All About Preventing DDoS Attack on Enterprise Networks
For any enterprise today, a DDoS (Distributed Denial of Service) attack could mean a real headache. Such an attack could throw out of gear all business activities and all operations of a company. A DDoS attack, which is launched simultaneously from multiple hosts, would exhaust the resources of a network, service or application and access would be fully blocked. The network, internet services and resources of even the largest of enterprises could be affected by a DDoS attack.
In today’s world, the frequency, as well as the size of DDoS attacks, is seen to be increasing. Hence, enterprises should always do all that is necessary to protect themselves against DDoS attacks.
DDoS attacks could be carried out for a variety of reasons. There could be politics and ideology involved while at the same time hackers could resort to DDoS attacks for the sake of vandalism. Online gaming is also a favorite area for DDoS attackers. Hacktivists and terrorists see DDoS attacks as a weapon while there are people who use DDoS attacks for other purposes as well- for extortions, for disrupting competitors’ operations and also as diversionary tactics ( for example, to distract users during data exfiltration attempts).
Today DDoS attacks are available as packaged, easy-to-use, downloadable programmes and hence even those without much technical knowledge can buy these and launch DDoS attacks. Cybercriminals now seek to include more assets, including routers, gaming consoles, modems, etc, which are easy targets as they are turned on by default using default accounts/passwords, in a bid to increase the volume of DDoS attacks. Experts point out that in today’s world, despite so much of awareness regarding cybersecurity and cyberattacks, the number of poorly secured and poorly configured internet-connected devices are on the rise. This makes it easier for hackers to launch DDoS attacks.
Types of DDoS attacks
DDoS attacks generally fall into three broad categories:
Volumetric attacks- DDoS attacks that overwhelm a network with bandwidth-consuming traffic or resource-sapping requests. The most common among all DDoS attacks.
TCP state-exhaustion attacks- DDoS attacks that exhaust resources in servers, load balancers and firewalls abusing the stateful nature of the TCP protocol.
Application layer attacks — DDoS attacks that target application layer processes. Also called Layer 7 DDoS attacks.
A notable thing is that in today’s context, attacks that combine all these three vectors are common. Such attacks help cybercriminals increase the length and the magnitude of the attack.
DDoS attack prevention methods
Securing all internet-facing devices and services is vital as regards overall enterprise security, for any business today. At the same time, it also helps prevent the possibilities of DDoS attacks, which might be launched exploiting such devices/services. The other DDoS attack prevention methods are:
• Conduct penetration testing regularly for all kinds of web application vulnerabilities.
• Go for thorough and regular enterprise risk assessment.
• Implement access control lists on border routers to limit traffic.
• Do proper, careful configuration of services using protocols like NTP, DNS, SSDP, Chargen, SNMP and DVMRP, run them on hardened, dedicated servers.
• Implement anti-spoofing filters as covered in IETF.
• Keep all systems and services properly configured.
• Secure each system and device in the most effective of manners.
• Keep all software and operating systems updated.
• Educate employees, train them on how to prevent and tackle DDoS attacks.
• Use dedicated security software that could help prevent DDoS attacks.