DDoS Protection: How to Survive a DDoS Attack

DDoS Protection: How to Survive a Distributed Denial of Service Attack

You’re sitting at your desk when the first notification arrives. Uptime monitoring has detected unusually long response times for the servers hosting the business’s primary web app. Soon after, your manager calls to say customer support is getting complaints—many users can’t sign in and the app is slow for those who can.  You try to open the app to see for yourself, but the browser times out. 

With increasing concern, you check the network monitoring dashboard, which shows the app struggling to cope with thousands of connections from hundreds of IP addresses in locations around the world. You are the target of a massive Distributed Denial of Service (DDoS) attack. Ten minutes later, all customer-facing services go offline.

DDoS attacks can devastate a business, and any company that depends on IT infrastructure is vulnerable. There were more than 5.4 million DDoS attacks in the first half of 2021, costing $20,000 to $40,000 per hour. The good news is that DDoS protection services can mitigate the worst consequences, but only if businesses prepare before the attack hits. 

What is a DDoS Attack?

Denial of Service attacks exploit the fact that server and network resources are limited. No service has infinite resources, and, even if that were possible, the cost would be astronomical. Bad actors exploit these limitations with attacks that consume a service’s available resources, leaving it unable to serve legitimate users.

The “Distributed” in Distributed Denial of Service indicates that the attack comes from many directions at once. Attackers also have resource limits, and it’s straightforward to block attacks coming from a single source once it’s identified. In a DDoS attack, the attacker uses thousands of hacked servers known as bots to access massive amounts of bandwidth and computational power. 

DDoS attacks are much more difficult to mitigate because the source is constantly changing. Their distributed nature  also allow attackers to access many times the bandwidth. Last November,  the biggest ever DDoS attack leveraged 10,000 hacked devices to generate 3.7 terabytes per second—a flood of data that threatens even the biggest and most well-resourced online services.  

5 DDoS Mitigation Strategies

Stopping DDoS attacks at the source is beyond the capabilities of most businesses. However, it is possible to implement DDoS protection strategies, also known as DDoS prevention or DDoS mitigation, to help your services to survive a DDoS attack.  

1. Reduce Infrastructure Exposure to DDoS Attacks

The first step is to limit your service’s attack surface area. Attackers will exploit any opportunity. For example, WordPress websites expose an XML-RPC endpoint and a REST API. These are useful, but they can be targeted in DDoS attacks. If they aren’t used, they should be disabled. The same goes for unused network services, ports, protocols, and applications on your servers. 

2. Hide Key Services from the Internet

Businesses can use several strategies to protect origin servers by placing them behind resilient front-line services that take the brunt of a DDoS attack. They include content distribution networks, load balancers, and bastion servers. 

A content distribution network (CDN) is a geographically distributed cache. A service’s assets are cached on many servers worldwide. Users access the assets from their nearest cache and not the server hosting the service. One benefit of using a CDN is that it reduces traffic to the origin server and distributes it to multiple sources that can better cope with excess traffic. 

Load balancers distribute traffic over multiple origin nodes which are not directly connected to the internet. The load balancers can be used to monitor and drop potentially malicious traffic, and the origin servers behind the load balancers can be scaled to handle increasing resource demands. 

Bastion servers perform a similar function for businesses that want to expose potentially vulnerable services without putting origin servers at risk. For example, an SSH bastion server mediates SSH access to servers hosting an application. Only the bastion server is impacted if the SSH service comes under attack. 

3. Deploy Web Application Firewalls

Web applications firewalls (WAFs) monitor web app traffic and block malicious connections. Standard firewalls operate at the network layer. They can, for example, block all incoming connections to a specific port, but blocking all HTTP requests would knock a targeted website offline.

A WAF, in contrast,  blocks malicious HTTP traffic at the application layer. They offer a more flexible approach to DDoS mitigation based on the nature and contents of individual web requests. For example, a WAF could block malicious requests targeting and overloading a log-in page. 

4. Leverage Infrastructure Redundancy and Scaling

Until other DDoS mitigation strategies are implemented, a business’s only option may be to scale resources to absorb the additional traffic. Scaling can be an expensive proposition, but if an online service is essential to your business’s operations, growing server resources and network bandwidth will ensure that users can still access it. 

It’s worth noting that not all hosting providers can scale to support large DDoS attacks. Smaller hosting providers may instead take services offline to protect their network. Larger cloud providers like AWS and Microsoft Azure can scale to absorb large attacks, but even they struggle to accommodate very high bandwidth denial of service attempts. 

5. DDoS Protection Services

Finally, your business can utilize specialist DDoS protection and DDoS mitigation services. These often function much like a CDN. The DDoS mitigation provider’s infrastructure acts as an intermediary layer between your infrastructure and the internet. Their software detects DDoS attacks and drops suspect traffic before it reaches your infrastructure. Some of the best-known DDoS mitigation services include Cloudflare, AWS Shield, Fastly, and Akamai

How KirkpatrickPrice Helps Businesses To Secure Online Services

DDoS attacks are only one of the many security threats companies face in 2022. KirkpatrickPrices helps businesses to maintain security and compliance with services that include:

Contact an information security expert today to begin your journey to more secure online services.