How to prevent network denial-of-service attacks
I heard a rumor that GoDaddy.com received an unprecedented number of hack attempts during the Super Bowl, and that other companies have as well during large marketing campaigns. If I expect my company may face an intense attack during a specific period of time, what special measures should I take to withstand the brunt?
This is one of those situations where the various business units need to work together and share information. If your company is, for instance, planning a large-scale advertising campaign, the advertising business unit leaders should engage the IT and security departments. Website traffic (both malicious and legitimate) will likely increase, and the organization should be prepared on all fronts.
As a top priority, make sure enough bandwidth is available to handle not only the surge in legitimate traffic, but also possible small-scale denial-of-service (DoS) attacks. I would also recommend initiating a Web infrastructure vulnerability assessment and a penetration test, including DoS testing, before the new campaign goes live. It should be noted that these attacks can last hours, days or even weeks. Any time you believe you are under a DoS attack, you should contact your ISP representative immediately.
This was first published in April 2009