DDoS attack prevention approach on the systems of your company

DDoS attack prevention

The aim of a DDoS attack is to deplete the network, application or service resources so that genuine users can’t access them.

Diverse types of DDoS attacks are available, but generally, a DDoS attack is launched simultaneously from various hosts and may affect the availability of the Internet services and resources of even the largest companies.

It occurs every day for many organizations; 42 percent of respondents saw over 21 DDoS attacks per month, based on the Worldwide Infrastructure Security Report thenth, compared with 25 percent in 2013.

The frequency of such attacks is not only increasing, but also their size. Less than 40 attacks in 2013 were over 100 Gbps in size, but 159 attacks in 2014 were over 100 Gbps, the biggest being 400 Gbps.

Enterprise networks should select the best DDoS prevention services for DDoS attack protection and network prevention.

ExplorDing DoS types of attacks:

The various types of DDoS attacks vary considerably but are generally in one of three wide categories:

  • Volumetric attacks – These attacks are designed to overwhelm the infrastructure of a network with demands for bandwidth – intensive transport or resource saving.
  • TCP State – Exhaustion attacks — Attackers are using this way to abuse the stated nature of the TCP protocol to exhaust server, load balancers and firewall resources.
  • Application layer attacks — the aim of these attacks is a certain aspect of a Layer 7 application or service.

Volumetric attacks remain the most frequent of DDoS attacks, but attacks combining all three vectors are common, increasing the length and magnitude of an attack.

Politic and ideological, vandalism and online gaming are still the main drivers of the DDoS attacks. Yes, players will DDoS a gaming infrastructure to gain a competitive advantage in the online game.

While DDoS is the choice weapon for hacktivist and terrorist operatives, it is also used to extortion or distort the operation of a competitor.

DDoS attacks are also increasing in use as a diversionary tactic. For example, advanced, persistent threat campaigns use DDoS attacks to distract a network while exfiltrating robbed data.

With the complex hacker community packaging and sophisticated attack tools into easy-to-use, downloadable programs, even those who do not have the necessary know-how can buy the ability to launch and control their own DDoS attacks.

And the situation only gets worse as attackers start conscripting everything from game consoles to routers and modems to increase the amount of attack traffic they can generate.

These devices have default networking features and they use default accounts and passwords to easily enroll targets to a DDoS attack. The majority of them are Universal Plug & Play-enabled (UPnP), whose underlying protocols may be abused. Akamai Technologies has found 4.1 million UPnP devices facing the web are potentially vulnerable to DDoS attacks. The increased number of internet connected devices that are poorly secured or configured increases the ability of an attacker to produce increasingly powerful attacks.

Method of prevention:

Worldwide DDoS Attacks and Protection Report:

The securing of internet-facing devices and services helps to secure the internet as a single network and reduces the amount of devices which can be recruited into a DDoS attack.

Repeatable tests and a serious approach One of the best methods is the penetration test for all types of vulnerabilities of web applications. Hackers ‘ main protocols are NTP, DNS, SSDP, Chargen, SNMP and DVMRP that abuse the process of generating DDoS traffic; any services used for them should be configured and run on hardened dedicated servers.

Enterprises that operate a DNS server, for example, should follow the Secure Domain Name (DNS) Deployment Guide from NIST Special Publishing 800-81, and provide advice to secure NTP servers from the Network Time Protocol site. Many attacks work, because attackers are able to generate traffic with spoofed IP sources.

Enterprises should implement anti-spoofing filters as covered by documents BCP 38 and BCP 84 of IETF Best Common Practices to prevent hackers from sending packets from another network that claim to originate.

Not all types of DDoS attacks can be predicted or avoided and even a resource-limited attacker can generate the volume of traffic required for disrupting or seriously disrupting large, heavily defended areas.

Although it is almost impossible to eliminate or mitigate the DDoS attack completely, in the long run it is important to ensure that all machines and services are configured properly so that services that are available to the public can not be exploited and misused for potential attackers.

We’ll help ourselves by helping others. An organization must always ensure maximum protection for company networks, and in 10 seconds you can try a free trial to stop the DDoS attack.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.