Creating Your DDoS Action Plan, Part 1: 3 Preventive Measures

Creating Your DDoS Action Plan, Part 1: 3 Preventive Measures

July 24

About a month ago my blogging colleague Contel Bradford wrote a great post on the perils of DDoS (Distributed Denial of Service) attacks. As he points out, DDoS attacks can take myriad forms, and one attack may comprise an amalgam of these multi-vector forms. Worse, attack tools are easy and cheap to find online, according to Arbor Networks. The company recently published a report that, among other things, describes the ease in which anyone can launch a DDoS attack.

If you can’t figure out the simple botnet software options out there or are too lazy to watch one of the many YouTube videos describing how to pull off an attack, you can hire a botnet service to carry out DDoS attacks for as little as $5 an hour or $40 a day!

Given the prevalence and ease in which anyone can initiate a round of online Spy vs. Spy, how do you put together an action plan to protect your company from this hazard?

You want to address the problem in two parts: prevention and response. Today’s post will focus on some preventive measures you can take to fend off DDoS attacks. Let’s get started!

Measure 1: Assess and prioritize your at-risk data and processes.

What would happen if an army of botnets brought down your network? If you’re running, say, an e-commerce site, you’ll want to know the cost of an hour of downtime and the average amount of time you or your MSP would need to bring your site back online, and the impact of that downtime on your customer base and your reputation, among other metrics.

Similarly you’ll want to quantify and prioritize your data. The information populating your online storefront and your customer account information needs more protection than your Exchange archives. Assuming you have a security budget (who doesn’t?), you’ll want to assign more resources to your storefront and customer information than to your archives.

Measure 2: Review your existing security plan to determine your level of protection.

You’re living in a fantasy world if you think a good firewall is enough to ward off the types of attacks we’ve been seeing over the past few years. Many of these attacks incorporate multiple methods of attack that can derail various parts of your infrastructure, as well as your applications. You may need some combination of a firewall, DDoS-resistant switches and routers, a DNS-based application that stops offending botnets before they invade your network, and other solutions to cover your bases.

You also want to make sure you know the protections and strategies your ISP has in place for DDoS attacks so that you can integrate them into your own plan. Ditto for your MSP if you have one.

Measure 3: Make your MSP and/or ISP accountable for any disruptions.

A worthwhile MSP or ISP is going to include SLAs that guarantee a certain level of availability and business continuity as part of your contract. If they fail to meet those SLAs, they are required to compensate you for that failure. Make sure you know what those levels are—and make sure they know you plan to hold them accountable.

Do you have other DDoS prevention tips to offer? Let us know in the comments!

Photo credit: Gustavo da Cunha Pimenta via Flickr