Distributed denial-of-service (DDoS) made lots of headlines in late October when a massive DDoS attack on Domain Name System (DNS) service provider Dyn temporarily disrupted some of the most popular sites on the internet.
As with any other major cyber security breach, the attack likely has many boards of directors and CEOs wondering whether their organization might be next, and what can be done to defend against such incidents.
DDoS attacks are clearly on the rise. A report by content delivery network provider Akamai earlier this year said such incidents are increasing in number, severity and duration. It noted a 125 percent increase in DDoS attacks year over year and a 35 percent jump in the average attack duration.
Not surprisingly, many people want to know more about these types of attacks. When the Software Engineering Institute (SEI) at Carnegie Mellon University recently posted a blog titled, "Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response," it became SEI's most visited post of the year after only two days, according to a spokesman for the institute.
The desire for knowledge about DDoS is a welcome development, and it shouldn't be limited to IT and security personnel.
"While DDoS attack prevention is partly a technical issue, it is also largely a business issue," said Rachel Kartch, analysis team lead at the CERT Division of SEI, a federally funded research and development center sponsored by the US Department of Defense and operated by CMU, and author of the DDoS post.
In general, organizations should begin planning for DDoS attacks in advance, Kartch noted in the post. "It is much harder to respond after an attack is already under way," she said. "While DDoS attacks can't be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive."
To strengthen resources against a DDoS attack, it's important to make the architecture as resilient as possible, Kartch said. "Fortifying network architecture is an important step not just in DDoS network defense, but in ensuring business continuity and protection from any kind of outage or disaster situation," she said.
As part of this effort, organizations need to locate servers in their various data centers; and ensure that the data centers are located on different networks, have diverse paths, and have no notable bottlenecks or single points of failure.
"Overall, priorities for architecture should be geographic diversity, provider diversity, and elimination of bottlenecks," Kartch said. "While these are best practices for general business continuity and disaster recovery, they will help ensure organizational resiliency in response to a DDoS attack."
Another good practice is to deploy hardware that can handle known attack types and use the available features designed to protect network resources. "Again, while bolstering resources will not prevent a DDoS attack from happening, doing so will lessen the impact of an attack," Kartch noted.
Certain types of DDoS attacks have existed for a long time, Kartch said, and a lot of network and security hardware is capable of mitigating these attacks. For instance, commercially available network firewalls, web application firewalls, and load balancers can protect against layer 4 attacks (or protocol attacks) and application-layer attacks. Specialty appliances also can protect against these attacks.