy your application on different servers in different locations. So if one of the locations get attacked you can come back live from the alternate location. This will add more redundancy to your applications.
To stop your servers from being a zombie for a DDoS attack. Make sure you disable UDP port 11211. This is a quick fix for the Memcache vulnerability that has surfaced recently.
DDoS attacks are on the rise daily. The hackers are now using vulnerable IoT (Internet of things) devices to generate high-volume DDoS attacks. The recent Memcached attacks are very popular. They are using vulnerable Memcached servers that are generating very powerful attacks that can have a massive impact on your network and applications. There are many disadvantages and downsides of being hit by a DoS attack. These range from your customers losing trust in you, using another service instead of yours because your’s is offline to many others as well. I hope this guide has helped you and answered your question about How to Protect Your Network from DDoS Attacks with some extra professional tips included.
More security guides for your networks and infrastructure: