Let’s walk through some common and well-known cases of attacks to get a sense of the range of different types out there. Additionally, we’ll take a look at specific examples of these attack types and explore how you can beat them with proper mitigation techniques.
1. How to avoid becoming a bot.
2. How to prepare your own network for the possibility of an attack and finally.
3. How to maintain your network is under attack.
4. What options and resources do messaging providers offer for cloud DDoS protection?
How to Avoid Becoming a Bot
Educate users on how their data is being gathered and how it’s going to be used.
Stopping or mitigating DDoS attacks are multifaceted processes. Almost everyone in a company will be affected by an attack and system admins, DevOps roles and end-users will have different ways to respond to it. A DDoS attack is commissioned quite differently to a standard assault attack. As we saw in our blog from last week, their typical starting point is the use of a botnet a collective network of machines compromised by the diversion of internet traffic.
Although it’s not directly related to your network, there are measures most PC users can take to protect themselves against bot attacks. It’s recommended that you avoid using default passwords for anything and also use complex passwords. You should have your users install and manage their own firewall. You may have to configure the firewall or train them on how to do it. They should close the ports on their computer which they don’t need for either uplink or downlink and make sure their firewall is configured with up-to-date rules.
Make sure your users have anti-virus & anti-malware software, as well as the latest updates for protection against viruses & malware. Encourage them to make periodic hard drive scans and set the file scan setting to real-time or on access.
There are many reasons to stay off the TOR Network. One of the big ones is that it’s not completely anonymous anymore. Plus, when you connect with TOR, you relinquish control of your computer and make yourself vulnerable to being conscripted into a botnet. Even without traffic analysis, it’s possible to download a file or click a link that can install bots in the background once you’re on TOR.
We should also never pirate software for the same reason! Free stuff comes in executables that appear to be archives, installers, or key generators but they actually install bots that wait and listen to the network for remote commands.
It goes without saying that in order to keep safe on the web, users should be vigilant and knowledgeable about the usual vectors of attack. If you need to download anything, it’s best to only do it when you have security software running in the background that is continuously scanning for viruses & malware. Another common criticism of AI is that it can’t do this. However, the robust virtual machine setup I use means all my projects are saved in an off-site location and can be wiped clean if needed.
If you think you might have landed on a risky website or you’re getting the feeling it’s a phishing site, use the appropriate key commands to close your browser (Option-Command-W on Mac; Alt-f4 on Windows). DON’T click on any “X” or “Close” buttons to close the page – keep clicking with your mousepad/trackpad and select the option to either exit, go back a page, copy text from that webpage, etc.
If you think you have a bot or other malware installed on your computer, install a personal firewall (like Glasswire) and network monitor. Set up your router to keep logs of the programs that are connecting to the internet. Write down what you’re doing throughout the day and how long it takes.
If You’ve Been Infected—and Become a Bot:
- In order to get your machine or VM back up to speed after the system was wiped, reinstall the operating system and anti-virus & anti-malware. Do a full scan for any remaining viruses or malware.
- Create to a new password.
- You should really change your habits and be wary of all the possible vectors for malware, including:
- Dangerous email attachments.
- Risky sites
- Sites like TOR are popular sources of direct downloads.
- If you’re going to access sites that might be risky, it’s a good idea to use a virtual machine and browse from there.
- You shouldn’t trust anything you download because even the most reputable sites out there like CNet and Download.com have problems with security breaches. Check everything before you install it to minimize your risk
How to Prepare Your Own Network
You can prepare for a DDoS attack by securing your network with tools like an IPS and firewall/DMZ, maintaining bandwidth utilization, not allowing any port scanning or other suspicious activity from outside your network perimeter and monitoring for malicious traffic patterns.
Patch Systems to Prevent DoS
This includes software and security updates for electronics like routers, firewalls, servers, PCs or anything else that connects to the Internet. Please make a note to change the default Wi-Fi login and password on devices connected to your network. In some countries, it is now required to do this, while manufacturers cannot use words like “password” or “admin.”
Separate and Distribute Assets
Here are a few ways for you to make your assets difficult to attack:
Use a Content Delivery Network (CDN) for all content to distribute it wherever one can be used conveniently.
Cyber-attackers usually target your content, which is typically hosted on an external IP address (as opposed to an internal one).” That’s why using ipconfig /release && ipconfig /renew only help to generate new IP addresses internally but not externally. If you host your website at a single external IP, you would be in a difficult situation to fix if it were attacked.
