Dealing With Distributed Denial of Service Attacks - Preparing Your Defense
(Page 3 of 4 )
Before an attack occurs, you need to determine which parts of your online presence are most critical to the functioning of your business. The reason for this is simple: your Internet connection probably handles a variety of tasks, including outbound web traffic, incoming web traffic, SMTP email and DNS traffic. If your connection cannot handle all of that at once, as happens during a DDoS attack, which tasks have priority? Once you have set a policy for that issue, your technical fixes can fall into place.
Some attacks can be screened against. For example, you can have a router configured to screen packets before they enter your company’s network. Indeed, screening routers are commonly used today, and will prevent the standard spoofing DDoS attacks. If a screening router is also configured to filter outbound packets, it can make sure that your company does not become the source of a DDoS attack.
Certain types of DDoS attacks can be hard enough to detect that a screening router wouldn’t pick them up. Before an attack occurs, then, you need to understand what your normal user behavior and traffic is like, so that you can spot it when something out of the ordinary happens. If you currently have network monitoring tools, you’ll want to check whether they support the detection of anomalous traffic patterns.
You can also use something called an Intrusion Detection System (IDS) to detect anomalies. An IDS may even be able to reconfigure routers or firewalls when it detects something abnormal. There will naturally be a delay between the detection and the reconfiguring. At least one security company claims that using an IDS carries a certain risk – if an attacker can trigger the IDS to reconfigure the system, for example, it could lead to a self-denial of service. Your mileage may vary.
Firewalls can be good to use along with other defenses. Like screening routers, they can be used to filter packets. Typically, they don’t deal with this task as well as screening routers, so firewalls should not be used as the first line of defense against a DDoS attack. There are now companies that make dedicated DDoS prevention products, which may be worth investigating.
Next: Working With Your ISP >>
More Web Hosting Articles Articles
More By Terri Wells
