The following measures will help to mitigate the risks of a DDoS attack.
- Over-provision bandwith to absorb DDoS bandwith peaks. This is one of the most common yet probably the most expensive technique, particularly because most DDoS attacks can be ten times or even one hundred times greater than standard internet traffic levels.
- Lock down application and servers. Most overflow attacks can be prevented by application development teams that follow coding best practices.
- Install a network firewall to block known network DDoS attacks. Most firewalls can stop network DDoS attacks like TCP floods, SYN-floods and fragmentation attacks. Large scale network DDoS attacks can overwhelm Internet connections, preventing traffic from even reaching an on-premise firewall. Businesses must ensure that their internet bandwith is great enough to withstand a volumetric attack.
- Apply application-level controls to stop application DDoS attacks. An increasing number of DDoS attacks are not simply network onslaughts, but more advanced application attacks. Application attacks can be difficult to stop through application coding measures alone. Detecting and blocking excessive requests by users can help eliminate attack traffic. CAPTCHA’s, for instance, can help differentiate humans from malicious bots.
Find us on Facebook and LinkedIn