There are so many types of security issues for businesses to worry about it’s hard to keep up. One very common one is known as a Denial of Service Attack (DoS) or Distributed Denial of Service Attack (DDoS). These types of attacks affect organizations’ resources and websites and ultimately can disrupt business.
What Is A DoS or DDoS Attack?
Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks are unfortunately very common these days but what are they? A DoS attack is a type of cyber attack where a hacker makes a machine or resource unavailable to its intended users. This resource could be a specific machine, network, website, or other valuable resource. In a DoS attack, this is accomplished by flooding the targeted resource with more requests than it can handle. This overloads the object of the attack and prevents legitimate requests from being recognized or crashes the services of the target resource entirely.
A Distributed Denial of Service (DDoS) attack is basically the same as a DoS attack with one major difference. Where a DoS attack originates from one source or person, a DDoS attack comes from many different sources at once. It is usually unleashed by a group of people or bots, called Botnets, and makes it very hard to stop the attack due to the inability to locate all the sources. DDoS attacks are also the most damaging of the two attacks because the origins are so hard to locate and stop.
DoS or DDoS attacks are just like having a group of people or things block an opening of a business and not letting any real customers get inside. Usually these types of attacks are aimed at the web-servers of big businesses like banks or credit card payment gateways. The motives DDoS attacks are usually to get money via blackmail, seek revenge for a wrong that the attacker feels has been done to them, or to make a political statement of some kind.
How To Prevent
As you can imagine, DoS or DDoS attacks can not only be very disruptive but they can also be very damaging to a business. So how can a business prevent these types of attacks? While there is no such thing as a totally secure system that can’t be attacked, there are things you can do to help mitigate a full-out DoS or DDoS attack in your business.
The nature of a DoS or DDoS attack is to overwhelm your network so legitimate traffic can’t get through to your business’ resources. The smaller your bandwidth the easier it will be for the baddies to clog up and overwhelm your resources thus keeping your customers from being able to get to your services. Making sure your organization has more bandwidth than is needed to run the business will not prevent an attack, however it will give you more time before your resources are shut down.
Some larger companies, that have the budget to pay for large amounts of bandwidth, might even be able to prevent the attack from being successful using this method if the hacker cannot create enough traffic to overwhelm the entire bandwidth. So, although this might not be a perfect solution for smaller organizations with lower budgets, it is an option that can at least slow down the attack.
Spread Your Resources
Organizations that are most vulnerable to these types of attacks tend to have all their resources in one basket. While this may make daily maintenance easier, it also makes a DoS or DDoS attack easier too. The best solution for this vulnerability is to spread your organization’s resources across multiple data centers. This will ensure that if one of your company’s resources is taken offline by an attack, it will have backup somewhere else so that your business doesn’t come to a full stop.
So where can you store these resources? This is where the cloud can be a lifesaver. There are many cloud services that will host your services in many different data centers across the globe at once. Amazon AWS, Microsoft Azure, and Google Cloud Compute are just a few examples of companies offering business cloud services. Setting up this type of service can go a long way in providing a measure of security and confidence that your business won’t be shut down for long if an attack occurs.
Have A Plan
Knowing what to do should an attack be underway is vital to minimizing and stopping immense damage from happening. Making sure your organization has systems in place that alert the proper internal contacts should it notice a big increase in traffic to your resources is not only a good idea but a vital one for every business. This is one of several best practices that all organizations should have in place from the start.
Also, having a plan of action and practicing that plan will help all members of your organization understand and know how to react in the event of a DDoS attack. Knowing how to react quickly and correctly can save your organization a lot of time, money, and grief so make sure you have a plan and everyone knows their role in it.
For help in this area, check out this great Network DDoS Incident Response Cheat Sheet here.
Keeping all hardware and software up to date all the time is one of the best things you can do to prevent any type of security event. Many updates contain settings that help mitigate a security incident from happening. However, it you don’t keep things updated you won’t have those options available to you. Make sure updating your organization’s software and hardware is a regularly scheduled task that takes top priority.
How To Respond
Implement A Security Incident Plan
As soon as a DDoS attack, or any other attack for that matter, is detected it is vital that the Security Incident Plan be implemented immediately. Time is of the essence with any security breach and the quicker your organization reacts the less the extend of damage to your business resources and clients.
If your company has been diligent with educating its employees on their roles in the Security Incident Plan everyone will know what to do, when to do it, and how to proceed during an actual event. This alone will save a lot of headaches.
Contact Your ISP or Hosting Provider
As soon as your organization begins to suspect a possible DDoS attack, it is vital to call your internet service provider (ISP) or hosting provider and ask them to help. Make sure you have the emergency contacts for these services on hand at all times. Your ISP or hosting provider has tools and techniques that it can use to steer the malicious traffic away from your servers and get your organization back online quickly and efficiently.
Create An Incident Report
After the attack is over and services have been restored it is very important to create an incident report explaining exactly what happened, how your organization responded to the attack, and how your organization will stop this type of thing from happening in the future. Doing this will restore your credibility and help ease your clients’ and stockholders’ fears about possible future issues. It is important to make this report one that uses non-technical language so everyone is clear about what happened and what your organization is doing to prevent it from happening again in the future.
For a great example of this type of announcement, check out the statement made by Dyn here after it suffered from one of the biggest DDoS attacks in history. This attack took out Reddit, Twitter, and Netflix all at the same time.
As you can see, although there is no silver bullet to prevent attacks from ever happening, there are things your organization can do to help deter or reduce many of these attacks. For a more in depth study on what you can do to get through a DDoS attack with as much ease as possible check out this report by the SANS Institute called Preparing To Withstand A DDoS Attack here.
Security breaches can be scary and frustrating, but there are experts that can help you secure your business infrastructure. If your business has fallen victim to a security breach or you would just like more information on how to secure your business from possible cyber attacks, click here to contact our team of experts at Data One Networks.