Website downtime can be very expensive, particularly if it occurs at a critical moment. This means that anyone who manages a business website needs to give serious thought to DDoS attack protection. Here is a quick guide to what you need to know.
The basics of DDoS
In the early days of the internet, there were denial of service (DoS) attacks. These involved a single computer sending a stream of traffic to a website. Back in the time of dial-up modems, these were a serious threat. As internet connections improved, however, they lost their power.
Sadly, however, cybercriminals redeveloped them into what are now known as infrastructure-level DDoS attacks. These use chains of compromised devices, known as botnets, to flood websites with traffic. These attacks are pure brute force and although they can be devastating while they last, they don't tend to last very long. This is because it usually only takes a little effort to work out the common factor(s) in the attacking traffic and take steps to deal with it.
Cybercriminals, therefore, stepped up another gear and created what are now known as application-level DDoS attacks. These are massively subtler than their predecessors and hence need more technical skills to undertake.
The aim of an application-level DDoS attack is not to bring a whole website to its knees but to cripple a high-value part of it such as a login page or a payment page. Essentially, the idea is to hit the right balance between doing as much damage as possible and staying undetected for as long as possible.
Delivering effective DDoS attack protection
If you want to deliver effective DDoS attack protection, then you need to address both kinds of DDoS attacks. Here are some measures you should consider.
Buying plenty of bandwidth
Counterintuitive as this may sound, bandwidth is actually a lot more valuable against application-level DDoS attacks than it is against infrastructure-level DDoS attacks. This is because very few SMBs can afford (or justify) the sort of bandwidth you need to make life really difficult for cyberattackers using this strategy. By contrast, even the smallest SMB can probably afford enough bandwidth to cushion at least part of the impact of application-level DDoS attacks.
The good news is that bandwidth doesn't just offer protection against your website being crippled by DDoS. Having plenty of bandwidth also creates a smoother, pleasanter experience for your website’s customers. It can also boost your search engine ratings. Search engines measure both page load-speed and user-reaction to content. If they detect either slow loads or that users aren’t really engaging with your content (because it’s not loading), they will penalize you.
Getting the right security defenses
You need a web applications firewall and it can be a good idea to sign up for a DDoS mitigation service. Generally, the most practical way to get a web applications firewall is as part of a website vulnerability scanning service. This will get you an anti-malware scanner as well and generally some additional functionality.
You need both services for any business website, but in the context of DDoS, it’s the WAF that matters. It will monitor your incoming (and outgoing) traffic and alert you to anything suspicious. Firewalls can and should also be used to filter traffic. This can be done through whitelisting (only permitting traffic which is known to be safe) and/or blacklisting (blocking suspicious traffic). These days, it usually involves a combination of both and you should be prepared to spend some time fine-tuning your firewall settings to get it absolutely right.
In principle, your WAF can be used for protection against both infrastructure-level DDoS attacks and application-level DDoS attacks. In practice, a regular firewall is only likely to be effective against application-level DDoS attacks. Modern infrastructure-level DDoS attacks are increasingly likely to be too much for the average firewall to handle on its own. That’s where a DDoS mitigation service comes in.
A DDoS mitigation service is very similar to a firewall, except it’s optimized for DDoS attacks and only activates when these are detected (and your firewall can’t cope on its own). They can be invaluable for handling the large volumes of traffic generated by infrastructure-level DDoS attacks. If you’re running a larger website with a lot of traffic, they can even be useful for application-level DDoS attacks.
Build resilient infrastructure and applications
When building either infrastructure or applications, you should focus on security, decentralization, and efficiency. For infrastructure, you should incorporate as much capacity as you can afford. For applications, you should keep functionality down to the minimum necessary to achieve the intended goal.
Please click here now to have your website scanned, for free, by cWatch from Comodo.