Answer

Prevent Distributed Denial-of-Service attacks with the right services

Some of our sites are occasionally the target of Distributed Denial-of-Service (DDoS) attacks. What can we do to help ensure critical applications don't suffer performance breakdowns?

    Requires Free Membership to View

Web application performance and potential associated Denial-of-Service (DoS) attacks are complicated issues. Some application issues can be handled by in-house development and IT operation teams, but more sophisticated protections often require the use of specialized hardware and third-party services.

Looking at things that many organizations can handle in-house, you can look for application and infrastructure bottlenecks. These can be caused in situations where attacks can gain a leveraged advantage.

Organizations considering security often downplay or ignore the requirement for availability.

For example, applications processing XML documents that use a Document Object Model (DOM) approach can find themselves in situations where attackers use a comparatively small amount of renewable bandwidth to consume larger amounts of fixed server memory. In addition, attackers can abuse some application logic to limit application access by legitimate users. That said, DDoS attacks are more common and addressing these issues is often beyond the purview of development teams. This means that infrastructure teams or third-party providers must step in to help. Infrastructure like firewalls, switches and routers can be configured to ignore traffic of certain protocols or from certain sources.

In addition, cloud servers can be used to scale up capacity during times of overload. However, applications need to be designed with this type of scaling in mind. Web servers, application servers and database servers must be configured in such a way that adding additional capacity can be done easily. In addition, content distribution networks (CDNs) can be used to cache and serve static content, reducing the load on core servers.

For serious attacks, there are commercial services and dedicated hardware that are now available to help specifically reduce or eliminate the impact of DDoS attacks. These typically analyze network traffic to identify malicious requests and then drop or null-route them. These are typically sourced from hosting providers or as add-on products from CDNs. An advantage to using a cloud-based DDoS provider can be the provider's ability to analyze traffic across a number of different targets and use that threat intelligence to provide for attack detection and traffic shaping.

Organizations considering security often downplay or ignore the requirement for availability and instead focus on confidentiality and integrity. This works well until an application becomes the target of a DDoS attack. Planning for these types of attacks up front allows an organization to already have a network, server and application architecture in place that is ready to undergo the changes required to activate DDoS protections.

Organizations that fail to plan ahead may find that they are forced to make risky changes on the fly while under attack. Making these sorts of changes during DDoS conditions can make it harder to pinpoint errors and lead to longer downtime.

This was first published in February 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest