Distributed denial of service attacks (DDoS) are expected to increase in 2013. The complexity of the attacks are evolving as well. Banks and financial institutions made headlines last year, but online retailers and website owners still face the same threat. Attacks on smaller websites are more common. Although, these attacks don’t make the news, they still affect business owners that derive an income from doing business online.
In order to mitigate risk, and plan for the continuity of your business during an attack, it’s essential to create a DDoS attack protection plan. Here are the steps you should follow creating a DDoS attack plan for your organization:
1. Understand your current position
When preparing a DDoS protection plan, organizations need to first understand their current position and the threat level of their industry. You have to understand the limits of your current infrastructure, the resources your organization has available, the advantages and disadvantages of each option, and the required expertise to make it happen. Each one of these key areas must be evaluated based on your company’s budget.
A business network also has other security needs that should be evaluated such as intrusion detection and mitigation. These should be understood from the onset before you begin developing a DDoS protection plan for your company.
2. Consider the Options
There are several options for protection against DDoS attacks. These are Cloud based, upstream or on-premise. Various strategies can be used when planning DDOS protection under the three categories including setting up firewalls, having router access control lists, installing intrusion detection systems that listen to the traffic coming into a network and set of alerts in case unusual behavior is detected, using host based intrusion detection and prevention systems which run on general purpose computing platforms and content based intrusion prevention systems that automatically act to prevent attacks once they occur. In all these scenarios, cloud based systems are growing in popularity because they are usually offered away from a business own network, hence diverting attacks from a network.
3. Evaluating sources of expertise
A business should evaluate whether they have the right people to handle DDOS attack protection plan up to its implementation stage. Since DDOS mitigation is expensive, there are two ways to go round it that experts can advise a business to implement. These are DDOS protection hardware and software. Depending on the organization and the infrastructure in place already, some businesses may require a mix of the two. It will be up to the experts chosen to advice. In other cases, a business may not install any hardware, but will make some configuration changes while a DDOS security provider provides the required hardware cover. This is usually a more preferred way for most businesses because it comes with low implementation costs.
4. The DDOS Hardware option
The DDOS hardware option places security infrastructure between the business network and the public external network. Although this does not take care of some attacks such as DNS attacks, it is usually effective. However, it requires a business to cover expensive running costs, in addition to the high equipment costs. These costs include skilled manpower. Some businesses are already at a disadvantage because they lack an IT department and hence the starting costs need to be evaluated for feasibility.
Additionally, changes in the network configuration or a decrease in the number of distributed denial of service attacks can mean that the business is left with expensive equipment that it may not need any longer.
5. The Anti DDOS Software
The anti DDOS software is software that is installed to run on existing hardware so that it analyzes the incoming traffic and filters out any suspicious data packets in real time. A cheaper option to DDOS hardware, it is usually a preferred choice for many businesses. Even with this approach, some professionals have indicated reservation on its use mainly because Anti DDOS software can be overwhelmed by malicious traffic, and because they consider its intervention too late. As a result, many recommend On Demand Professional DDOS Protection, which is a DDOS mitigation system that is based on specialized hardware.
6. The final Solution
The ideal solution depends on the implementation of infrastructure that a business runs. It is not unusual for businesses to outsource their DDOS mitigation needs to professionals who would use sophisticated technology that redirects all traffic to their network through proxy shield.
This is usually a great idea because most businesses are not required to invest in any technology they may not have use of after a few years, and neither are they required to keep technical staff. For small businesses that have no problems storing their data on the cloud, engaging a great cloud service shifts the attacks away from their infrastructure and relies on the cloud service provider to set up the required DDOS mitigation technology. This approach is quick and effective when the right cloud service is chosen.
For organizations that choose to implement the DDOS mitigation themselves, then the options for protection as mentioned earlier, which include using IP verification, filtering traffic using access control lists and configuring rate limiting for SYN packets.
7. Collect Data for analysis
In case a DDOS attack occurs, one way to learn of the nature of the attack, the weaknesses of one’s infrastructure and identify new avenues for DDOS mitigation is to obtain an attack traffic sample for analysis. Also known as packet capture, this can be done using a Linux or Solaris Server with enough processing power to keep up with the number of packets received.