Jul 31, 2012

How do you mitigate risks of DoS / DDoS attacks?

Frankly, this is something I never thought would affect my business. I have a small company, no national reputation beyond a few specific customers, and I can't think of anything I've done to make anyone particularly unhappy with me. Nevertheless, last week our system was overwhelmed with a flood of request that effectively shut us down for most of a day. Making the problem worse is the fact that we use a VoIP telephone system, so it also made it impossible to talk with customers (and wives). For a small business, what can be done to prevent or mitigate the effects of a DoS attack?


A SYN/ACK DoS attack that acts by rejecting ACK requests or a Ping DoS attack shouldn't be too difficult to defend against.  You should be able to configure your network to react to the easily identifiable type of internet traffic that those attacks rely upon by filtering or limiting that traffic.  


A DDoS attack is a much more challenging problem.  On the upside, I would think a small business would be a less likely target for a DDoS attack.  It would be prudent to make sure that your back-end is separate from your web facing front-end, so impact on your business is limited.  To really address the DDoS attacks themselves, you could add network capacity to the point that you are basically running a commercial server farm, but that obviously isn't a realistic option, especially for a small company.  You could go with a hosting provider that has that capacity available for you if necessary, and have established procedures for dealing with DDoS attacks.  

This article contains tips on how to defend against those kinds of attacks.

How to Defend Against DDoS Attacks

"A distributed denial of service attack is every business’s worst nightmare. One minute, everything is ticking along as normal. The next, your infrastructure is hit by a tsunami of spurious traffic from across the Internet. Legitimate users find themselves locked out, your ability to do business online grinds to a halt, and there's not a great deal you can do about it – unless you prepare ahead of time.

Nowadays, it is frighteningly easy for attackers to execute a DDoS attack. Botnets comprised of thousands of compromised PCs can be rented cheaply, and software capable of automating attacks can be acquired readily on the underground market. Attacks peaking at tens of gigabits per second have been recorded, and the size of peak attacks grows each year.1 A modest attack can be bought for less than a thousand dollars.2 It’s also quite possible for your site to become collateral damage in an attack against a third party you know nothing about. Witness Twitter, one of the Internet's most highly trafficked sites, which found itself knocked offline for hours last August due to a politically motivated attack launched against a single user.3

While some evidence shows that massive brute force DDoS attacks are falling out of favor among financially motivated criminal enterprises, there are few signs of a decline in DDoS more generally.4 DDoS attacks are so hard to stop that it's not unheard of for some companies to surrender to extortion attempts, quietly handing their attackers tens or hundreds of thousands of dollars in protection money in order to make the problem go away.5"
Answer this