Distributed denial-of-service protection: How to stop DDoS attacks

In this tip, which is a part of our Web Application Attacks Security Guide, you will learn what a distributed denial-of service (DDoS) attack is, and learn how to stop and prevent DDoS attacks by using intrusion prevention technologies and products.

A distributed denial-of-service (DDoS) attack can be detrimental to an organization, costing it time and money,...

by forcing corporate systems to essentially shut down. In this tip, gain a better understanding of how distributed denial-of-service attacks work, the damage they can do and how to stop DDoS attacks from causing harm to enterprise servers and systems.

How do distributed denial-of-service attacks work?

A malicious hacker performs a DDoS attack by exploiting flaws or vulnerabilities in a computer system (often a website or Web server) to be able to pose as the master system. When posing as the master system, the hacker is able to identify and communicate with other systems for potential further compromise.

Once the intruder has control of multiple compromised systems, he/she can instruct the machines to launch one of many flood attacks where a target system is flooded with bogus traffic requests, which will cause a denial of service for users of that system. A flood of incoming messages from the compromised systems will caused the targeted system to shut down and deny service to it, making it impossible for users to access anything, and therefore costing the organization time and money.

How to stop distributed denial-of-service (DDoS) and prevent attacks

Preventing a distributed denial-of-service attack can be difficult since it is challenging to differentiate a malicious traffic request from a legitimate one since they use identical protocols and ports. However, there are several steps you can take to protect your systems from distributed denial-of-service attacks:

• Ensure there is an excess of bandwidth on the organization's Internet connection: This is one of the easiest defenses against DDoS, but it can also be costly. Simply having a lot of bandwidth to service traffic requests can help to protect against low-scale DDoS attacks. Also, the more bandwidth an organization has, the more attackers must do to clog its connection.

• Be sure to use an intrusion detection system (IDS). Several intrusion detection systems available today are equipped with the technology to protect systems for DDoS attacks by using connection verification methods and by preventing certain requests from reaching enterprise severs.

• Use a DDoS protection product. Several vendors offer DDoS protection and prevention appliances that are specifically designed to find and thwart DDoS attacks.

• Prepare for DoS response. The use of throttling and rate-limiting technologies can reduce the effects of a DoS attack.

• Maintain a backup Internet connection with a separate pool of IP addresses for critical users. This offers an alternate path if the primary circuit is overwhelmed with malicious requests.

More on this topic

  • In this SearchSecurity.com Q&A, Ed Skoudis explains how ISPs thwart DDoS attacks.
  • Prevent DDoS attacks  by blocking and rerouting DDoS and DoS traffic using honeypots, subnets and intrusion prevention.

WEB APPLICATION ATTACK SECURITY

  Introduction: Web application security
  How to stop buffer-overflow attacks
  Prevent cross-site scripting hacks
  Stopping SQL injection hack attacks
  Distributed denial-of-service protection
This was last published in January 2010

Dig Deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Connection verification can be quite effective. Another effective technique is IP profiling and counting of connection attempts. In such a case, some method of comparing the expected average connection type and volume to current conditions becomes essential. Still, even with such advanced algorithms, it is nearly impossible to determine with perfect certainty whether a connection attempt is valid traffic or coming in as part of a coordinated DDoS attack.

Read Security Corner for practical security tips.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close