First, consider increasing bandwidth and server performance. DDoS attacks attempt to overwhelm available resources so additional resources will allow you to withstand greater attacks. This involves having more server space or bandwidth than necessary. Such over-provisioning addresses the number one problem brought on by a DDoS attack, link and equipment saturation. Unfortunately, it can be difficult to determine how much extra hardware and bandwidth is necessary to sustain an attack as even some of the largest companies have succumbed to DDoS attacks. When attacks fail, attackers often gather a larger bot army and try again.
Traffic Filtering
Consider configuring your firewall or IDS (Intrusion Detection System) to filter DDoS traffic, if the functionality is available, or consider upgrading to a system that does. DDoS traffic filtering devices prevent SYN, TCP Flooding and other types of DDoS attacks. Such devices typically analyze TCP flow control, conduct packet filtering and utilize blacklists and whitelists.
Real Time Monitoring
Another way to protect your data against a DDoS attack is through real-time monitoring. Real-time monitoring can identify a DDoS attack early. Such a system must be actively monitored so that action can be taken quickly to resolve the situation. DDoS attacks can ramp up quickly so administrators might not have much time to respond once an alert comes in. Integration of site and device monitoring with SIEM can leverage existing technology to protect against this attack.
how does a ddos attack work?
It should be noted that not all DDoS attacks happen immediately. Some attacks develop slowly so that they will not be noticed as easily. They gradually increase the number of requests made to resources until the resources become unavailable. It is important to have baselines of system performance and expected use so that these can be compared to active data in order to classify traffic as legitimate or a potential DDoS attack.
Consider monitoring log file sizes and growth rates. Some monitoring tools will create a more critical event and alert when a large number of informational events are generated so that administrators can stay on top of problem areas. Informational events might not appear in reports and individually they would not indicate a problem but collectively they could indicate a DDoS attempt or some other hacking activity.
Traffic Filtering
Consider configuring your firewall or IDS (Intrusion Detection System) to filter DDoS traffic, if the functionality is available, or consider upgrading to a system that does. DDoS traffic filtering devices prevent SYN, TCP Flooding and other types of DDoS attacks. Such devices typically analyze TCP flow control, conduct packet filtering and utilize blacklists and whitelists.
Real Time Monitoring
Another way to protect your data against a DDoS attack is through real-time monitoring. Real-time monitoring can identify a DDoS attack early. Such a system must be actively monitored so that action can be taken quickly to resolve the situation. DDoS attacks can ramp up quickly so administrators might not have much time to respond once an alert comes in. Integration of site and device monitoring with SIEM can leverage existing technology to protect against this attack.
how does a ddos attack work?
It should be noted that not all DDoS attacks happen immediately. Some attacks develop slowly so that they will not be noticed as easily. They gradually increase the number of requests made to resources until the resources become unavailable. It is important to have baselines of system performance and expected use so that these can be compared to active data in order to classify traffic as legitimate or a potential DDoS attack.
Consider monitoring log file sizes and growth rates. Some monitoring tools will create a more critical event and alert when a large number of informational events are generated so that administrators can stay on top of problem areas. Informational events might not appear in reports and individually they would not indicate a problem but collectively they could indicate a DDoS attempt or some other hacking activity.
Comments
Post a Comment