I recently read that certain industries – including the one I work in – are more likely than others to be targeted...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
by a DDoS attack. Can you give me some tips on how to prevent DDoS attacks?
Distributed denial-of-service (DDoS) attacks are an insidious foe to online retailers and others who depend upon the availability of their websites for critical business functions. For example, the damage caused by the DDoS attacks that Anonymous waged against several major sites this summer was measured in the thousands of dollars per hour. These attacks are also extremely difficult to defend against because of their distributed nature. It is difficult to differentiate legitimate Web traffic from requests that are part of the DDoS attack.
There are some countermeasures you can take to help prevent a successful DDoS attack. One of these is the implementation of intrusion prevention systems (IPSes) with DDoS detection capability, but the effectiveness of this approach is limited. Even the best IPS technology is only marginally effective against DDoS attacks, and it is often possible for those waging the attack to consume all available bandwidth into your network. Whether the attacker swamps your server or your Internet pipe, the effect is the same: Users are unable to access resources on your network.
The most effective (and it’s not all that effective!) way to defend your network against DDoS activity is to partner with your Internet service provider (ISP) to provide clean bandwidth to your network. ISPs are, without a doubt, the experts in DDoS mitigation and are uniquely positioned to protect their customers' network against malicious traffic. ISPs can detect and filter out potential DDoS packets before they reach your border, preventing such attacks from consuming all of your available bandwidth.
Unfortunately, while ISP partnerships are effective, there is no silver bullet for guarding against DDoS attacks. That’s the reason we continue to see news stories about hacker groups successfully waging these attacks against major online sites. If a foolproof mitigation strategy existed, these sites would certainly deploy it!
Ask the expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Dig Deeper on Denial of Service (DoS) Attack Prevention-Detection and Analysis
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.