Reports of aggressive DDoS attacks, or overload attacks, return look as tight. The attacks are shaking about companies and organizations, and even the customers who are affected.
The bad news is that an attack can occur at any time, without warning, and it can be devastating to your system. The good news is that there are methods to organise.
A DDoS attack is just another form of a load test on an environment. It is not entirely without saying that capacity planning tools are actually a way to legally perform DDoS attacks. The first step in preparing well is to know what to look for.
There are usually two types of attacks:
- Unlawful attacks from botnets and / or server parks are available in three variants.
- Network storage with basic application functionality
- Advanced application attacks
- Social attacks.
The difference between the two rests in the purpose of the attack. If you cannot identify a bad intent, you’ve simply experienced a social attack. An example of a social attack is a successful promotional campaign that attracts so many visitors that the site crashes. But for whatever reason, both attacks can be overwhelming.
So, can you always protect yourself from all types of DDoS attacks? The straight answer is no, but you can always prepare your site and system protection so that they are consistent with your company’s risk profile for lost business due to downtime.
How? The simple answer is: capacity planning. It is the most overlooked cornerstone of all defences. Everyone has a theoretical view of what is needed if an attacker attacks, but until an attack actually occurs, there is no way to know what works and what does not work. The most common issue today with regard to capacity planning is between front-end web applications and back-end databases, a deviation that can make you vulnerable to an attack.
Having said that, the first insight to prepare for an attack is to have proper countermeasures in place. The second insight is to know how environment is responding to such a scenario. The best thing to do is try to replicate an attack in a controlled environment as possible. A recommendation is to mobilize a third party load test organization to actually simulate an attack. This way you can understand the consequences and eliminate all “about” from their action plan.
But the burning question is: How do you prepare for, answer and mitigate an attack when it occurs? Have you allocated resources? Have you engaged internet providers to create black holes in traffic? Or do you hope that your IDS, firewall or router can filter the traffic? There are many methods and strategies used, but usually they are not tested in advance.
You should validate that your system DDoS protection is configured and that it works against your application. Many organizations are investing today in system protection, but very few validate what kind of DDoS protection you need for more advanced attacks.
What types of tests do you need? Only standard load tests will not suffice but normal traffic mixed with network storage tachts and “application tweeks” like Slowloris will test your system security considerably. DDoS stress test should be performed through test clusters spread across multiple locations around the world in order to make identification and blacklist a real challenge.
Attack volumes today are so great that cargo traffic up to 500 Gbit / s bandwidth and one million simultaneous users are wise to begin with. Loads will test your system to the burst limit quickly.
To mitigate the effects of an attack is complex and challenging. Technology is regularly improving and more IDS solutions have the ability to identify attacks and eradicate them either at firewall level or at the edge of the network before it crawls into the servers and crashes them. This technique is quite effective against minor attacks, but not against the bigger, more famous attacks.
The cash is always there is a risk of network presence. But that does not mean that you should retire from creating and maintaining a large website or mobile application. Instead, you should take appropriate steps to protect this investment and the revenue generated for your business.
My rule of thumb is that anything from five to ten percent of an enterprise’s IT budget should be estimated for test and capacity planning. And believe me, if you ever find yourself in a post-DDoS attack situation, you will be convinced that these funds were well invested.