Tip

Distributed denial-of-service protection: How to stop DDoS attacks

A distributed denial-of-service (DDoS) attack can be detrimental to an organization, costing it time and money, by forcing corporate systems to essentially shut down. In this tip, gain a better understanding

    Requires Free Membership to View

    Login

of how distributed denial-of-service attacks work, the damage they can do and how to stop DDoS attacks from causing harm to enterprise servers and systems.

How do distributed denial-of-service attacks work?
A malicious hacker performs a DDoS attack by exploiting flaws or vulnerabilities in a computer system (often a website or Web server) to be able to pose as the master system. When posing as the master system, the hacker is able to identify and communicate with other systems for potential further compromise.

Once the intruder has control of multiple compromised systems, he/she can instruct the machines to launch one of many flood attacks where a target system is flooded with bogus traffic requests, which will cause a denial of service for users of that system. A flood of incoming messages from the compromised systems will caused the targeted system to shut down and deny service to it, making it impossible for users to access anything, and therefore costing the organization time and money.

For more information:
In this SearchSecurity.com Q&A, Ed Skoudis explains how ISPs thwart DDoS attacks.

Prevent DDoS attacks  by blocking and rerouting DDoS and DoS traffic using honeypots, subnets and intrusion prevention.

 

How to stop distributed denial-of-service (DDoS) and prevent attacks
Preventing a distributed denial-of-service attack can be difficult since it is challenging to differentiate a malicious traffic request from a legitimate one since they use identical protocols and ports. However, there are several steps you can take to protect your systems from distributed denial-of-service attacks:

• Ensure there is an excess of bandwidth on the organization's Internet connection: This is one of the easiest defenses against DDoS, but it can also be costly. Simply having a lot of bandwidth to service traffic requests can help to protect against low-scale DDoS attacks. Also, the more bandwidth an organization has, the more attackers must do to clog its connection.

• Be sure to use an intrusion detection system (IDS). Several intrusion detection systems available today are equipped with the technology to protect systems for DDoS attacks by using connection verification methods and by preventing certain requests from reaching enterprise severs.

• Use a DDoS protection product. Several vendors offer DDoS protection and prevention appliances that are specifically designed to find and thwart DDoS attacks.

• Prepare for DoS response. The use of throttling and rate-limiting technologies can reduce the effects of a DoS attack.

• Maintain a backup Internet connection with a separate pool of IP addresses for critical users. This offers an alternate path if the primary circuit is overwhelmed with malicious requests.


WEB APPLICATION ATTACK SECURITY

  Introduction: Web application security
  How to stop buffer-overflow attacks
  Prevent cross-site scripting hacks
  Stopping SQL injection hack attacks
  Distributed denial-of-service protection


 

This was first published in January 2010

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top