A DDoS or Distributed Denial of Service Attack is an illegitimate effort of a person or group to make your computer network or websites unavailable to its user group. In case of a DDoS attack your computer network or website may stop functioning temporarily or permanently. DDoS attacks are biggest threat to network security.
This article is about how to prevent a computer network or website from DDoS attacks.
If you are experiencing any one the following symptoms, this may be a DDoS attack.
1. You are getting millions of zillions of spam email in your email address attached with the network or website.
2. Network performance is pathetic, opening files and loading a website suddenly turned a nightmare.
3. A particular website is not available for very long time, given your hosting server is not under maintenance.
If you experience any one of these symptoms, this is a probable DDoS attack. Don’t panic you can prevent against these.
Use Firewalls like Open BSDs pf(4) packet filter; these acts like a connection proxy. For other BSDs its called synproxy. Ordinary firewalls won’t be able to protect in case of attack on port 80 web service.
Use Clean Pipes to prevent against DDoS Attacks. You can buy these from providers like Tata Communications and Verisign etc. When you use Clean Pipes, all traffic request passes through a cleaning center where bad traffic and good traffic differentiated. Central internet connectivity is a must to use these services.
Use Intrusion Prevention System (IPS) to Stop DDoS Attacks. These systems are effective when DDoS attacks bears signature. However, an IPS not works with behavior based DoS attacks where legitimate is used with bad intentions. A rate based IPS i.e. RBIPS perfect choice to let in legitimate traffic and throw out illegitimate request.
Use DoS Defense i.e. DDS from DDoS Protection. A DDS can handle both rate based attacks and protocol attacks. Also a DDS is able to prevent against connection based DDoS attacks and those associated with legitimate content but with bad intentions.
Use Sinkholding against Blackholding DDoS attacks. In case of DNS or IP address DDoS attack al request are sent to a not actually existing web server or black hole. This can be successfully managed by ISP using Sinkholding which is capable in rejecting bad requests.
Use Application Front End Hardware to stop DDoS attacks. These can be used with switches and routers. When a request approaches to server, the application front end hardware distinguishes between good traffic and bad traffic and mark them as priority, regular and dangerous.
This article is about how to prevent a computer network or website from DDoS attacks.
Identify a DDoS
If you are experiencing any one the following symptoms, this may be a DDoS attack.
1. You are getting millions of zillions of spam email in your email address attached with the network or website.
2. Network performance is pathetic, opening files and loading a website suddenly turned a nightmare.
3. A particular website is not available for very long time, given your hosting server is not under maintenance.
If you experience any one of these symptoms, this is a probable DDoS attack. Don’t panic you can prevent against these.
Preventing Against DDoS attacks
Use Firewalls like Open BSDs pf(4) packet filter; these acts like a connection proxy. For other BSDs its called synproxy. Ordinary firewalls won’t be able to protect in case of attack on port 80 web service.
Use Clean Pipes to prevent against DDoS Attacks. You can buy these from providers like Tata Communications and Verisign etc. When you use Clean Pipes, all traffic request passes through a cleaning center where bad traffic and good traffic differentiated. Central internet connectivity is a must to use these services.
Use Intrusion Prevention System (IPS) to Stop DDoS Attacks. These systems are effective when DDoS attacks bears signature. However, an IPS not works with behavior based DoS attacks where legitimate is used with bad intentions. A rate based IPS i.e. RBIPS perfect choice to let in legitimate traffic and throw out illegitimate request.
Use DoS Defense i.e. DDS from DDoS Protection. A DDS can handle both rate based attacks and protocol attacks. Also a DDS is able to prevent against connection based DDoS attacks and those associated with legitimate content but with bad intentions.
Use Sinkholding against Blackholding DDoS attacks. In case of DNS or IP address DDoS attack al request are sent to a not actually existing web server or black hole. This can be successfully managed by ISP using Sinkholding which is capable in rejecting bad requests.
Use Application Front End Hardware to stop DDoS attacks. These can be used with switches and routers. When a request approaches to server, the application front end hardware distinguishes between good traffic and bad traffic and mark them as priority, regular and dangerous.
Comments