
With a recent wave of attacks performed by Killnet, organizations should be on high alert and be prepared for potential DDoS attacks. A distributed denial of service attack or DDoS typically consists of many remote sources or proxies attacking an organization to render the organization’s services unusable. Because the number of sources can be significant, and the traffic may appear legitimate, these attacks can be difficult to stop.
Below are 5 ways your organization can prepare to mitigate the impact of an attack before an attack happens:
- Establish a baseline and a threshold for action. Knowing your normal resource usage rates such as bandwidth or application memory will make it much easier to spot the start of an attack. By setting a threshold rate for action, it is possible to avoid overreacting to limited spikes or minor attacks.
- Limit UDP services externally. Due to the connectionless design of UDP, it is easy to spoof sources and destinations and fire off high volumes of requests to services. These are common targets during a DDoS attack. Specifically DNS and NTP.
- Disable amplification capabilities for exposed services. A common tactic for DDoS is to request a response that generates more traffic than was sent. By doing this, attackers can consume a larger volume of bandwidth on the victim network than is required to perform the attack.
- Engage a cloud provider to scrub the traffic before it reaches your environment. There are several players in this field, and they allow companies to divert traffic to them during an attack. From there traffic is ‘cleaned’ and only valid packets are passed along. Note, it is important to tune any protection rules before an actual incident, otherwise there is a risk of unintentional blocking of valid requests.
- Check for ancillary platforms that may be needed before an attack is mitigated. For example, communications may be impacted, so how would you coordinate a response? Centralized services such as SSO may also become points of failure if they are not reachable, so special considerations may be warranted.
There is no one right response to a denial-of-service attack. As with security across the board, layers are best. Apply as many layers of protection as possible in case you find your organization under attack. Questions? Give us a call.