The content delivery network (CDN) will ensure that your content is available closer to the people in your audience by eliminating the distance between them and your content. CDNs store cached copies of content. These copies are stored in many locations, or points of presence (PoPs). Each PoP could have lots of servers with cached content which are close to people looking for that content.
CDNs can help to mitigate the effects of a DDoS attack and reduce the damage it would otherwise cause. When an attacker tries to focus on one target, a CDN’s global load balancing spreads the load across many points of presence.
The most popular CDNs are Cloudflare, Rackspace and Amazon CloudFront. But there are so many out there, these certainly can’t be the only ones!
Make Sure That Your CDN or Other Layer Has Traffic-Scrubbing Capabilities to Identify & Filter Out Resource Consumption Attacks
Before a DDoS attack, it’s wise to know the patterns of normal traffic for your site. An important step in DDoS mitigation is to anticipate any suspicious behavior and do anything necessary before the attack itself starts. A Security Information and Event Management (SIEM) or Security Analytics system is used to create filters. These systems allow users to study things like the payload, signature, origin IP address and HTTP headers.
CDN’s can be configured to scrub these fake traffic sources, preventing a momentary blip.
Maximize Your Resources, while Conserving Them
During an attack, these filters work by passing on all traffic intended for the target through high-capacity servers and networks in order to filter out any bad traffic.
DDoS filtering is made up of different types.
- connection tracking
- IP reputation lists
- deep packet inspection
- rate limiting
One of the biggest security threats to computers is a malicious attack on one of its network connections, for example the internet. To protect your machine against this threat, you should make sure that there is no single point of attack from either a computer or the internet. You should also beef up both your firewalls and routers with extra power and memory. You can disable logging for certain tasks, like on your home router for example. When traffic surges during an attack, this function can help to reduce the workload of the system. As mentioned before, RRL is an invaluable tool for limiting data response rates. This utility works both ways, saving us from malicious virus-infected computers and overwhelming legitimate requests.
Yet another step is installing a filtering device on prem-ises to block the unwanted traffic after it gets past the perimeter. But keep in mind that on-premise solutions aren’t enough, precisely because they are limited in their capacity Homespun and on-premise anti-DDoS measures can complement the services of a response provider like Arbor Networks, Akamai, CloudFlare or Radware. They can also be complemented with cloud-based offerings from providers like Verisign and Voxility.
Ramp Up the Defenses
A quick summary of some steps to take before an attack:
Configure your data center to shut down an attacked machine and reboot after an attack
- “Change the “TTL” or “Time to Live” to 1 hour. You’ll be redirect your site when it comes under attack; (the default is three days)
- Backups are essential; make sure you’ve got copies of your content stored in a second location, preferably offline!
- Stay on top of your CMS security and software updates. Your need to do this in order to stay safe online.
- Use Uptime Robot, Pingdom, or Monitis to monitor your site availability and be informed if anything goes wrong with your site.
If your network is under attack, here’s what you can do:
Many employees are troubleshooting DDoS attacks and finding that performance issues are continuing. The following methods may be helpful as a response:
- If you haven’t done so already, go to your domain hosting service (for example, EasyDNS, Network Solutions, GoDaddy) and change the “Time to Live” or TTL to 1 hour. You can now change your domain redirect in just an hour, as opposed to the 3 days that used to be standard. (In the future, you might want to consider using a Icelandic domain service, such as 1984.is or hover.com for added security).
- The next time you are able, consider transferring your website to cloud-based DDoS mitigation services like Google’s Project Shield, Cloudflare, CF/Project Gallileo, VirtualRoad and Greenhost.
- After taking back your system, you could decide whether to keep using the DDoS protection service or switch to secure hosting.
DDoS mitigation is a pretty tricky thing- there are a lot of different ramifications & you need the right protection tools. There are many different factors that can be used to prevent attacks on your network. Among these, you should focus on education and providing a robust system that is difficult to attack. You should also monitor for any signs of an attack and address them in a timely manner when they do occur. DDoS attacks can be stopped with a variety of different methods, but there is no single weakness or attack vector that can always be used to stop it. With so many attacks, it’s good to be prepared and to do your best to fend them off. With these tips, you’ll be able to deal with an attack that might happen, or you could try and make sure they never come at all by adopting the right mindset. Monitoring and alerting is one of the many management tools you have for managing the health and security of your network.