Denial of Service attacks can cripple a network. Thankfully, most DoS (denial of service) and DDoS (distributed denial of service) attacks do not seek to steal information or data, but rather punish the network or extort money from them in exchange for ceasing the attack. Unfortunately, there are very few things you can do to prevent a denial of service attack; nefarious parties intent on doing your network harm are likely determined to do so. That said, there are a number of things that you can do proactively that will minimize the damage and shorten the timeframe of the attack so that your network will be back to operational as quickly as possible.
First, understanding DoS and DDoS attacks is paramount to knowing how to fight them. Most denial of service attacks occur when an attacker floods a network with more traffic or more server requests than the network can reasonably handle. A Denial of Service attack takes place when most of that traffic originates from the same device. These attacks are more easily addressed than distributed denial of service attacks, where hundreds or even thousands of machines (called a “botnet”) are commandeered and used to send a crippling amount of traffic to the network.
Here are five best practices for IT administrators and network engineers that won’t necessarily prevent DoS attacks, but will help you thwart your network’s assailants quickly and return back to operational status:
- Communicate – Having contact information readily available for all parties involved with your network isn’t just a good idea, it’s a necessity. From your internet service provider (ISP) to in-house network administrators to applicable law-enforcement, it is essential that all parties involved be made aware when an attack is occurring. Many ISPs will move quickly to isolate attack traffic away from other customers, and while you may see this as a slight to your immediate problem, they are actually doing you a favor. Establishing the point(s) of attack is helpful in your ongoing fight. Furthermore, you don’t want to be scrambling looking for assistance when your network goes down in the middle of the night.
- Update – Many enterprise-grade firewalls and managed services providers have tools and software packages that can thwart many of the most common denial of service attacks. Make sure your IT administrators, in-house or as third parties, are up to date on all patches suggested for your network security hardware. Don’t fight the battle alone; let the security experts at Cisco, Sonicwall, and other network security companies help you by utilizing their network security devices as they were intended.
- Replicate – While not every network or website has the capability or budget to run a redundant network, there are still cost-effective options for distributing your traffic through different web servers. Since most denial of service attacks try to block valid traffic to your network (and do not harm your servers themselves), being able to switch to a different network backbone means you have the ability to deliver content on a secondary circuit while the attack is taking place on the primary network.
- Expand – Most denial of service attacks utilize “packet storms” to deliver more traffic than a network circuit can handle, thus blocking off valid incoming and outgoing traffic. But what if your circuit was bigger? Considering some DDoS attacks can flood a network with tens of thousands of HTTP and network requests each second, the cost might be prohibitive. But if you are operating an enterprise level IT backbone, it is worth planning for more robust connectivity as a preventative measure for an attack at the worst possible moment.
- Guard the door – Finally, networks can utilize what’s called a Reverse Proxy to detect the source of an incoming denial of service attack and actually block the IP from where the attack has originated. This is obviously more effective when combatting DoS attacks (where there is a single point of traffic origination) than DDoS attacks, but any progress you can make in lessening the wave of invalid traffic is better than sitting by idly as your network grinds to a halt.
As mentioned above, there is very little you can do to actually prevent a denial of service attack. Losing your web traffic or access to data for any amount of time is bad enough without also feeling helpless to address the situation. Remain vigilant and attentive to your network and you can at least minimize the damage in both the short and long term. The best practices above will allow your network to respond in an organized and effective manner. Click here to learn how Mosaic NetworX can help you prepare for and survive a denial of service attack on your network!