How to prevent an attack that will disrupt your services? Check out what Is DDoS Protection And Mitigation?
DDoS Protection and Mitigation Overview
DDoS Protection and Mitigation is a set of measures that can be used to protect your website from DDoS attacks. The DDoS attacks are typically organized by groups of hackers and executed. This is by compromised computers, otherwise known as bots.
These bots are usually infected with malware that allows them to be controlled remotely by the hacker group. Also, the compromised computers continuously flood the target with requests. It overwhelms the victim’s system and makes it unable to respond to legitimate requests.
The attacker’s machine directs the botnet to send an HTTP request to a particular website URL. So, the victim’s server then responds with a page containing HTML code. Also, the botnet sends additional HTTP requests to download the HTML code from the website.
It includes instructions for the browser to render and display the code on the end user’s computer screen. So, this results in several hundred requests per second being sent from each bot within the botnet. It can overload web servers within minutes or seconds depending on traffic volume and bandwidth limitations on both ends of the attack.
The following methods can be used to mitigate DDoS attacks:
1. Increase bandwidth
2. Implement a CDN
3. Deploy a WAF
4. Use a DDoS protection service provider
5. Stack against the attack (Redirect the attack to another IP)
6. Add server capacity
8. Implement BCP38
9. Block the source
10. Use a DDoS mitigation toolkit
11. Reduce the number of services exposed to the Internet (Only run what you need)
12. Use iptables for traffic filtering and rate limiting (Useful for Nginx, Apache)
13. Implement RST packet for TCP connections (Useful for Apache, Nginx)
Deploy a WAF
WAF is a combination of hardware and software components designed to detect and deflect malicious traffic. Also, the WAF can identify the attack traffic through the analysis of their signatures and then block the traffic or mitigate it. Using a WAF is a fairly simple, effective way to mitigate DDoS attacks.
It’s a firewall-based solution that is usually used as the last line of defense against incoming threats. Also, it is important to implement a WAF as an additional security measure to reduce your risk of being attacked.
DDoS Protection and Mitigation Methods
Cisco provides an excellent guide on how to prevent a DDoS attack in the article “Defending Against Distributed Denial of Service Attacks”. It includes the main points. To prevent DDoS attacks from happening, you need to secure your network infrastructure against vulnerabilities.
Make sure your router firmware is up-to-date, and make sure all default passwords are changed. Additionally, you need to take into account the following aspects. First, secure your DNS records with DNSSEC, second minimize unused services and protocols.
Another protection is to minimize open ports and secure unused devices connected to your network. Put in place a monitoring system for unusual activity on your network. Then filter traffic using ACLs and firewalls, use stateful inspection firewalls and IDS/IPS.