DDoS Protection: 14 Unique Ways to Protect Your Organisation

Uploaded on 2017-02-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

DDoS attacks have become a nightmare for organisations with an active online presence. Here are 14 ways to protect your business. 

If your website goes down due to an overload of website traffic, you’re probably a victim of the notorious distributed denial of service (DDoS) attack. DDoS attacks have become a nightmare for companies with an active online presence. From BBC to Twitter and from Donald Trump’s website to Netflix, 2016 saw some of the most unprecedented cyber attacks in the history of the internet.

From BBC to Twitter and from Donald Trump’s website to Netflix, 2016 saw some of the most unprecedented cyber attacks in the history of the internet.

In the ever-changing world of high-tech gadgets and rising popularity of Internet of Things, DDoS attacks have increased 2.5 times over the last 3 years, and are believed to become increasingly frequent in the coming years.

Furthermore, according to a report by Cisco in 2016, the average size of DDoS is accelerating and approaching 1Gbps, which is enough to bring large business offline. Globally, the DDoS attacks grew by 25% in 2015 and are likely to increase by 260% by 2020.

From monetary to brand value, DDoS attacks drastically affect every part of the business. The cost a business can incur from a DDoS attack range up to $20,000 and for airline Virgin Blue lost $20 million in an IT outage that lasted for 11 days in 2010.

Today, businesses need to tighten their seat belts to work and land safely in the highly advanced internet world. Here are 14 unique ways to protect yourself from DDoS attacks.

1. Create an Action Plan in Advance
Why wait for a DDoS attack to ruin your business? Intelligence is in responding to the potential attacks before they happen.

Focus on creating a system that absorbs a potential DDoS attack. Though creating an action plan in advance is not 100% foolproof way of DDoS protection, it does help in mitigating the risk to a great extent.

An action plan might consist of the following items:

  • Use sensors that send an alert whenever the website is down.
  • In case of any malicious activity, dump the logs quickly.
  • Consider contacting your ISP to understand about the free and paid DDoS protection plans.
  • Confirm the DNS TTL (time-to-live) for systems that can be attacked in the future.
  • Document your IT infrastructure and create a network topology diagram with an asset inventory.
  • Purchase DDoS protection products to mitigate the monetary loss due to the attacks.

An action plan comes in handy when your website is under attack because it would reduce the extent of damage caused by the hackers.

2. Monitor Traffic Levels
A DDoS attack brings an unprecedented amount of traffic to your server, which spikes the traffic beyond your imagination.

In fact, an ideal time for any hacker to strike is when your website is likely to witness huge amount of traffic such as Thanksgiving or Christmas. They mix with the genuine traffic and overloads the server with unprecedented traffic, which eventually crashes the server.

Therefore, the best way to quickly notice a DDoS attack is to look out for abnormal traffic increase to your website. If you expect 500 visitors per 10 minutes, an influx of 4000 visitors per minute should trigger an alert.

Staying alert, monitoring the traffic and setting threshold limits when traffic goes beyond a certain level will help you in DDoS protection.

3. Pay Attention to Connected Devices
Internet of things is the latest buzz and a growing topic of conversation both in the workplace and outside. From wearables to retail, healthcare to agriculture, IoT is making an impact in every sector, but even this burgeoning technology is not spared by attackers. Hackers find their way through these connected devices to disrupt the services of a brand.

Paying special attention of the connected devices will help you wade through the DDoS attack. For stronger DDoS protection, change the passwords of the devices regularly, switch off the devices when not in use and verify every device before connecting it.

Until the procession begins, focus on mitigating the threats to protect the connected device and your server.

4. Ensure You Have Extra Bandwidth
It makes sense to have more bandwidth than you would plausibly need because overprovisioning your bandwidth provides extra time to identify and deal with the attack. It also enables the server to accommodate unprecedented spikes in traffic and to some extent lowers the intensity of the attack.

If you overprovision the bandwidth by 200 percent or 600 percent, it will not stop the DDoS attack, but it will buy you crucial time before your resources are overwhelmed.

Therefore, when determining the requirement of bandwidth give your business a healthy margin of error to mitigate the risk of cyberattacks.

5. Train Your Customers On Security
An informed and a trained customer is an asset to your business as they walk with you hand-in-hand for higher DDoS protection.

Explain to the customers the necessity and dire need of safeguarding their systems because hackers target computers with weak passwords.

Gone are those days when birthdate or family name was considered as a strong password for a computer. Urge your customers to keep difficult passwords to protect their privacy. Furthermore, educate the clients to skip any attachments received from email addresses they don’t recognize.

Today, customer education is an essential component of any company’s strategy for DDoS protection. To proactively guard the customers against such cyber bullies, encourage them to review and follow best practices to secure their device.

6. Set up Secured VPS Hosting
In order to save a few dollars, many businesses opt for the lowest price hosting plans available in the market. While the initial cost is low, the threat of DDoS is attack is outrageous. Setting up a secured VPS hosting provides DDoS protection and reduces the probability of an attack.

