I recently read that certain industries – including the one I work in – are more likely than others to be targeted by a DDoS attack. Can you give me some tips on how to prevent DDoS attacks?
Distributed denial-of-service (DDoS) attacks are an insidious foe to online retailers and others who depend upon the availability of their websites for critical business functions. For example, the damage caused by the DDoS attacks that Anonymous waged against several major sites this summer was measured in the thousands of dollars per hour. These attacks are also extremely difficult to defend against because of their distributed nature. It is difficult to differentiate legitimate Web traffic from requests that are part of the DDoS attack.
There are some countermeasures you can take to help prevent a successful DDoS attack. One of these is the implementation of intrusion prevention systems (IPSes) with DDoS detection capability, but the effectiveness of this approach is limited. Even the best IPS technology is only marginally effective against DDoS attacks, and it is often possible for those waging the attack to consume all available bandwidth into your network. Whether the attacker swamps your server or your Internet pipe, the effect is the same: Users are unable to access resources on your network.
The most effective (and it’s not all that effective!) way to defend your network against DDoS activity is to partner with your Internet service provider (ISP) to provide clean bandwidth to your network. ISPs are, without a doubt, the experts in DDoS mitigation and are uniquely positioned to protect their customers' network against malicious traffic. ISPs can detect and filter out potential DDoS packets before they reach your border, preventing such attacks from consuming all of your available bandwidth.
Unfortunately, while ISP partnerships are effective, there is no silver bullet for guarding against DDoS attacks. That’s the reason we continue to see news stories about hacker groups successfully waging these attacks against major online sites. If a foolproof mitigation strategy existed, these sites would certainly deploy it!
Ask the expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Related Q&A from Mike Chapple, Enterprise Compliance
Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.continue reading
Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.continue reading
Before using the HIPAA-compliant cloud services from Google, there are some things companies need to know, according to expert Mike Chapple.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.