Distributed denial of service (DDoS) attacks have become a part of having a presence on the web. While the question used to be if you will be attacked, today it is only a matter of when. Because of this, it is more important than ever to have a defense strategy in place. But, for all the media coverage and attention any DDoS attack may receive, their purpose and how to best defend against them are not always well understood.
According to the 2016 Verizon data breach incident report (DBIR), DDoS and web app attacks have increased substantially over the last year. Successful data breaches of web app attacks where data was stolen increased from 7% to 40% with targeted data including:
- Credit card data
- Personal information
- Financial credentials
If you want to ensure that your business is ready for a DDoS attack there are a number of best practices you should keep in mind. What follow are 5 recommendations from our 10 years of experience managing over 80,000 servers. If you want an even more in depth overview, as well 5 more recommendations, you can download the full white paper here.
1. Code with security in mind – Identify your security requirements before you start writing code. Have a set of security coding standards and ensure that developers are following them. Vigorously test your code to prevent some of the common types of vulnerability exploits such as cross-site scripting and SQL injection.
2. Develop emergency plans for patching and rolling back code – Have a detailed plan in place when pushing out new code so that if an issue arises it can be rolled back with little impact to your environment. This might include having a list of the developers on-call for each department, a central chat or war room to discuss the issue and what needs to be done, documentation, etc.
3. Keep patches up to date – Be aware of the latest patches available for your software and have a plan in place to both implement them and to roll them back if issues arise after the update.
4. Limit access to your environment – Ensure admin and/or root accounts are secure and that passwords are changed on a regular basis. Audit your access list frequently and be sure to remove access for any employees that have left the company. It is also important to change root and admin passwords if an employee who has left had access to those as well. Do not store passwords in plain text or collaborative documents.
5. Do not expose admin interfaces to external networks – Admin interfaces should only be accessible from internal networks either via direct connection from that network or through aVPN. Test and verify that no one on an external network can access these interfaces. Be sure to remove VPN access for employees who have left the company.
Download the full white paper on how to prepare your business for a DDoS attack here.