Shulou(Shulou.com)06/01 Report--

This article focuses on "ways to reduce the incidence and destructive power of DDoS attacks". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to reduce the incidence and destructive power of DDoS attacks.

There is no doubt that those who have recently masterminded major DDoS attacks have a deep understanding of how the Internet works. Due to the attackers' understanding of these expertise and the lack of basic security for some important Internet protocols, many enterprises are at a disadvantage when it comes to protecting their own security and preventing this type of attack.

This is why many enterprises, policies, and industry organizations have been working on a wide range of industry plans to reduce the incidence of harmful DDoS attacks. In most countries, laws outlawing DDoS attacks have been passed, such as the computer Fraud and abuse Act of the United States and the computer abuse Act of the United Kingdom, but the legislation does not have much of a threat to cybercrime.

This paper will mainly discuss how to reduce the incidence and destructive power of DDoS attacks, and how to use internal and cloud-based DDoS mitigation control measures to minimize the interference and damage caused by increasingly complex DDoS attacks to enterprise business.

Assess the threat of DDoS attacks

The fact that the DDoS attack is so destructive that it threatens the country's critical infrastructure explains why many government departments are beginning to demand that DDoS mitigation plans must be developed. For example, financial institutions regulated by the Federal Commission for the Inspection of Financial institutions must now monitor against DDoS attacks, have incident response plans that can be activated at any time, and ensure that sufficient manpower are available for the duration of the attack, including recourse to pre-signed third-party services, if any. Financial institutions are also encouraged to report details of the attacks to the Financial Services Information sharing and Analysis Centre and law enforcement agencies to help other agencies identify and mitigate new threats and practices.

Global cooperation against cyber threats such as DDoS attacks is strengthening. Because botnets are a threat and a common DDoS weapon, the Federal Bureau of investigation (FBI) and the Department of Homeland Security share the IP addresses of thousands of computers they believe to be infected with DDoS malware with more than 100 other countries. The White House Office of Cyber Security, the Department of Commerce, the Department of Homeland Security and industry botnet organizations are also working closely to combat and combat botnets. Getting rid of botnets will undoubtedly help improve the security situation, but it is a task that will never end.

Implement DDoS mitigation control measures and say no to DDoS attacks!

The mitigation scheme for distributed denial of service can not be ignored, because the frequency and complexity of such attacks pose a threat to more enterprise organizations. Today's DDoS attacks combine high-intensity brute force attacks and application layer attacks to cause maximum damage and evade detection mechanisms. Some DDoS attacks take advantage of thousands of successful systems or Web services, which can wreak havoc on companies in terms of cost and reputation, and denial of service is increasingly becoming part of advanced targeted attacks. The good news is that there are many tools you can use to minimize the impact of this type of attack on customers and revenue.

To mitigate DDoS, first make sure that you have defined the event response process and defined responsibilities, which requires the cooperation of multiple teams. DDoS prevention planning requires the security team to work with network operators, server administrators and desktop support staff, as well as legal advisers and public relations managers.

Once the DDoS incident response plan is in place, you can focus on four major DDoS mitigation control measures to minimize the interference and damage caused by DDoS attacks to the business. Here, in order of importance:

Internet Service provider (ISP). Most ISP have a "clean network pipeline" (Clean Pipe) or DDoS mitigation service, which is usually higher than the standard bandwidth cost. ISP-based services are useful for many small and medium-sized enterprises and meet budgetary requirements. Don't forget one thing: cloud service providers and host hosts are also ISP.

DDoS mitigation is the service provider. If you have more than one ISP, a third-party DDoS mitigation-as-a-service provider may be a smarter choice, but cloud-based services are usually more expensive. If you change the DNS or BGP route so that the attack traffic is sent through the DDoS SaaS provider, you can filter out the attack traffic, no matter which ISP handles it for you.

Dedicated DDoS mitigation equipment. You can deploy DDoS mitigation devices at Internet access points to protect servers and networks. However, brute force attacks can still use up all your bandwidth-even if the server doesn't crash, customers won't be able to access it properly.

Infrastructure components: such as load balancing systems, routers, switches and firewalls. Relying on your business's operational infrastructure to mitigate DDoS attacks is a doomed strategy that can only deal with the weakest attacks. However, these components can play a role in collaborative mitigation of DDoS.

Most enterprises need a combination of external services and internal DDoS mitigation capabilities. Make a realistic assessment of your employee's skill level-if you have IT security personnel who can detect and analyze threats, start with internal DDoS mitigation, then gradually refine your strategy and add external services. If you don't have enough people or the skill set you need, start with external services and consider adding managed CPE (client equipment) mitigation capabilities in the future.

No matter which architecture you choose, DDoS mitigation controls should be tested at least twice a year. If you use an external service provider, check for changes in routing and DNS to ensure that traffic is sent to external services without major interference-and that you can successfully switch back to direct routing. Network configuration and DNS routing often change during normal operation-you need to know this before the actual DDoS attack.

Prevent DDoS attacks

To prevent DDoS attacks, the long-term solution is to strengthen the Internet protocol that attackers use to launch attacks and require system upgrades to benefit from best practices. For example, many DDoS attacks are successful because attackers often generate traffic with the help of a deceived source IP address. IETF Best Common Practices document BCP 38 recommends that network operators filter packets that enter their network from downstream customers and discard any packets whose source address is not within their address range. This prevents hackers from sending packets (that is, fraudulent attacks) that claim to be from another network. However, the cost of doing what BCP 38 requires has no immediate effect, so although it is beneficial to the wider community, it has not been fully implemented.

Network administrators can enhance the overall security of the Internet by ensuring that they follow other best practices. For example, they should be familiar with the DDoS Quick Guide (DDoS Quick Guide) issued by the Department of Homeland Security, and implement the recommendations given by projects such as the Open Parser Project (Open Resolver Project). The open parser can reply to recursive queries against out-of-domain hosts, so it is used in DNS magnification DDoS attacks. The project has listed 28 million parsers that pose a major threat and provides detailed instructions on how to configure DNS servers to reduce the threat of DNS amplification attacks.

As always, the system is less vulnerable to hackers if you can ensure that the latest version of the software is installed, and hackers often attempt to use their resources as part of DDoS attacks. While large companies such as financial institutions are obvious targets in the eyes of some attackers, they at least have the financial and resources to adopt the latest security technologies and best practices. However, small businesses with limited resources still face potentially strong competitors. This is one of the reasons why Google launched the Project Shield project:

So that organizations that run news, human rights or election sites can publish their content through Google's vast DDoS mitigation infrastructure. This type of program is mainly designed to ensure that potential victims have sufficient resources to defend against attacks, thereby eliminating the impact of DDoS attacks.

Fully sharing DDoS mitigation resources and implementing industry best practices may take time and resources, and may not bring immediate returns, but the Internet is a holistic community project, and it is our common responsibility to combat DDoS attacks. Unless everyone does their part, no amount of planning can get us out of the damn DDoS attack.

At this point, I believe you have a deeper understanding of "ways to reduce the incidence and destructive power of DDoS attacks". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.