I recently read that certain industries – including the one I work in – are more likely than others to be targeted by a DDoS attack. Can you give me some tips on how to prevent DDoS attacks?

    Requires Free Membership to View

Ask the expert!

Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)

Distributed denial-of-service (DDoS) attacks are an insidious foe to online retailers and others who depend upon the availability of their websites for critical business functions. For example, the damage caused by the DDoS attacks that Anonymous waged against several major sites this summer was measured in the thousands of dollars per hour. These attacks are also extremely difficult to defend against because of their distributed nature. It is difficult to differentiate legitimate Web traffic from requests that are part of the DDoS attack.

There are some countermeasures you can take to help prevent a successful DDoS attack. One of these is the implementation of intrusion prevention systems (IPSes) with DDoS detection capability, but the effectiveness of this approach is limited. Even the best IPS technology is only marginally effective against DDoS attacks, and it is often possible for those waging the attack to consume all available bandwidth into your network. Whether the attacker swamps your server or your Internet pipe, the effect is the same: Users are unable to access resources on your network.

The most effective (and it’s not all that effective!) way to defend your network against DDoS activity is to partner with your Internet service provider (ISP) to provide clean bandwidth to your network. ISPs are, without a doubt, the experts in DDoS mitigation and are uniquely positioned to protect their customers' network against malicious traffic. ISPs can detect and filter out potential DDoS packets before they reach your border, preventing such attacks from consuming all of your available bandwidth.

Unfortunately, while ISP partnerships are effective, there is no silver bullet for guarding against DDoS attacks. That’s the reason we continue to see news stories about hacker groups successfully waging these attacks against major online sites. If a foolproof mitigation strategy existed, these sites would certainly deploy it!

This was first published in March 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: