DDoS – Is your Business infrastructure safe?
Who is considered safe and who is at risk?
Perhaps you are the Network Admin for your small business, or a rural small-town school, or maybe, even a midsize enterprise with multiple offices scattered throughout a small geographical area.
Have you ever wondered if your business could ever come under attack through the internet? Have you or your network admin ever wondered if a cyber-attack was something you should be concerned about? You may think that your business is not a high value target so it may seem that it may never happen to you, right? Chances are you may not run into any issues throughout your whole career but there is still a possibility of you learning the hard way. Even the most unnoticeable network can be subject to the crippling effect cyber-based attacks.
While you may not be a high-value target, there are many critical services you rely on are that are at risk. These attacks may also continue to exploit and target simple services. For example: Services your company may use are things like FTP, DNS, and NTP. All networks rely on these services to a certain degree. They are also common enough to be able to impact and cripple almost anywhere and anytime.
What to do?
This is unfortunately a huge flaw in something that is so common to your business’ daily grind. We all rely on these services, network, and the internet, and when these simple services are hindered, it can interrupt the services you provide. This highlights some major problems with the foundation of the internet itself. So what can we do to protect the infrastructure of our businesses? How can you stop a DDoS attack?
Identify a DDoS Attack Before it Happens
Maybe your business has it’s own servers, if that is the case, you need to be able to identify when and how you are under attack. The sooner you can target that problems with your website are because of a DDoS attack, the sooner your business can resume your vital services.
In order for your business to be in a position to do this, you must familiarize yourself with typical inbound traffic to your website. The more you know about typical traffic , the easier it is to identify the actual problem. Most DDoS attacks start as sharp spikes in traffic. Knowing the difference between a surge of real customers and a DDoS attack is extremely helpful.
It is also wise for your business to nominate a DDoS specialist who is responsible for taking action if your business should ever come under attack.
Overprovisioning your Business’ Bandwidth
It makes sense for your business to have more bandwidth available to your Web server than what you use. In this sense, you can accommodate for sudden surges in traffic that could be a result from your business’ marketing or other way of increasing traffic.
If you overprovision your bandwidth even by just a little, it won’t likely stop a DDoS attack. However, this would give you a few extra minutes to act before your bandwidth becomes overwhelmed.
Defend your Network (Web Server Based)
Below you will find a few technical measures that can be taken to mitigate the effect of a cyber-attack.
For example, you can:
- rate limit your router to prevent your Web server being overwhelmed
- add filters to tell your router to drop packets from obvious sources of attack
- timeout half-open connections more aggressively
- drop spoofed or malformed packages
- set lower SYN, ICMP, and UDP flood drop thresholds
But the truth is that while these steps have been effective in the past, DDoS attacks are now usually too large for these measures to have any significant effect. Again, the most you can hope for is that they will buy you a little time as a DDoS attack ramps up.
Call Your ISP or Hosting Provider
The next step is to call your ISP (or hosting provider if you do not host your own Web server), tell them you are under attack and ask for help. Keep emergency contacts for your ISP or hosting provider readily available, so you can do this quickly. Depending on the strength of the attack, the ISP or hoster may already have detected it, or they may themselves start to be overwhelmed by the attack.
You stand a better chance of withstanding a DDoS attack if your Web server is located in a hosting center than if you run it yourself. That’s because its data center will likely have far higher bandwidth links and higher capacity routers than your company has itself, and its staff will probably have more experience dealing with attacks. Having your Web server located with a hoster will also keep DDoS traffic aimed at your Web server off your corporate LAN, so at least that part of your business — including email and possibly voice over IP services — should operate normally during an attack.
If a DDoS attack is large enough, the first thing a hosting company or ISP is likely to do is “null route” your traffic — which results in packets destined for your Web server being dropped before they arrive.
“It can be very costly for a hosting company to allow a DDoS on to their network because it consumes a lot of bandwidth and can affect other customers, so the first thing we might do is black hole you for a while,” says Liam Enticknap, a network operations engineer at PEER 1 hosting.
Tim Pat Dufficy, managing director of ISP and hosting company ServerSpace, agrees. “The first thing we do when we see a customer under attack is log on to our routers and stop the traffic getting on to our network,” he says. “That takes about two minutes to propagate globally using BGP (border gateway protocol) and then traffic falls off.”
If that was the end of the story, then the DDoS attack would be successful. To get the website back online, your ISP or hosting company may divert traffic to a “scrubber” where the malicious packets can be removed before the legitimate ones are be sent on to your Web server. “We use our experience, and various tools, to understand how the traffic to your site has changed from what it was receiving before and to identify malicious packets,” explains Enticknap.
He says PEER 1 has the capacity to take in, scrub and send on very high levels of traffic — as much as 20Gbps. But with levels of traffic comparable to those experienced by Spamhaus, even this scrubbing effort would likely be overwhelmed.
Do have a DDoS plan in place with your ISP or hoster so that it can begin mitigation or divert your traffic to a mitigation specialist with the minimum delay.
Call a DDoS Specialist
For very large attacks, it’s likely that your best chance of staying online is to use a specialist DDoS mitigation company. These organizations have large scale infrastructure and use a variety of technologies, including data scrubbing, to help keep your website online. You may need to contact a DDoS mitigation company directly, or your hosting company or service provider may have a partnership agreement with one to handle large attacks.
“If a customer needs DDoS mitigation then we divert their traffic to (DDoS mitigation company) Black Lotus,” says Dufficy. “We do this using BGP, so it only takes a few minutes.”
Black Lotus’s scrubbing center can handle very high levels of traffic indeed, and sends on the cleaned traffic to its intended destination. This does result in higher latency for website users, but the alternative is that they can’t access the site at all.
DDoS mitigation services are not free, so it’s up to you whether you want to pay to stay online or take the hit and wait for the DDoS attack to subside before continuing to do business. Subscribing to a DDoS mitigation service on an ongoing basis may cost a few hundred dollars a month. If you wait until you need one, however, expect to pay much more for the service and wait longer before it starts to work.
Source: http://www.esecurityplanet.com/network-security/5-tips-for-fighting-ddos-attacks.html | Author: Paul Rubens | Posted January 25, 2016
