This has recently
happened to one of my clients and it shot down our dedicated server, with
several other websites, for over a day. And we were prepared to some extent, as
one of the ways to defend against this kind of attack is by over-provisioning.
In simple terms, have your server ready for much more traffic, then you will
need. This may give you time to notice all of this extra traffic coming in, and
do something about it.
Some ITs, when designing
a network, have a tendency to prepare for their highest predictable level of
genuine customer traffic. A website, for example, might provide enough capacity
for a daily traffic of 20,000 visits. This will not be adequate to defend a
good-sized attack. Expect a DDoS attack to easily send as much traffic to you
in just one minute! That translates to 28 million "visits" in a
single 24-hour attack. A site only prepared for 20,000 visits will come down
pretty quickly.
By overpowering a web
site and a server with requests, the target system either responds so slowly as
to be realistically unusable or crashes totally. The data volumes needed to do
this kind of damage are typically achieved by botnets. Botnets are networks of
remotely controlled infected computers known as zombies.
But who is doing this?
Who controls these botnets? Botnets are controlled by the denial of service
attacker. In most cased this is done through the use of Trojan viruses.
Prolexic, company specializing in cyber protection, currently tracks over 4,000
control servers, which deploy these botnets for attacks.
Because Internet-based
companies depend on traffic and the server functionality is critical to the
profitability of their businesses, the impact of a DDoS attack can be
disastrous. It would also be widespread, affecting your capability to
communicate, process transactions or function effectively for hours, maybe even
days. It's been documents that there are more than 7,000 distributed denial of
service attacks observed daily.
So should you be
worried? It depends. If the purpose of your site is primarily to provide
information, financial loss may be minimal. But, if your business is based on
e-Commerce, then your losses due to a DDoS attack could be substantial. Some
targets are clear: online gaming websites and financial services firms for
example. But in reality, any company or web site could be a target. In the
cyber underworld, it is possible to rent 90,000 - 110,000 hosts capable of a
distributed denial of service attacks of 10 to 100Gbps. This is more than
enough to take out practically any popular site on the Internet for around
US$200 per day.
On the top of
over-provisioning, what else can you do to protect your website? Redundant
monitoring will give you time to react. When you're under attack, it helps to
know it quickly. A good alternative is to subscribe to a third-party service
that monitors your site around the clock from several places on the Internet,
assessing its responsiveness from an end-user viewpoint and providing alerts to
your phone when problems are found.
How about server's logs?
Your web server logs will not understand a difference between a genuine visitor
and a botnet node. All visits are usually recorded the same way. Even if your
server has enough power and is able to recover from a DDoS attack, it fails
because the logs became too large. The log data could be used, after the fact,
for forensic purposes, its value is actually limited. It's definitely more
important that servers can respond to genuine users during the attack.
One of the most
important factors is to know your hosting provider and what kind of services
they offer. Are you dealing with someone who offers customer service 24 hours,
7 days a week? Someone who you can call day or night? After you call them, will
they get on the problem immediately? What kind of a priority can you expect
when you call? Make sure to know answers to these kinds of questions before you
need someone to help you when your business is facing a DDoS. Visit my blog for
more info, tips and tools Power Your Mind Now
Article Source: http://EzineArticles.com/?expert=Andre_Somov
Article Source: http://EzineArticles.com/8025876
No comments:
Post a Comment