What is the best way to protect my website from distributed denial-of-service attacks?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
In a distributed denial-of-service (DDoS) attack, the perpetrator uses a large number of systems at many different Internet locations to flood and overwhelm a server with bogus traffic requests. These attacks can be difficult to defend against because of the similarities between attack traffic and legitimate Web requests.
However, there are some actions you can take to protect yourself. Here's some basic advice:
- Ensure that you have adequate bandwidth on your Internet connection. You'll be able to foil many low-scale DDoS attacks by simply having enough bandwidth (and processing power) to service the requests.
- Deploy an intrusion prevention system on your network. Some (but definitely not all) DDoS attacks have recognizable signatures that an IPS can detect and use to prevent the requests from reaching the Web server.
- Use a DDoS prevention appliance, including any of the Cisco Systems Inc. Cisco Guard products, that is specifically designed to identify and thwart distributed denial-of-service attacks.
- Maintain a backup Internet connection with a separate pool of IP addresses for critical users. While you won't be able to switch all access to your website over to a backup connection (the attacks will switch at the same time!), you can provide critical users with an alternate path to your site if the primary circuit is swamped with bogus requests.
These tips should get you started on the road toward building a hardy Web infrastructure with the highest probability of surviving a DDoS attack. Good luck!
Dig Deeper on Denial of Service (DoS) Attack Prevention-Detection and Analysis
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.