1. Efficiency
DDoS is a war of attrition ? efficient use of resources is a key defence. Applications need to be designed from the ground up with efficiency in mind:
- well architected and designed
- efficient code and algorithms
- proper memory allocation and clean up
- configurable time outs and resource restrictions
====================================
2. Excess Capacity
If your site is running at 90% capacity with normal traffic ? it is a sitting duck for a DDoS attack.
The more excess capacity (throughput) you have the better ? cloud infrastructure that allows you to dynamically add capacity is ideal
====================================
3. Testing and Planning
DDoS attacks can be simulated as part of performance testing. Testing helps you to understand how your application bares the stresses of a DDoS ? so that you can plan a defence
====================================
4. Layer 4 Network Equipment
Switches and routers generally built in defences for layer 4 attacks.
Effective layer 4 defences include bogus IP filtering, traffic shaping, TCP splicing and rate limiting. Work with your ISP or network equipment vendor to understand the features of your network.
====================================
5. Bandwidth Management
Bandwidth management hardware allows you to classify incoming traffic as priority, regular or dangerous. It event of a DDoS attack non-priority requests can be dropped
====================================
6. Intrusion Detection Systems (IDS)
IDS look for attack patterns in incoming traffic and can drop suspicious packets.
====================================
7. Custom Defence
Many layer 7 attacks require a custom on-the-fly defence. Typically, web developers analyse traffic patterns for irregular:
- IPs
- request signatures
- http headers
- form parameters
Once a pattern is determined filters can be implemented on the web server to drop matching requests
====================================
8. Blackholing and Sinkholing
Severe DDoS attacks may require Blackholing ? sending all requests to a non-existent server. This brings the website down but relives the pressure on the server.
Sinkholing sends all requests to a logger that logs some statistics and then drops the requests. Sinkholing can help developers establish attack patterns
====================================
No comments:
Post a Comment