What are DDoS attack? How To Defend Against Them?

You may have heard of a DDoS (distributed denial-of-service) attack in the news as a method used by malicious hackers to attack a website. It's possible you've even experienced the effects of a DDoS attack yourself.If you host a website or other online service, being aware of the dangers of a DDoS attack can help you prevent one, or mitigate the damage they can incur.

A New Type Of Warfare

A WikiLeaks story from 2010 has redefined DDoS attacks as a legitimate form of protest. Computing expert Richard Stallman has gone on record saying DDoS attacks are "the Internet equivalent of a mass demonstration." Stallman defines such "demonstrations" as being separate from hacking or cracking, and compares them with harmless demonstrations that temporarily closed down several British stores recently, in order to highlight corporate tax evasion.

Distributed Denial of Service Attacks

Sometimes a cracker uses a networkof zombie computers to sabotage a specific Web site or server. The idea is pretty simple -- a cracker tells all the computers on his botnet to contact a specific server or Web site repeatedly. The sudden increase in traffic can cause the site to load very slowly for legitimate users. Sometimes the traffic is enough to shut the site down completely. We call this kind of an attack a Distributed Denial of Service(DDoS) attack.

Ways To Defend Against DDoS Attack

1. Develop a checklist for standard operating procedures to follow in the event of an attack, including maintaining a checklist of contact information for internal firewall teams, intrusion detection teams and network teams, as well as for service providers. Identify who should be contacted during an attack, what processes should be followed by each and what information is needed.
2. ISPs and hosting providers might provide mitigation services. Be aware of the service-level agreement provisions.
3. Identify and prioritize critical services that should be maintained during an attack so IT staff will know what resources can be turned off or blocked as needed to limit the effects of the attack.
4. Ensure that critical systems have sufficient capacity to withstand an attack.
5. Keep network diagrams, IT infrastructure details and asset inventories current and available to help understand the environment. Have a baseline of the daily volume, type, and performance of network traffic to help identify the type, target and vector of attack. Identify existing bottlenecks and remediation actions needed.
6. Harden the configuration settings of the network, operating systems and applications by disabling unnecessary services and applications.
7. Implement a bogon (bogus IP address) block list at the network boundary to drop bogus IP traffic.
8. Employ service screening on edge routers where possible to decrease the load on stateful security devices such as firewalls.
9. Separate or compartmentalize critical services, including public and private services; intranet, extranet, and Internet services; and create single-purpose servers for services such as HTTP, FTP, and DNS.