How to prepare for a DDoS attack
Imagine the day. It’s a Friday, you just got back from a long lunch, and are thinking ahead to your weekend. A meeting, a couple of last items to clear off your desk, and then you can head home for whatever, or whomever, awaits you.
Suddenly, you get a call. Your website is down, and systems are non-responsive. Phone lines are jamming up with angry customers. Senior management is banging down your door and wants to know what is happening and when you are going to fix it. Your team is in a panic. Someone tells you that it’s a DDoS attack.
What do you do?
This is the moment at which you realize something: Every emergency needs a plan, and DDoS attacks most definitely constitute an emergency.
Just like any kind of major emergency, managers must plan and prepare for a DDoS attack.
Below are some of the things you need to think about in order to prepare for a DDoS attack.
- Situation awareness
- Understand the environment in which your business or organization operates. Potential threats from competitors, activists, or people who might have something against your org.
- Understand what device types and browsers normally access your public websites.
- Monitor social media.
- Know thy network, and protect it
- Have a detailed depiction of your network topology. An essential for team co-ordination.
- Have baseline measurements of all network activity as it relates to your public access points. Examples are graphing and threshold alerts for bits per second and packets per second on major ingress and egress links in your network.
- Deploy technology at the edge of your network to defend as best as possible. Understand that they will have very finite capabilities and specific applications, but can be of use in thwarting a small attack or identifying a ramping attack.
- Design a secure remote access configuration, preferably out of band, to allow for remote management of your systems while they are under attack.
- Identify all critical services (eg. DNS, Web, DB’s) running in your network and define monitoring indices to assess health in real time.
- Create a strong DDoS response team
- Designate a strong team leader.
- Create a standard operating procedure for a DDoS attack that includes:
- Who should be notified and when (emergency contact info for your ISP, your own senior management, customer service and PR managers)
- iWhat info needs to be collected and when, and where is it logged.
- iWhat action needs to be taken to protect infrastructure or service.
- What is the escalation path for critical decisions.
- Communicate the DDoS plan. It’s not enough to have created a DDoS plan, but you need to share it and staff needs to know exactly when to initiate a DDoS response. It is part of orientation for new staff, you have hard copies at stations, and it is in your wiki or online shared resources. Run drills periodically, including contacting your ISP.
- Be vigilant.
- Keep your documentation up to date
- Monitor DDoS industry changes, and ensure your technology is on top of the latest threats.
- Test your DDoS defense strategy and team.
- Partner with an industry specialist in case the attack is beyond you or your ISP’s capabilities to handle. There are companies whose sole expertise is preparing for and defending against large scale and very sophisticated DDoS attacks, like DOSarrest. Make sure they complement your existing operations. For example, DOSarrest monitors the performance of your site once every minute, and our team will contact your company designate as soon as they see an issue arise, lowering your TCO. Furthermore, DOSarrest will run a website performance test, and if desired a vulnerability assessment, to ensure your systems are hardened as much as possible, all for free. Don’t hesitate to contact us to discuss these features further.
Whatever your situation, do not delay putting a DDoS response plan in place. It could save your business.
CTO, DOSarrest Internet Security