Jump to:
All businesses want to increase their number of site visitors, but nobody wants the traffic that comes with a distributed denial of service (DDoS) attack. A DDoS attack unleashes a digital deluge, swamping services and locking out genuine users.
In 2000, a 15-year-old by the name of Mafiaboy deployed a DDoS attack that cost businesses including Amazon, CNN and eBay over $1 billion. In 2020, an attack flooded Amazon Web Services with 2.3 Terabits per second of incoming traffic. And in 2007, the entire nation of Estonia was targeted.
DDoS attacks flood your website with junk traffic from multiple sources, costing your business revenue, productivity and credibility until normal service is restored. Prevention is much better than cure. Here are the 9 steps you should be taking now to secure your website and mitigate against DDoS attacks.
Enable Web Application Firewalls
The most common form of DDoS attack is the HTTP flood attack, using different IP source addresses. As well as implementing HTTPS protocols, use a Web Application Firewall (WAF) to inspect incoming traffic and filter out:
- SQL injections which interfere with the logic of an application to access a hidden database
- Cross-site scripting (XSS), which inject malicious scripts to bypass access controls
- DDoS floods which overwhelm the server with TCP/UDP packet requests
You can even use a cloud-based WAF to intercept malicious requests before they reach your infrastructure.
Use DDoS Mitigation Services
Specialized DDoS mitigation services protect a server or network from DDoS attacks by diverting traffic away from the network and “scrubbing” live traffic to keep your website online. Think of it as a dam to block the flood. Again, these services can be cloud-based (eg. AWS and Microsoft Azure) so protection can be deployed from any location and run at a higher capacity than on-premise servers can manage.
Monitor Traffic for Anomalies
Your anti-DDoS software will establish a baseline for your website traffic, bandwidth and request volume. Monitoring tools can then spot and alert administrators instantly if there are any anomalies or abnormalities consistent with an attack. Given the vast amounts of data involved, and the fact that 90% of it is typically unstructured, this is an area where Artificial Intelligence (AI) is delivering significant benefits.
Increase Bandwidth and Capacity
It might not be the ideal response from a financial point of view, but temporarily increasing your network bandwidth and server capacity can prevent a site crashing entirely. While you want to avoid upping the ante against determined attackers, raising your bandwidth will at least prevent them from overwhelming your network in the short term.
Activate Blackhole Routing
Another strategy is to reconfigure your router to divert traffic away from the network. This is called “blackhole” routing since it sends malicious traffic into the void. The only disadvantage is that blackhole routing can also divert (and lose) legitimate traffic, while sophisticated attackers using variable IP addresses can circumvent the routing without too much difficulty.
Work with Your ISP
Your business network might be the one under attack, but your Internet Service Provider (ISP) has a vested interest in restoring normal service. Communicate regularly with your ISP security team and make sure you’re up to date with any software updates and patches. Together, you can block DDoS traffic at router level before it enters your network perimeter.
Analyze Traffic Patterns
Similar to monitoring your live incoming traffic for anomalies, you should also be checking your network logs to identify traffic sources, signatures and patterns. In some cases, it might be possible to trace attacks back to their origins, giving you the option of blocking them in the first instance, and taking legal action in the second.
Isolate Targeted Applications
Application layer attacks target web servers, voice services and border gateway protocols. They are usually lower in volume, but can crash a specific application, rendering it useless. By isolating the application and cutting off its traffic you can at least keep the rest of your website running.
Create an Incident Response Plan
Underestimate the likelihood of DDoS attacks at your peril. Globally, organizations handle an average of 29 attacks per day and the rate is on a continuous rise. In other words, you don’t want to make a plan once an attack is underway. Work with key stakeholders in IT and customer service to cover:
- Communication to customers
- Administering employee access to the network
- Public statements (an important consideration if your company is listed)
- Liaison with legal authorities
- Response and recovery services
It goes without saying that you should be enabling SSL encryption across your website using HTTPS and SSL certificates from a trusted provider. These will at least secure data in transit and prevent eavesdropping and “man-in-the-middle” (MITM) attacks. If your site handles payments, SSL encryption is the minimum standard your customers will expect.
Overall, however, the best solution for peace of mind is to combine the right proactive plan, tools, and response strategy. Choosing a secure and reputable web hosting provider is the first step. NameSilo uses cutting-edge technology and takes support seriously. To find out more about securing your site to the most rigorous industry standards, ask us about our web hosting services today.