With a secured VPS, your website has its own portioned space, unique IP address and operating system, thereby isolating the site from cyberattacks. Furthermore, secured VPS hosting provides full access to console, which helps in eliminating the potential malware.

In short, DDoS secured VPS hosting takes away the headache and makes use of the latest technology to put your website in the driving seat.

7. Drop Packets from Obvious Sources of Attack
DDoS attacks have the potential to create a havoc on your business and you need to stop traffic from false sources at any cost. Focus on using the access list at the perimeter of network to prevent malicious activities. Furthermore, instruct the router to drop packets from IPs that are obvious sources of attack. You can also rate limit your router to add another layer of protection.

Again, with the increasing size of online attack, this strategy will only buy time and delay the ramping up of the threat.

8. Purchase a Dedicated Server
Purchasing a dedicated hosting server will provide you with more bandwidth, control over security, and countless resources. With a dedicated server as your first layer of defense, you can successfully run your online site with thousands of legitimate customers without worrying about anything. Undoubtedly, dedicated servers are expensive, but the benefits clearly outweigh any monetary issue you face due to lack of DDoS protection.

Our DDoS protected dedicated servers provide DDoS protection of 20 Gbps with a bandwidth of 10 terabytes. We manage 100% of the server operation, giving you room to focus on other important business aspects.

9. Block Spoofed IP Addresses
“Things are not always what they seem; the first appearance deceives many”.
-Phaedrus

These words hold true, especially for IP address spoofing. For those of you who are new to the word ‘spoofing’ – in simple English, it means ‘presenting the wrong facts in a decorated manner’. Prevention of IP address forgery leads to harmful DDoS attack and you need to focus on the following tips to stop IP address spoofing.

  • Create an access control list (ACL) to deny all inbound traffic with a particular source IP.
  • Focus on using reverse path forwarding (RPF) or IP verify. It works similar to an anti-spam solution.
  • Filter both outbound and inbound traffic to enhance DDoS protection.
  • Change the configuration of your switches and routers such that they automatically reject packets coming from outside your network.
  • Focus on encrypting different sessions on your router to allow trusted hosts who are outside your network.

10. Install Patches and Updates Frequently
Installing updates on open source platforms like WordPress as soon as possible mitigates the risk of attack because the potential security loophole is filled with an update. Therefore, deploy an update within your network as soon as possible. The longer the lag time between the update and the application, the more vulnerable your system becomes.

This is often neglected by many businesses, mainly because of the frequency of updates and they consider it irrelevant to update the application.

11. Aggressively Monitor Half-Open Connections

In a usually three-way handshake:

  • The client request connection by sending SYN (synchronize) packet to the server,
  • The server returns the SYN-ACK (synchronize-acknowledge) packet to the client,
  • The client answers with an ACK (Acknowledge) that the package is received and communication begins.
  • In half-open connections, the packets are not sent to the hostile client. However, the client sends multiple requests to the server ports using fake IP addresses. Such a connection is not closed and remains open making it vulnerable to attack.

Detection of such half-open connections is done by:

  • Adding an empty keepalive message to the application protocol framing
  • Adding a null keepalive message to the actual application protocol framing
  • Using an explicit timer
  • Altering the TCP keepalive settings

12. Use Proxy Protection
Proxy protection provides an extra layer of DDoS protection for any website and keeps your website safe from complex cyber threats. Our remote DDoS proxy protection hides your real IP from hackers and sends proxy traffic through their mitigation network. The best part is that the entire process occurs without the visitors realizing it. Furthermore, remote proxy protection increases the security and performance of HTTP applications. It’s a must for any business looking to create an impact in the online world.

13. Set up RST Cookies
RST cookies are a strong defense against the DDoS because the server sends incorrect ACK + SYN to the client and then the client forwards a packet telling the server about the potential error. Therefore, it prevents the business from potential attack.

14. Filter UDP Traffic With Remote Black Holing
Filtering the UDP traffic with remote black holing can effectively stop undesirable traffic to enter a protected network. These remote black holes are areas where the traffic is forwarded and then dropped. And, when an attack is detected it drops all the traffic based on the IP address and the destination. Here are the three steps to set it up:

  • Prepare a null route
  • Prepare a route map
  • Generate a victim route on the management router

To learn more about various types of DDos attack and appropriate hosting go to RivalHost:

  

« Directors Report March 2017. Cloud Computing For Management (£)
Snowden Helping To Protect Journalists »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

IT Security House

IT Security House

IT Security House is a leading European supplier of Cyber Security Intelligence and eCrime services.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

In-Q-Tel (IQT)

In-Q-Tel (IQT)

IQT is the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies that keep our nation safe.

Altospam

Altospam

Altospam is a full service corporate email protection, integrating multiple security levels for your emails.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

Zorins Technologies

Zorins Technologies

Zorins Technologies is a leading IT company providing IT networking Equipment and expertise in managed services, consulting, and cybersecurity.