10 steps to mitigate a DDoS attack in real-time

With the ongoing work to shutdown or neutralise botnets, a cyber-arms race has started with hactivists and other cyber criminals constantly searching for new ways in which to amplify attacks. As a result, DDoS attacks are increasingly common.

As the lines between the professional and social use of technology continue to blur, it is vital that businesses start to really recognise the significance of these attacks, how likely they are and how damaging they can be.

For first-time DDoS victims, these attacks can be scary and stressful ordeals. That’s not surprising; poor network performance and website downtime can be massively costly for businesses, both in lost sales and consumer trust.

It’s not all bad news though, as there are some steps that can be taken to mitigate the impact.

1. Verify that there is an attack

Rule out common causes of an outage, such as DNS misconfiguration, upstream routing issues and human error.

2. Contact your team leads

Gather the operations and applications team leads need to verify which areas are being attacked and to officially confirm the attack. Make sure everyone agrees on which areas are affected.

3. Triage your applications

Make triage decisions to keep your high-value apps alive. When you’re under an intense DDoS attack and you have limited resources, focus on protecting revenue generators.

4. Protect remote users

Keep your business running: Whitelist the IP addresses of trusted remote users that require access and mainlist this list. Populate the list throughout the network and with service providers as needed.

5. Classify the attack

What type of attach is it: Volumetric? Slow and low? Your service provider will tell you if the attack is solely volumetric and may already have taken remediation steps.

6. Evaluate source address mitigation options

For advanced attack vectors your service provider can’t mitigate/ determine the number of sources. Block small lists of attacking IP addresses at your firewall. Block larger attacks with geolocation.

7. Mitigate application layer attacks

Identify the malicious traffic and whether it’s generated by a known attack tool. Specific application-layer attacks can be mitigated on a case-by-case basis with distinct countermeasures, which may be provided by your existing solutions.

8. Leverage your security perimeter

Still experiencing issues? You could be confronting an asymmetric layer 7 DDoS flood. Focus on your application-level defences: login walls, human detection, or Real Browser Enforcement.

9. Constrain Resources

If previous steps fail, simply constraining resources, like rate and connection limit is a last resort – it can turn away both good and bad traffic. Instead, you may want to disable or blackhole an application.

10. Manage public relations

If the attack becomes public, prepare a statement and notify internal staff. If industry policies allow it, be forthright and admit you’re being attacked. If not, cite technical challenges and advise staff to direct all inquiries to the PR manager.

>See also: Gartner’s top 10 security technologies for 2014

It’s an unfortunate fact that the DDoS threat has never been greater and is likely to continue to grow.

As ever, the best protection is to be prepared for whatever will get thrown at the network and DDoS mitigation should be part of the preparation.

It’s important to consider if the network is up to scratch to cope with unexpected loads, and if it has the intelligence to identify legitimate traffic during peaks, before an attack hits.

 

Sourced from Gary Newe, F5 Networks

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data
Data Breach
Networks