How to Protect Your Network against DDoS Attacks
The last thing an administrator wants to deal with is a Distributed Denial of Service (DDoS) attack. Yet, together with the recent rise of hacktivism, DDoS attacks are increasingly becoming a threat that IT admins need to prepared for.
Just recently, the CIA’s main website was allegedly brought down by a DDoS attack launched by Anonymous. DDoS attacks work by essentially leveraging the power of hijacked computer systems (through the use of botnets, for example) to send a huge amount of traffic to a single designated target. This simple concept can be frighteningly effective in bringing down huge sites.
The worst thing about DDoS attacks is that they do not prey on the victim’s weaknesses; therefore being cautious and using the right tools and protection, as in the case of hacking attacks, is not enough.
Despite the threat, there’s still an effective way to protect your network against these attacks – network design decisions. A DDoS is nothing more than a never-ending stream of requests from a large number of sources. The only way to protect against this is by having a system to identify the DDoS source and block it.
This is easier said than done. Identifying the source of a DDoS attack can be tricky and, in most cases, involves tweaking an intrusion detection system (IDS) to differentiate between legitimate requests and attacks. Testing its effectiveness is not easy either. In any case, this will cause quite a few false positives.
Once an attack source is identified, all you need to do is configure the Firewall to block that source until the attack stops. Even so, if your Internet bandwidth is overwhelmed by requests, your site will still probably be inaccessible.
And it doesn’t end here; if you’re the target of a DDoS attack, the next problem to deal with is your Internet Service Provider (ISP). If the attack is large enough, the ISP may opt to cut your route out of the system to save bandwidth and avoid degrading performance for other customers. In this case, the consequences may be worse than the actual impact of the DDoS attack itself as your downtime is likely to be longer. For this reason, you may want to check what your ISP polices on DDoS attacks are before signing up for the service.
Ironically, the ISP also happens to be your best ally in the event of a DDoS attack since their infrastructure is most likely to have the capability to handle the huge amount of traffic if the Firewall is hosted on their systems rather than at your end. This is also something you might want to explore with the ISP.
Defending against a DDoS attack is possible mostly through design choices, and having an infrastructure in place that can help mitigate the damage should you be the target of a DDoS attack.
I think most companies and organizations don’t even consider the possibility of defending DDoS, and are more apt to fuel their resources into their plan as to what to do once it’s already happening. Of course, that’s like eschewing locks on your doors in exchange for a gun in case anybody decides to let themselves in. Not the smartest idea, but because of the complexity and theoreticals of being preventive, it’s the only choice many have.
Having to tackle the intrusion detection system (IDS) is too complicated for the average user. I know DDOS attack protection is the job of the network admin, however ordinary users should also be involved.
Protect your email server and email account and you’ll also be protected against DDOS attacks. Not all people know this but one of the several tell-tale signs that your system or network has been attacked is that the amount of junk mail you received every day has increased three to five times the normal. The more spam messages in your outbox or junk folder, the higher the probability that your systems was or is DDOS attacked.
Unfortunately, you can’t defend yourself against a DDoS carried by an organized group of hackers. When the requests are coming from multiple IPs, your best bet is to shut some of them at random. You can look for the IPs with the most requests but usually by the time you have found them, new IPs take over. It is hard to admit but actually you are at the mercy of hackers and of your ISP, especially if their capacity isn’t huge.
Organizations and enterprises are now equipped with the latest anti-virus, anti-malware, and anti-spam programs . Hackers are now slowly staying away from these type of computers. The growing trend now is to DDOS attack personal computers at homes and public places (such as Internet cafes, coffee shops, libraries, etc).
The hackers know that these computers are the least protected and the most accessed to. Moreover, users of these machines are not that knowledgeable enough about the threats of DDOS attack. Sometimes, they don’t even logout while using Facebook or Yahoo Messenger. Some even enable the “Remember Me” option.
For a more detailed overview of how DDoS attack works, we can categorize its system into three main components: Master, Slave, and Target.
The first and the most sinister of them all is the Master. This is the overall in-charge of the attack. It is also the main source of all codes and programs. They’re the root. The second part is the Slave. It is composed of the infected computer units, workstations and network servers. They’re the bridge used to connect the Master and its target. The last component is the Target. By the name itself, it’s the target of the Master. This is where all command attacks are executed.