I recently read that certain industries – including the one I work in – are more likely than others to be targeted...
by a DDoS attack. Can you give me some tips on how to prevent DDoS attacks?
Distributed denial-of-service (DDoS) attacks are an insidious foe to online retailers and others who depend upon the availability of their websites for critical business functions. For example, the damage caused by the DDoS attacks that Anonymous waged against several major sites this summer was measured in the thousands of dollars per hour. These attacks are also extremely difficult to defend against because of their distributed nature. It is difficult to differentiate legitimate Web traffic from requests that are part of the DDoS attack.
There are some countermeasures you can take to help prevent a successful DDoS attack. One of these is the implementation of intrusion prevention systems (IPSes) with DDoS detection capability, but the effectiveness of this approach is limited. Even the best IPS technology is only marginally effective against DDoS attacks, and it is often possible for those waging the attack to consume all available bandwidth into your network. Whether the attacker swamps your server or your Internet pipe, the effect is the same: Users are unable to access resources on your network.
The most effective (and it’s not all that effective!) way to defend your network against DDoS activity is to partner with your Internet service provider (ISP) to provide clean bandwidth to your network. ISPs are, without a doubt, the experts in DDoS mitigation and are uniquely positioned to protect their customers' network against malicious traffic. ISPs can detect and filter out potential DDoS packets before they reach your border, preventing such attacks from consuming all of your available bandwidth.
Unfortunately, while ISP partnerships are effective, there is no silver bullet for guarding against DDoS attacks. That’s the reason we continue to see news stories about hacker groups successfully waging these attacks against major online sites. If a foolproof mitigation strategy existed, these sites would certainly deploy it!
Ask the expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Dig Deeper on Denial of Service (DoS) Attack Prevention-Detection and Analysis
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.