How To Prepare For A DDoS Attack: 10 Steps
Like a hurricane or a flood, a DDoS is a crisis. Follow these 10 steps to prepare for an attack before it hits.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt146040ac2bc2619d/64f0dc585375e58433203de5/DDOSCoverArt.jpg?width=700&auto=webp&quality=80&disable=upscale)
Distributed denial of service (DDoS) attacks are scary. In a matter of minutes, they can shut down a network, service or website, costing companies millions of dollars.
A recent study by Corero Network Security found that while 34 percent of IT managers surveyed cited lost revenues as the most damaging consequence of a DDoS. Nearly half -- or 45 percent -- say loss of customer trust and confidence is their greatest concern.
When they first came on the scene 20 years ago, a DDoS -- which is when a large network of botnets overwhelm another system’s connection causing it to deny service to legitimate traffic – even threatened to take down the Internet itself.
That’s ancient history. Over time, vendors and service providers have developed products that help IT staffs better cope with the threat of a DDoS. But they come in waves and over the past year there has been an uptick in DDoS attacks.
“There have always been various waves of DDoS attacks, and we saw one toward the end of 2015,” says Barry Greene, CTO of Palo Alto-based GetIT, or Green Energy Technology & Infocommunications Technology.
Greene says that although we are currently experiencing a bit of a lull, now’s a good time to prepare for the next wave. He recently authored a white paper on preparing for a DDoS and spent some time talking with Dark Reading about strategies for defending against DDoS attacks.
“Think of a DDoS as a crisis much like a hurricane or a flood,” Greene says. “You wouldn’t want to start preparing for a hurricane on the day of the event. The same holds true for a DDoS.”
Before spending millions of dollars on new equipment and services, find out what you can do right now with the technology you have. For example, there may be a DDoS capability built into your networking equipment or firewalls. Many service providers offer a remote trigger blackhole, which is when they can shift traffic to a different part of the network during an attack. And, a content provider may offer an emergency onboard service during an attack.
Most of the vendors will be pushing new products, but get them to focus on what the company can do right now. It may be that the organization needs to upgrade its firewalls or switches, or that it needs to consider a sandbox or an updated intrusion detection system, but start the discussion from the perspective of what your existing tools can do today.
Set aside a couple of hours and use the tools. Simulate an attack and find out if the tools really work as advertised. Do role plays with your DDoS allies and find out if they are still on board with supporting you during a DDoS.
Designate someone to develop a training exercise and then rotate that responsibility around the IT staff. Anti-DDoS tools only work if everyone knows how to use the tools. The alliances you make with vendors, providers and law enforcement are only productive if the teams practice with each other.
Understand that criminals who launch DDoS attacks do get caught. But the crimes have to be reported and the evidence collected.
Law enforcement will require three pieces of information:
The communication vehicle. Did the attackers communicate by phone, text or email? Capture all the logs around the communications they send the company.
The money path. Bitcoin has been popular, but DDoS attackers have also asked for ransoms to be sent to Swiss bank accounts or even Portuguese accounts.
Detailed computing logs. Law enforcement will need all the logs and details from your security and networking equipment and overall computing infrastructure.
Tracking down the attackers takes hard work with a lot of international collaboration. Plan to work very closely with your DDOS allies during an attack.
Distributed denial of service (DDoS) attacks are scary. In a matter of minutes, they can shut down a network, service or website, costing companies millions of dollars.
A recent study by Corero Network Security found that while 34 percent of IT managers surveyed cited lost revenues as the most damaging consequence of a DDoS. Nearly half -- or 45 percent -- say loss of customer trust and confidence is their greatest concern.
When they first came on the scene 20 years ago, a DDoS -- which is when a large network of botnets overwhelm another system’s connection causing it to deny service to legitimate traffic – even threatened to take down the Internet itself.
That’s ancient history. Over time, vendors and service providers have developed products that help IT staffs better cope with the threat of a DDoS. But they come in waves and over the past year there has been an uptick in DDoS attacks.