DDoS Attacks: How to Protect Customers

**Editor’s Note: Click here for access to our in-depth report on preventing and recovering from DDoS attacks.**

Don’t let a distributed denial-of-service (DDoS) attack bring your customer’s business to its knees.

This one-stop slide show defines DDoS, offers tips on how to prevent it, mitigate the impact and help to keep it from happening again.

**Source material by Michael Cobb**

Follow senior online managing editor Craig Galbraith on Twitter.

A denial-of-service attack can be one of the most disruptive security breaches that a business will face. This is where a malicious hacker makes a machine, service or network resource inaccessible. In a distributed denial-of-service attack, that hacker coordinates multiple machines in a synchronized blitz against a single target.

A business that’s not a Fortune 500 company, bank or other type of high-profile target might wonder why it would be the focus of black hats. Reasons for a D-DoS attack range from hacktivism to espionage, extortion to basic vandalism. They’re tough to stop because they can be launched over the public Internet, hitting any business with a Web presence.

To help your customers fend off hackers who use DDoS as a weapon, it’s important that you have a basic knowledge of the various types of DDoS.

Volume-based attacks rely on thousands of requests – sent from botnets or compromised IP addresses – that overwhelm network bandwidth. Protocol attacks drain network resources by sending open requests that cause a system to slow down and eventually stop, unable to respond to legitimate requests. Application-layer attacks are requests that seem harmless, but can bring down a Web server.

The most basic step a partner can take to help a customer block or reduce the impact of an attack is to ensure a flexible architecture is in place. Simple firewalls and routers often prove inadequate against DDOS. Recommend high-performance D-DOS mitigation appliances. They must be able to handle both IPv4 and IPv6 traffic. Discuss the pros of the investment vs. the costs incurred from an attack. It might just keep the client viable, particularly if they’re not a large business to begin with.

Our in-depth report on DDoS highlights how Linode, a cloud hosting company, dealt with such an attack. The business realized the importance for a ‘round-the-clock ERT. For the team to be an effective, a DDoS response plan should already be in place and tested regularly. Get relevant partners, vendors and colo providers involved. Play out attack scenarios so you are ready before you come under siege.

Adopt best practices for password encryption. Add multi-factor authentication and behavior-based authenticating checks such as time and location. Segment and isolate sensitive areas of a network to keep malicious hackers from moving around in it if they do gain access. Logging and monitoring controls might be  overwhelmed during an attack but can provide forensic evidence to help piece together what else happened while security teams where tackling the DDoS. Post-attack audits and continued dialogue with customers and the media are important to reduce fallout and ensure trust so the company’s bran doesn’t take a huge hit.