THREAT FLASH ALERT: Updated Patch Vulnerability Info for Log4shell Remote Code Execution Vulnerability | SEE ALERT →

How to Defend Against Denial of Service (DoS/DDoS) Attacks

How to Defend Against Denial of Service (DoS/DDoS) Attacks

There have been several recent reports regarding “Distributed Denial of Service” Attacks, which are also known as “DoS” or “DDoS” attacks. There were 972,000 DDoS attacks in January alone, which is higher than any other month in 2021. The second largest DDoS attack ever recorded was Microsoft Azure cloud service which mitigated a 2.4 terabits per second (Tbps) distributed denial of service attack at the end of August 2021. These types of attacks have the ability to cripple any organization with an online presence such as home banking, e-commerce, customer portals, etc. DDoS attacks are on the rise and since they continue to remain an effective tool in the hacker’s arsenal, expect for they types of attacks to be on the increase in the coming months and years. It’s critical that you prepare now for such an eventuality that you may be impacted by such an attack.

Basic Types of DoS/DDoS Attacks

There are two basic categories of DoS/DDoS attacks. The first is a Layer 3 type attack which is essentially aimed at flooding the victim’s internet pipe, routers, and firewalls with massive amounts of traffic. It often exploits specific vulnerabilities on routers and other equipment so that they cannot handle the load and must therefore be rebooted or cause resource overload with RAM and CPU.

The second category of attack is a Layer 7 attack and is quickly growing as a more destructive attack than Layer 3. The Layer 7 attack, which is designed to attack applications, typically uses web servers that have vulnerabilities in the web server operating system or the application running on the web server. Often these web applications have not been secured against application oriented attacks and fail miserably as a result, even when the traffic load is not very high.

Another major concern is that during an incident, the Denial of Service attack is just a distraction away from the real attack that is often occurring simultaneously and that does not get noticed because the incident response team is busy with dealing the diversionary attack.

What Steps Can you Take now?

While it is not possible to be fully insulated from such an attack, research and experience shows that proper preparation for an attack, especially DoS or DDoS can reduce the impact of the incident by as much as 50% or more.

The following recommendations below act as a basic checklist of steps you can take to be better prepared.

  • Train and educate your company on the potential impact of a DDoS attack, know your “Down Time” tolerance, and rehearse with your staff your Incident Response and Mitigation Plan.
    • Ensure that you have a proper response plan and know what the roles and responsibilities of each team member.
    • Ensure that you have a pre-determined response or script for your help desk and customer service representatives to explain that a DDoS attack will not compromise their data.
  • Put the right technology in place to help protect you and ensure that you can defend against an attack. These technologies require proper baselining and tuning before they can be effectively used to defend against an attack, so you need to plan for these in advance rather than purchase them reactively in case you are ever attacked.
    • Specifically, you should invest in a dedicated DDoS Appliance that will be able to take the brunt of the attack, especially if it’s high volume traffic incident. This will give you or your service provider the ability to make adjustments to “tune out” or block part or most of the attack.
    • The second tool you should invest in is a Web Application Firewall (WAF) to provide a second layer to the dedicated DDoS appliance, and to address the traffic that attacks the web servers and their applications.
  • Out of Band Connectivity such as wireless, DSL, cable modem or separate internet connection should be connected to your security systems designed to mitigate the attack. If you are unable to manage and tune the security counter-measure because it is being overloaded, then you’ve been defeated.
  • Have information on how to contact your upstream internet providers accessible via hard copy along with your account information, so that you can get them immediately involved in helping to mitigate the attack.
  • If you have customers that may be impacted by an attack, prepare an e-mail that you can send to your clients that your systems may be slow, partly inoperable, or unavailable. Ensure that you let them know that their data is secure and is not being compromised as a result of the attack. Be prepared to send this e-mail from an independent e-mail service, or alternate company location that has all of your customer e-mails contacts. When the attack is over, follow up with another e-mail to reassure them about the security of their data.

About Security On-Demand

Security On-Demand (SOD) provides 24×7 advanced cyber-threat detection services for mid-market companies and state or local government agencies.  SOD’s patented, behavioral analytics technology platform, ThreatWatch® enables the detection of advanced threats that help protect brand value and reduce the risk of a data breach.  Headquartered in San Diego, California with R&D offices in Warsaw Poland, SOD services and protects hundreds of brands globally and is the winner of multiple industry awards.  Please visit us at www.securityondemand.com. Find us on LinkedIn and follow us on Twitter @SecurityOnDmand.

RECOMMENDED POST