8 Ways To Protect Your Website From DDoS Attackposted by Anna Mar, March 15, 2011
If a DDoS attack hit your site today — what would you do about it?
There are 8 common defences for a DDoS attack.
1. EfficiencyDDoS is a war of attrition — efficient use of resources is a key defence. Applications need to be designed from the ground up with efficiency in mind:
- well architected and designed
- efficient code and algorithms
- proper memory allocation and clean up
- configurable time outs and resource restrictions
2. Excess CapacityIf your site is running at 90% capacity with normal traffic — it is a sitting duck for a DDoS attack.
The more excess capacity (throughput) you have the better — cloud infrastructure that allows you to dynamically add capacity is ideal.
3. Testing and PlanningDDoS attacks can be simulated as part of performance testing. Testing helps you to understand how your application bares the stresses of a DDoS — so that you can plan a defence.
4. Layer 4 Network EquipmentSwitches and routers generally built in defences for layer 4 attacks.
Effective layer 4 defences include bogus IP filtering, traffic shaping, TCP splicing and rate limiting. Work with your ISP or network equipment vendor to understand the features of your network.
5. Bandwidth ManagementBandwidth management hardware allows you to classify incoming traffic as priority, regular or dangerous. It event of a DDoS attack non-priority requests can be dropped.
6. Intrusion Detection Systems (IDS)IDS look for attack patterns in incoming traffic and can drop suspicious packets.
7. Custom DefenceMany layer 7 attacks require a custom on-the-fly defence. Typically, web developers analyse traffic patterns for irregular:
- request signatures
- http headers
- form parameters
Once a pattern is determined filters can be implemented on the web server to drop matching requests.
8. Blackholing and SinkholingSevere DDoS attacks may require Blackholing — sending all requests to a non-existent server. This brings the website down but relives the pressure on the server.
Sinkholing sends all requests to a logger that logs some statistics and then drops the requests. Sinkholing can help developers establish attack patterns.
The following template captures your high level enterprise architecture. |
Back-to-basics ITIL definitions that may serve as a useful executive overview.|
Enterprise Architecture — solving the world's problems one big box at a time.|
A guide to enterprise software that covers a wide variety of critical enterprise tools.|