4 Ways to Prepare for and Fend Off DDoS Attacks
Distributed Denial of Service events and other cyber-attacks are an unfortunate inevitability of doing business on the Web today. The four steps presented here will help your company prepare for and respond to a DDoS attack.
Mon, January 14, 2013
CIO — Cyber attacks of all kinds are on the rise. It is a trend you ignore at your own peril. National Security Agency and U.S. cyber-command chief Keith Alexander said in July that Internet attacks of all sorts surged 44 percent in 2011 and are responsible for what he terms the "greatest transfer of wealth in history."
In a world where you can rent an already-hacked botnet for about $20 to start your attack, and in a world where a criminal enterprise industry has developed to support amplifying attacks in progress, it is important to understand that these types of attacks are simply not going away. Are you ready for them? Are you considering the right points? Here are four strategies to help your organization prepare for and defend against Distributed Denial of Service (DDoS) events in the future.
1. Consider Over-Provisioning a Service in Advance
Most of us develop systems on strict budgets. There is a general resistance among financial types as well as information executives to not pay for unused capacity. This makes good sense in and of itself—why waste your dollars on capacity, either bandwidth or compute, that you are not using? Many companies scale their systems to match a predictable but legitimate peak, such as Black Friday, Cyber Monday or another annual peak load.
In a DDoS attack, however, your site or resource can experience loads many times greater than even your highest peak activity—on the order of 10 or 20 times, if not more. Mind you, I'm not suggesting you budget capacity to pay hackers to blast your network with packets. While you are specing bandwidth and compute resources, though, it makes sense to give yourself a healthy margin of error, even on top of your peak.
With the advent of cloud computing, this has become easier. In most cases, it's simple to spin up additional resources to either meet legitimate demand or ensure access to your services in the event your primary hosting site is under attack. Internet service providers and other providers are also usually quick to offer burst capabilities with their contracts. This way, you can access an assured, ready additional amount of capacity in the event you need it while not necessarily paying full price for it during those times when your load doesn't demand it.
2. Don't Be Bashful About Asking for Help
Many companies and businesses specialize in assisting customers before, during and after a cyber attack&mdashand they serve all levels of clients. Akamai Technologies, Level 3 Communications and Limelight Networks, for example, all serve large customers with highly trafficked sites, but their rates begin north of $10,000 per month just for a basic level of assistance. On the other hand, startups such as CloudFlare offer to take onto themselves the load of distributing your site across multiple datacenters. They then engage in detection and mitigation services without involving your team. CEO Matthew Prince says CloudFlare datacenters see "more traffic than Amazon, Wikipedia, Zynga, Twitter, Bing and AOL combined." If true, this certainly puts the company in the first tier of network experience and engagement.