in

How to Deal with and Prevent DDoS Attacks | Business Advice

Expert advice on preventing and dealing with DDoS attacks on businesses.

DDoS attacks are increasingly becoming an issue for worldwide organizations that have a huge segment of their business online.

With the development of the sharing economy, we have certainly observed an expansion in the number of attacks and damage caused by them.

For this reason it is so important to understand how businesses can protect themselves from the damage done by DDoS attacks.

Expand and use the table of contents below to navigate the article:

What is a DDoS Attack?

A distributed denial-of-service (DDoSattack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. (Source: Wikipedia)

Editor note: Wikipedia sucks as a source.

Denial of Service Is Not Just About Rate Limiting

Attackers can overwhelm your system by submitting a payload that is too large. For example, a so called zip-bomb is a zip file constructed to have an overly large compression ratio.

Expanding even a small zip-bomb archive can suddenly require gigabytes of RAM and disk space and disrupt your system.

Even benign XML and YAML API payloads can be susceptible to expansion vulnerabilities

Even benign XML and YAML API payloads can be susceptible to expansion vulnerabilities – so called Billion Laugh attacks.

Kubernetes fell prey to such an attack just a few weeks ago.

To prevent attacks on RAM and CPU, make sure that you set limits for those on the virtual machine and container level.

How to Protect Your Business From a DDoS Attack

Perform a Site Index Search on Your Servers

Making sure that your site’s private index and information isn’t searchable by a simple Google, Bing or DuckDuckGo.

Redirecting servers and keeping your business information as non-listed as possible helps prevent criminals and hackers from learning which servers to target.

This can be done without sacrificing your SEO presence through the use of the Robots.txt file and no-index tags.

Enabling and Testing Web Application Firewalls

A great way to know what weaknesses your company has is to perform tests and audits.

Having an outside source do this ensures that a fresh set of eyes can look and see things your CIO and their team may not even consider.

TurgenSec offers comprehensive Web-app Pentesting, website security audits and digital asset management. All our services are catered to company size and budget offering bespoke pricing structures and services. Contact us on [email protected] for a quote.

Subnet and Isolate IoT Devices

IoT devices provide additional targets that can become part of a DDoS attack.

Ensuring that these devices don’t have access to the main network functions and are on their own network can prevent them from being targeted and used in a DDoS attack.

Although it is not always possible to isolate IoT devices from your main network, steps can be taken to moderate your vulnerability if you are to suffer a DDoS attack.

Utilize and Secure Cloud Servers

More and more companies are looking to offload their server maintenance to third parties through cloud server services.

Places like Cloudflare and Amazon will host and take the responsibility to secure servers for a reasonable price that is worth the monthly fee.

TurgenSec offers Digital Asset Management: Managed hosting with a performance and security focus. All the control of an unmanaged solution, as and when needed. Contact us on [email protected] for a quote or more information.

Update and Continually Learn New Layers of Security

The most crucial tip for any business is to learn and continually stay up-to-date on cybersecurity measures and practices.

This isn’t just for your IT department, but everyone employed at your company.

The #1 reason hacks tend to work is because someone let them in. Educating yourself and all your employees reduces the likelihood and probability that your company will be struck with a risk they can’t recover from.

Making sure that everyone’s equipment is up-to-date with the latest software and security installations, procedures and policies, as well as providing meetings every quarter at the latest is one of the best ways you can protect your business and ensure that it will outlast any attack.

Tripwire created a list of 11 respected providers of IT Security Training. It can be found here and showcases both free and paid courses and services offered to businesses ranging from SME’s to large companies.

DDoS Protection Is About Layers

Identify all the layers between the external world and your web application or API and see how to enable DDoS protection or some other form of rate-limiting on each of them:

  • Are you using some sort of CDN (content delivery network)?
  • Are you hosting your system in a public cloud?
  • Is there a web application firewall (WAF) or API firewall in front of your network?
  • If your APIs are behind an API gateway, can you set rate limiting there?
  • If you are using a platform like Kubernetes
  • Is there DoS protection functionality at the Ingress controller?
  • If you use a microservice architecture can you get rate limiting from a service mesh or sidecar-proxy API firewalls?

Your Authentication and Password Reset Endpoints Need Special Attention

These need more stringent rate limits and policies to prevent credential stuffing and brute-forcing.

See the recent example of Instagram account takeover attack that happened because generic rate limits didn’t prevent the attacker from using 500 cloud machines to try the one million possible password reset PIN combinations in 10 minutes.

There Are Some Tools Available to Prevent DDoS Attacks

What Should You Do After a DDoS Attack?

If your business has suffered from a Distributed Denial of Service Attack, there are several things you’ll want to do.

If you are in the attack still, immediately turn on heavy firewall filters, distribute the server loads as evenly as possible, block malicious sites and shut down the servers if you must.

Determine the Servers That Were Hit

Learning which servers have been hit can tell you a lot about the attack.

It tells you what servers are most vulnerable, how big the payload was and how much the attackers knew about your infrastructure to cause the attack.

This can also tell you what they learned from the attack.

Secure Your Network Infrastructure

After a DDoS attack, the hackers have obtained a great deal of information about your servers network access points.

It’s best to change the network configuration, server IPs, and distribute the loads more if possible.

It’s also a good idea to make sure the internal servers that contain private, valuable company data aren’t able to be seen from outside the network.

Legal Obligations

For information on your legal obligations following a breach see our other articles on UK and USA cyber security legislation.

Ensure That Firewalls, Network Access, Malicious Sites, Etc. Are Blocked

The DDoS attack will provide a list of new information to block and add to your firewall settings. It’s important if you’re looking to make sure that your network doesn’t go down again that you account for the measures that allowed the DDoS attack to be successful in the first place.

Performing an outside cybersecurity analysis of the network infrastructure isn’t a bad idea either. It may provide more insights into what else can happen in your business.

TurgenSec offers comprehensive Web-app Pentesting, website security audits and digital asset management. All our services are catered to company size and budget offering bespoke pricing structures and services. Contact us on [email protected] for a quote.

The Experts That Contributed to This Article

This article was made with industry standard input from the below cyber security experts.

Chelsea Brown

Position: CEO of Digital Mom Talk

Chelsea Brown is the CEO of Digital Mom Talk and a Certified Cyber Security Consultant for businesses and families. She secures businesses and family homes through education, digital courses, coaching, private consultations and events. She has a Bachelor’s Degree in Computer Information Technology Emphasis in Networking and Cybersecurity, holds a CompTIA Security+ Certification and has 10 years working experience securing businesses and families homes.

Nathaniel Fried

Position: Co-founder of TurgenSec

Socials: Twitter, Facebook, Linkedin

Nathaniel is an SEO and Marketing expert with 6 years of industry experience.

Mehul Rajput

Position: CEO and co-founder mindinventory.com

Strategic Business Expert with more than 8 years of collective local and Global experience in IT & financial market his current broad IT skill sets and knowledge of business practices that always contribute to the company’s success, has lead several companies to fulfil their goals.

Kristin Davis

Position: Head Of Marketing at 42Crunch

Over 17 years of experience in driving both product and corporate marketing programs across a variety of different industries; with a successful track record of increasing brand awareness and market penetration for new and emerging companies. 

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

0