Page 22 - AeM_June_2019
P. 22

BEST PRACTICES & STRATEGIES













































             Safeguards against DDOS attacks



            As you might remember, we published a write-up on how    Today, however, the methods of DDoS attacks and
            to prevent and ward distributed denial-of-service (DDPS)   their  scope  are  evolving  so  fast  that  individual  IT
            attacks a year ago, but decided to share again the useful   teams  and  self-developed  defense  systems  can
            tips  from  CDNetworks  since  the  discrepancy  between   barely keep up. Arranging for additional hardware
            corporate  reality  and  self-assessment  in  IT  security   to  servers  and  routers  is  not  only  costly,  it  also
            seems to have remained the same since then.              requires  constant  updates  and  configurations
                                                                     toward  the  more  and  more  sophisticated  DDoS
            The  content  delivery  network  and  cloud  security    attacks.  Not  to mention,  that  the  systems  are  still
            specialist  summarized  the  following  steps  to  help   vulnerable to targeted network congestion. Almost
            companies addressing DDoS attacks:                       all vulnerability tests show that one of the biggest
                                                                     weaknesses  lies  within  the  capacity  limits  of  your
              •  Identify  vulnerability  and  severity  of  security   own network. If this limit is exceeded - be it due to
                issue                                                harmless causes or by malicious DDoS attacks - it
                In a first step, it is necessary to check the security   comes to a network failure. A practicable solution
                status   in   the   company.   This   requires   a   represents  a  cloud-based  DDoS  defense.  Cloud
                comprehensive  review  of  the  strengths  and       security vendors can leverage network capabilities
                weaknesses  of  the  network  to  determine  where   that  far  exceed  those  of  a  single  data  center,
                system and network defenses exist and how easily     providing  reliable  protection  even  in  case  of  very
                they  could  be  exploited.  The  latter  can  be    large attacks, and their expert teams are constantly
                determined  by  means  of  vulnerability  tests  and   working to keep up with the development of DDoS
                DDoS  test.  Then  it  should  be  checked  if  existing   strategies.  At  the  same  time,  they  can  clean  up
                solutions for DDoS minimization are sufficient.
                                                                     data to ensure  that only  "legitimate"  traffic comes
                                                                     through.  Resources,  such  as  the  Open  Web
              •  Find a suitable solution strategy
                                                                     Application  Security  Project  (OWASP),  can  also
                In  the  early  2000s,  when  DDoS  attacks  were  still   help with DDoS defense planning.
                rare  and  uncomplicated,  do-it-yourself  solutions
                provided adequate protection.

      22            June 2019 - Cyber-security & Data Protection
   17   18   19   20   21   22   23   24   25   26   27