A distributed denial-of-service (DDoS) attack can be detrimental to an organization, costing it time and money, by forcing corporate systems to essentially shut down. In this tip, gain a better understanding of how distributed denial-of-service attacks work, the damage they can do and how to stop DDoS attacks from causing harm to enterprise servers and systems.
How do distributed denial-of-service attacks work?
A malicious hacker performs a DDoS attack by exploiting flaws or vulnerabilities in a computer system (often a website or Web server) to be able to pose as the master system. When posing as the master system, the hacker is able to identify and communicate with other systems for potential further compromise.
Once the intruder has control of multiple compromised systems, he/she can instruct the machines to launch one of many flood attacks where a target system is flooded with bogus traffic requests, which will cause a denial of service for users of that system. A flood of incoming messages from the compromised systems will caused the targeted system to shut down and deny service to it, making it impossible for users to access anything, and therefore costing the organization time and money.
How to stop distributed denial-of-service (DDoS) and prevent attacks
Preventing a distributed denial-of-service attack can be difficult since it is challenging to differentiate a malicious traffic request from a legitimate one since they use identical protocols and ports. However, there are several steps you can take to protect your systems from distributed denial-of-service attacks:
• Ensure there is an excess of bandwidth on the organization's Internet connection: This is one of the easiest defenses against DDoS, but it can also be costly. Simply having a lot of bandwidth to service traffic requests can help to protect against low-scale DDoS attacks. Also, the more bandwidth an organization has, the more attackers must do to clog its connection.
• Be sure to use an intrusion detection system (IDS). Several intrusion detection systems available today are equipped with the technology to protect systems for DDoS attacks by using connection verification methods and by preventing certain requests from reaching enterprise severs.
• Use a DDoS protection product. Several vendors offer DDoS protection and prevention appliances that are specifically designed to find and thwart DDoS attacks.
• Prepare for DoS response. The use of throttling and rate-limiting technologies can reduce the effects of a DoS attack.
• Maintain a backup Internet connection with a separate pool of IP addresses for critical users. This offers an alternate path if the primary circuit is overwhelmed with malicious requests.
- In this SearchSecurity.com Q&A, Ed Skoudis explains how ISPs thwart DDoS attacks.
- Prevent DDoS attacks by blocking and rerouting DDoS and DoS traffic using honeypots, subnets and intrusion prevention.
WEB APPLICATION ATTACK SECURITY
Introduction: Web application security
How to stop buffer-overflow attacks
Prevent cross-site scripting hacks
Stopping SQL injection hack attacks
Distributed denial-of-service protection