• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

15 Ways to Stop DDoS Attacks in your Network

by wing

To stop DDoS (distributed denial of service) attack, one needs to have a clear understanding of what happens when an attack takes place. In short, a DDoS attack can be accomplished by exploiting vulnerabilities in the server or by consuming server resources (for example, memory, hard disk, and so forth).

DDoS attacks

There are two broad types of DDoS attacks: bandwidth depletion attacks and resources depletion attacks. In order to halt both types of attacks, you can follow the steps given below:

  1. If a few computers are the source of the attack, and you have identified the source of those IP, you can put an ACL (access control list) in your firewall blocking those IPs. Change the IP address of the web server for a while, if possible, but it will not be effective when the attacker will start resolving your new IP by querying your DNS servers.
  2. When you identify that the attacks originating from a specific country, you can  think about  blocking that country’ IP block, at least for a while.
  3. Create an inbound traffic profile. This way you will know who is regularly visiting your site. In case you discover an unexpected number of new visitors, you can further investigate the logs and source IPs. Before large scale attacks, you might experience a small-scale DDOS attack that the attacker may use to estimate the strength of your network resilience.
  4. The easiest, although a costly, way to defend your network from bandwidth consumption attack is to buy more bandwidth.
  5. You may deploy more servers, spread around various datacenters, and you may use good load balancing software.
  6. Make sure your DNS is protected behind the same type of load balancer that you used to protect your web and other resources.
  7. Optimize your webserver to handle more visitors without exhausting all resources. If you are using Apache server, you can use Apachebooster plugin, which was designed by integration of varnish and nginx. Apachebooseter can cope with sudden spike with traffic and memory usages.
  8. Fast DNS-Protect against DNS-based DDoS attacks with a highly scalable DNS infrastructure. You can think about buying CloudFlair business or enterprise plan, which provides protection to DNS and layer 3, 4 and 7 based DDoS attacks.
  9. Enable anti IP spoofing features in your firewall and routers. It is much easier to implement anti-spoofing in Cisco ASA firewall than in the routers. To enable anti-spoof with ASDM, click on configuration from firewalls and then click on anti-spoofing. You can prevent spoofing in router using ACL. Create an access control list for your internal IP subnets, and apply that ACL in your Internet facing interface.
  10. Hire third party DDoS service to protect your site. There are a number of service providers with robust network who can help your website survive during denial of service attack. You can subscribe to such service for a monthly cost of few hundred dollars only.
  11. Pay attention to your server’s security configuration in order to prevent resource depletion type of DDoS attack.
  12. Consult a DDoS expert, and make an action plan to carry out when you actually face the attack.
  13. Monitor your network and web traffic. If possible you can set up multiple analytics such as Statcounter and Google analytics in order to understand and gather more data of your traffic patterns.
  14. Secure your DNS server against recursive DNS query attacks.
  15. Block ICMP in your router. Enable it when you need it for troubleshooting purpose only. Also you can do the following things with your router: rate limit, filtering packets, timeout half-open connections, drop junk and spoofed packets, set low threshold for TCP SYN, ICMP and UDP flood drop.

Finally study more about DDoS attacks, and be familiar with the types of DDoS attacks and make action plan to defend against each type of DDoS attack.

Related Posts:

  • 10 Major Types of DDoS Attacks and Prevention
    10 Major Types of DDoS Attacks and Prevention
  • buffer overflow
    Buffer Overflow Protection Tutorial
  • RFID security threats
    Top 10 RFID Security Concerns and Threats
  • network based ids
    Host Based IDS vs Network Based IDS
  • How to Respond to  Network Intrusion Detection
    How to Respond to Network Intrusion Detection
  • Effective Ways to Prevent Cross Site Scripting(XSS) Attacks
    Effective Ways to Prevent Cross Site Scripting(XSS) Attacks

Filed Under: Network Security Tips Tagged With: attack, ddos

Primary Sidebar

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Related Posts

  • 10 Major Types of DDoS Attacks and Prevention
    10 Major Types of DDoS Attacks and Prevention
    Despite the differences in the mechanism, the purpose of the…
  • buffer overflow
    Buffer Overflow Protection Tutorial
    When you write a simple program, for example, to print…
  • RFID security threats
    Top 10 RFID Security Concerns and Threats
    Like any other security devices and mechanism RFID is not…
  • network based ids
    Host Based IDS vs Network Based IDS
    Based on the location in a network, IDS can be…
  • How to Respond to  Network Intrusion Detection
    How to Respond to Network Intrusion Detection
    When your intrusion detection system triggers an intrusion alarm, you…
  • Effective Ways to Prevent Cross Site Scripting(XSS) Attacks
    Effective Ways to Prevent Cross Site Scripting(XSS) Attacks
    Not every developers pay equal importance to web security and…
  • advanced evasion technique
    How to Protect Networks against Advanced Evasion…
    Evasion techniques evade the exiting network security devices such as…
  • IIS performance tuning
    8 Effective Ways to Improve IIS 7.5 Performance
    Like any other web servers, IIS 7.5 is capable of…
  • Screening Router Security Test
    Screening Router Security Test
    Much small-scale business does not use firewall as their first…
  • 32 Proven VOIP Security Best Practices
    32 Proven VOIP Security Best Practices
    VOIP saves money if you can deploy and manage it…
  • Webhosting Security-Best Practices and Concerns
    Webhosting Security-Best Practices and Concerns
    To many IT professionals, webhosting security means protecting websites from…
  • 8 Open Source Web Application Security Testing Tools
    8 Open Source Web Application Security Testing Tools
    Web application security testing might seems intimidating and esoteric to…

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com