Imagine your average day at work. Managing orders, monitoring transactions, providing services, just as usual… but then, out of nowhere, your website has just disappeared and all orders and services have gone down. If something like this happens to you, then there is a strong possibility that you have become yet another victim of Distributed Denial of Service (DDoS) attack.
DDoS attacks have become one of the most common disastrous attacks on the Internet. The number of attacks along with their size and intensity has increased substantially: in the space of just last year 57% rise in total DDoS attacks have been reported. That is why we want to share with you some of practical tips to defend against DDoS attacks and actions worth taking while experiencing the attack to minimize losses:
1. One of the well-known approaches to handling DDoS attacks is over-provisioning. In order to scotch the attack and reduce its impact on your clients you need to provision for far more traffic than you usually expect to receive. How much should be enough? Estimate the largest amount of traffic that you have ever had, multiply it by ten and adapt your hardware infrastructure to cope with this level of traffic. It will make much more difficult for an attacker to generate enough traffic to bring down your company’s network.
2. If you are experiencing DDoS attack you need to consider disconnecting from a network. It will result in taking your business off-line and cutting off access to all your products and services but at the same time it will prevent from further utilizing network resources.
3. Additionally, you can perform DNS redirection by changing an “A” record which provides servers with the IP address of your domain. Keep in mind that you have to notify your clients about it so they can enter new IP address in order to keep using services of current network provider. This method is as effective as quickly DNS propagation is proceeded. It may take even a few hours and often requires a direct contact with a hosting service provider.
4. IP addresses are cached by servers around the world for a specific period of time (measured in seconds) which is known as “Time to live” (TTL). Usually, default TTL value is 86400 seconds (24 hours), which may be far too long if you are under DDoS attack. You can reduce losses by controlling TTL value: the shorter TTL value, the quicker you will be able to redirect all web site requests to a new IP address. You need to, however, bear in mind that shorter TTL value means more frequent requests which, in turn, increases the load on your DNS host.
5. Changing DNS or even migrating to another server may be not sufficient to completely resolve the problem. If an attacker finds out what your intentions are, the attack will be redirected to a new target and everything may start all over again. Therefore, it is also worth giving some thought to cloud-based traffic scrubbing services which are able to quickly filter out malicious software from data stream. Data cleansing service providers are the first line of defence against high-volume DDoS attacks – they have sufficient bandwidth and proper tools to filter network traffic which stems DDoS packets within the cloud and pass normal traffic to the company network.
6. You may also take into consideration some additional services, such as CloudFlare. They monitor network traffic and collect data that are used as a basis to assess the risk of possible attacks. Thanks to this, each attack attempt is thwarted before it does any damage. What is more, in case of a serious attack, they are able to restore a webpage and revert back any negative changes using previously made backup files. This way, users may not even notice the malfunction.
Destructive power of DDoS attacks cannot be disregarded. Every company needs to ensure its sustained operation and resource availability by remaining vigilant and taking all possible measures to mitigate the risk of being hit before it happens.