How do you protect against a DDoS attack?

Distributed Denial of Service (DDoS)

The answer to this question depends on what service the organization is trying to protect. DDoS can effect both your internet connection and your web/email servers.

Internet Connection Mitigation

The Dyn DDoS Attack in October 2016 is a recent major cybersecurity attack, which caused major Internet platforms and services like Amazon, Twitter, and Shopify, to become unavailable. Educausereview references ways that businesses can protect themselves from DDoS attacks:

  • Consider having two or more DNS providers. Having redundant DNS providers will enable the site to run even if one provider goes down. Traffic can be load balanced and this provides additional continuity of operations in the event that one of the Internet Service Providers has an outage.
  • Lower the time-to-live (TTL) settings on DNS servers so redirecting traffic to a backup DNS provider is faster. TTL value tells local resolving name servers how long a record should be stored locally before a new copy of the record must be retrieved from DNS.

The DDoS Mitigation Strategy for Internet2, a not-for-profit computer networking consortium, is detailed in a 2016 article by Educausereview. Their strategy includes:

  • Enlisting the assistance of an Internet service provider (ISP) to employ an additional mechanism to evaluate traffic and filter out individual packets that are identified as DDoS.  The increased bandwidth that is available to an ISP prevents this type of traffic from filling up the customer's connection. 
  • Leveraging a multifaceted approach involving filtering and scrubbing, crafted in a manner to supplement existing deployments of DDoS detection and mitigation products.

Web\Email Server Mitigation

Web and email servers can face a number of attacks. Follow these suggestions to help identify known vulnerabilities.

  • Increase capacity by clustering – Grouping independent servers provides additional resources to try and process the increased load. 
  • Implementation of a DoS mitigation system – This allows for DoS mitigation at the edge of the network to filter DoS traffic.
  • Use a hosting service that already has mechanisms to mitigate attacks – An example would be going to the cloud which will transfer the need to mitigate attacks to another party (the owner of the cloud servers.)
  • ISP filtering – The ISP filter can be narrowly tailored to evaluate traffic on specific ports.  This allows the filter to differentiate between web traffic and email traffic.