Understanding DDoS Attacks and Your Mitigation Options

Distributed Denial of Service (DDoS) attacks are becoming more commonplace. Major organizations, individuals, and websites representing various ideologies and concepts can fall victim to the attacks.

It’s not just corporate espionage or making yourself the target of a hacker. Sometimes it’s just being noticed by a random troublemaker, or random troublemakers turning their shenanigans into a business.

Mitigation is key. There is no perfect defense and no easy way to hide yourself from random encounters with cybercriminals, but there are ways to lessen the blow and make yourself an annoying target.

Here are a few DDoS concepts to help you understand the threat, your mitigation options, and ways to move forward after an attack.

What is DDoS Mitigation?

DDoS mitigation is any method used to block or lessen the impact of a DDoS attack.

The wording is extremely important. In the early days of widely available computers, an “all or nothing” concept of perfect defense caused incorrect assumptions of what could be done against hackers.

In short, many high-profile leaders expected to be fully protected from hackers as long as they hired the right nerds. Unfortunately, better defenses are simply a challenge that needs to be defeated.

Modern cybersecurity, in general, is about having powerful defenses but also having a plan for rolling with the punches. People who fight against cybercrime will produce the same results whether they’re told to make a perfect defense or mitigate.

The wording is instead designed to protect the victim. Incorrect expectations and a lack of an after-action plan can be devastating since a business that sits around while waiting for a fix is wasting resources.

With DDoS mitigation, you can learn how to shift your business posture. Just as many businesses need a plan for hurricane seasons, civil turmoil, or other periods of uncertainty, you need a mitigation plan to weather cyber troubles.

Cybersecurity professionals can configure multiple methods to slow, deter, and rebuild digital systems after an attack, but does the rest of your business have tasks in place during network downtime?

As you look through the upcoming mitigation options, think of how your technology planning can work with–and even grow from–a cyber awareness mentality that embraces mitigation.

Understanding DDoS Attack Types

Volume-based

During a volume-based DDoS attack, it’s all about flooding with packets or connection attempts. The flood is designed to take up as much of your network’s bandwidth–the network capacity, essentially filling the digital pipeline that transfers data–until nothing else can be done.

When the network is full of invalid data, your data has to get in line and wait. It’s no different than trying to use the internet at home while someone else is downloading a big file.

Currently, this is accomplished using a botnet. A botnet is a group of computers that are infected with malware that loads up all the tools needed to be controlled by the attacker.

These computers are called zombies and can be used to flood a single target or multiple targets depending on the attacker’s plan. Attacking a single target isn’t always the goal; like anything else in real-life conflict, strategy is important.

The attacker could go after one of your assets to distract your response time when they’re really going after something else, or the attacker may simply want to slow down multiple targets rather than completely end their operations.

Application-based

Application DDoS flood attacks go after specific applications rather than going after network equipment. It’s about specificity here, since the attacker may not have enough zombie computers to take down an entire network.

If they can overflood a mail server, an online game’s login server, or a specific application that they know you need, their mission is a success.

 Protocol-based

Protocol-based attacks are specific to layers 3 and 4 of the OSI model: segments and packets.

Protocols are rule-sets or policies governing how to handle network information. Protocols are usually always on and publicly available, with little defense since many public connections need to use the protocols.

One of the popular protocol-based attacks is the SYN flood, which uses the connection that every website visitor needs in order to establish a connection. This is essentially sending a horde of invaders to knock on the doors of your business.

Too many fake visitors will stop or slow legitimate visitors since it’s hard to push through the invading crowd.

DDoS Attacks Mitigation Strategies

Leverage the Cloud

Become a moving target. When your services are on the cloud, you have the flexibility to move your services to another place in the cloud.

If you own your service hardware or have web services on a specific machine, it’s harder for you to simply switch IP addresses or move other location details. The time it takes for you to move is time that legitimate users can’t access services.

DDoS hackers factor in your response downtime as a part of their win, and they’re not wrong. The time it takes you to fix a problem is money, and your goal is to cut down time reasonably.

Cloud computing also allows the rapid deployment of other mitigation techniques. Not all DDoS mitigation comes from hardware solutions, so if there’s a networking technique or software option, it’s easier to load through the cloud.

Secure Your Network Infrastructure

If you’ve never dealt with DDoS attacks or never worked on your network’s security, there are a few bare basics to contend with:

  • Close unused ports.
  • Change default passwords.
  • Secure any wireless networks, even if they don’t provide direct network access.
  • Disable unused physical ports such as USB and eSata.
  • Physically cover unused ports on machines with sensitive access.
  • Restructure your users in a security clearance-like process using Access Lists.

 

 Protect DNS Servers

Domain Name System (DNS) servers are highly vulnerable in the same way that protocols and ports are. A specific attack called a DNS amplification involves sending a DNS query with the victim’s IP address by spoofing or faking their own address.

A constant barrage of fake requests and failed attempts at responding to the attempts leads to slower performance and failure, simply through the constantly reflecting requests.

It’s an echo chamber of chaos that floods bandwidth like so many other DDoS attack methods. To mitigate DNS amplification, you can limit the response rate, block certain servers, or open recursive relay servers.

DDoS is here to stay, and it’s an easy way to annoy or severely damaged networks.

As time goes on, the Internet Service Providers (ISP) will figure out ways to prevent users from abusing their bandwidth. Unfortunately, state-level actors and unscrupulous ISPs will still be a problem.

For now, you need a partner in mitigating against these damaging attacks. Partner with a web hosting company that offers best in class security.