With the ongoing work to shutdown or neutralise botnets, a cyber-arms race has started with hactivists and other cyber criminals constantly searching for new ways in which to amplify attacks. As a result, DDoS attacks are increasingly common.
As the lines between the professional and social use of technology continue to blur, it is vital that businesses start to really recognise the significance of these attacks, how likely they are and how damaging they can be.
For first-time DDoS victims, these attacks can be scary and stressful ordeals. That’s not surprising; poor network performance and website downtime can be massively costly for businesses, both in lost sales and consumer trust.
It’s not all bad news though, as there are some steps that can be taken to mitigate the impact.
1. Verify that there is an attack
Rule out common causes of an outage, such as DNS misconfiguration, upstream routing issues and human error.
2. Contact your team leads
Gather the operations and applications team leads need to verify which areas are being attacked and to officially confirm the attack. Make sure everyone agrees on which areas are affected.
3. Triage your applications
Make triage decisions to keep your high-value apps alive. When you’re under an intense DDoS attack and you have limited resources, focus on protecting revenue generators.
4. Protect remote users
Keep your business running: Whitelist the IP addresses of trusted remote users that require access and mainlist this list. Populate the list throughout the network and with service providers as needed.
5. Classify the attack
What type of attach is it: Volumetric? Slow and low? Your service provider will tell you if the attack is solely volumetric and may already have taken remediation steps.
6. Evaluate source address mitigation options
For advanced attack vectors your service provider can’t mitigate/ determine the number of sources. Block small lists of attacking IP addresses at your firewall. Block larger attacks with geolocation.
7. Mitigate application layer attacks
Identify the malicious traffic and whether it’s generated by a known attack tool. Specific application-layer attacks can be mitigated on a case-by-case basis with distinct countermeasures, which may be provided by your existing solutions.
8. Leverage your security perimeter
Still experiencing issues? You could be confronting an asymmetric layer 7 DDoS flood. Focus on your application-level defences: login walls, human detection, or Real Browser Enforcement.
9. Constrain Resources
If previous steps fail, simply constraining resources, like rate and connection limit is a last resort – it can turn away both good and bad traffic. Instead, you may want to disable or blackhole an application.
10. Manage public relations
If the attack becomes public, prepare a statement and notify internal staff. If industry policies allow it, be forthright and admit you’re being attacked. If not, cite technical challenges and advise staff to direct all inquiries to the PR manager.
It’s an unfortunate fact that the DDoS threat has never been greater and is likely to continue to grow.
As ever, the best protection is to be prepared for whatever will get thrown at the network and DDoS mitigation should be part of the preparation.
It’s important to consider if the network is up to scratch to cope with unexpected loads, and if it has the intelligence to identify legitimate traffic during peaks, before an attack hits.
Sourced from Gary Newe, F5 Networks