The first step in any DDoS plan is to evaluate the potential cost of disruption to the different elements within your IT systems.A denial-of-service (DoS) is an attempt to make a machine or network resource unavailable to its users.
For many businesses, that translates as an attempt to overload your website with spam traffic, with the aim of sending it offline. DDoS simply means distributed denial-of-service, or, in other words, many different computers bombarding your site at once in order to be more effective in their goal, and harder to identify and stop.
The impact of a DDoS attack on a corporate blog, for example, will be a lot less than a website that is your main revenue generator, or a system that is a lynchpin in your operations. The higher the impact of a DDoS attack, the more justified time and money invested in protection.
Mitigating the risk of DDoS attacks means understanding your hosting architecture. Once you have evaluated the elements within your IT systems, understand where they reside on your servers. By knowing which server ports relate to business-critical services, you can ask your hosting provider to close down non-critical ports once you know that you are under attack.
Speak to your hosting provider to understand the steps and the delay involved in making this request, as well as the price of any system administration provided.
Now lets consider those critical components, like your website.
An overhead of server and network capacity will allow your systems to handle surges in traffic, whether caused by DDoS or spikes in demand for your services, but comes at a price. The distributed and sophisticated nature of DDoS attacks means that firewalls do not provide comprehensive protection –
Firewalls do not necessarily detect traffic anomalies, only filter out known bad traffic, while the inline nature of Firewalls means they are actually a target of DDoS attacks that seek to saturate their capacity and cause a failure.
Instead, more sophisticated DDoS protection solutions are needed.
These may take the form of data center hardware, offered by providers like Cisco, or network level solutions like Incapsula that are more suitable for servers hosted in a third party data center with a hosting provider.
Network level solutions like Incapsula are useful because much of the cost incurred is only incurred with your consent at the moment of an attack. These solutions use a variety of traffic anomaly detection, content delivery networks and traffic filtering to both reduce the impact of DDoS and provide the bandwidth capacity to cope with the attack.
Since volume attacks can be measured in Mbps (megabits per second), network level solutions like Incapsula are priced according to the level of protection required at a given moment in time, itself determined by the gravity of the attack and the capacity of your network to cope with the traffic surge.
