The last thing an administrator wants to deal with is a Distributed Denial of Service (DDoS) attack. Yet, together with the recent rise of hacktism, DDoS attacks are increasingly becoming a threat that IT admins need to prepared for.
Just recently, the CIA’s main website was allegedly brought down by a DDoS attack launched by Anonymous. DDoS attacks work by essentially leveraging the power of hijacked computer systems (through the use of botnets, for example) to send a huge amount of traffic to a single designated target. This simple concept can be frighteningly effective in bringing down huge sites.
The worst thing about DDoS attacks is that they do not prey on the victim’s weaknesses; therefore being cautious and using the right tools and protection, as in the case of hacking attacks, is not enough.
Despite the threat, there’s still an effective way to protect your network against these attacks – network design decisions. A DDoS is nothing more than a never-ending stream of requests from a large number of sources. The only way to protect against this is by having a system to identify the DDoS source and block it.
This is easier said than done. Identifying the source of a DDoS attack can be tricky and, in most cases, involves tweaking an intrusion detection system (IDS) to differentiate between legitimate requests and attacks. Testing its effectiveness is not easy either. In any case, this will cause quite a few false positives.
Once an attack source is identified, all you need to do is configure the Firewall to block that source until the attack stops. Even so, if your Internet bandwidth is overwhelmed by requests, your site will still probably be inaccessible.
And it doesn’t end here; if you’re the target of a DDoS attack, the next problem to deal with is your Internet Service Provider (ISP). If the attack is large enough, the ISP may opt to cut your route out of the system to save bandwidth and avoid degrading performance for other customers. In this case, the consequences may be worse than the actual impact of the DDoS attack itself as your downtime is likely to be longer. For this reason, you may want to check what your ISP polices on DDoS attacks are before signing up for the service.
Ironically, the ISP also happens to be your best ally in the event of a DDoS attack since their infrastructure is most likely to have the capability to handle the huge amount of traffic if the Firewall is hosted on their systems rather than at your end. This is also something you might want to explore with the ISP.