Mitigating risk: Basic measures to prevent DDoS attacks in 2021

Seth Robinson of CompTIA

Distributed Denial of Service (DDoS) attacks are getting more and more vicious each day, hurting business targets both financially and reputationally. These attacks work by overloading a web server with requests and causing hours, even days, of downtime and inevitable frustration.

As technology evolves, says Seth Robinson, CompTIA senior director, technology analysis, so do DDoS tactics. Therefore, they are more sophisticated and harder to mitigate today than ever before. That said, there are a few steps IT pros can take to make their online business less prone to these attacks.

CompTIA has built a comprehensive DDoS Guide that dives into all the details behind this newer type of cybersecurity attack. But for now, here are some quick tips on mitigating the risk and averting a potential disaster.

DDoS attack prevention tactics

Obviously, there is no single all-encompassing solution that ensures full protection from DDoS attacks. Still, by taking the following measures, an organisation will significantly reduce the risk of a DDoS attack taking place and the impact if an attack should occur.

1. Upgrading your network security infrastructure

First of all, since any loophole can be exploited by cunning hackers, a business should make sure loopholes are closed. In other words, IT pros should examine their existing security system and keep it up to date at all times. That includes the firewall, anti-malware and anti-virus software, and anti-spam and anti-phishing tools.

Part of the security system is the underlying infrastructure. If your network infrastructure is basic and weak, it’s high time to upgrade it. A first step is to increase bandwidth. Doing this gives networks and servers the ability to handle sudden spikes in traffic, much like those that DDoS attacks cause.

In addition, multi-layer security solution is a must. This means avoiding centralisation of the data centre and placing infrastructure components in different locations. That way, if one area comes under attack, others can handle the regular traffic without any interruptions.

2. Adopting better network security practices

Beyond the nuts and bolts of infrastructure, hackers can take advantage of any oversights in your security practices, which is why they need to be foolproof. For example, many IoT devices still come with weak default passwords and overall weak protection. This makes them easy targets for hackers looking to expand their botnets, especially since their numbers are rapidly rising. To prevent slip-ups, IT pros should implement multi-factor authentication methods and change all passwords every once in a while.

In addition, compartmentalisation and access controls are best practices, especially if a business has many employees and a high turnover rate. Not everyone needs to have access to your most valuable resources and information, and restricting access can keep DDoS attackers from easily targeting these components.

3. Switching to cloud systems

Over the past year, companies have been migrating to cloud systems to build more flexibility and resiliency in their IT operations. There are security benefits, as off-premises cloud-based solutions typically have up-to-date patching and follow industry best practices to be secure.

From a DDoS perspective, cloud systems take decentralisation to the next level. Companies can consider either a multi-cloud approach with different cloud providers or a hybrid solution that utilises both off-premises and on-premises solutions for ultimate flexible DDoS protection.

4. Regular network monitoring

Another important way to protect servers from DDoS attacks is by monitoring network traffic. Luckily, there are many helpful tools out there that provide network monitoring. Tools such as Datadog Network Monitoring or Paessler PRTG Network Monitor will monitor traffic and send an alert when a spike in requests occurs.

Furthermore, it’s important to understand typical DDoS warning signs to ensure fast detection and response. Common symptoms include unusual traffic behaviour, network slowdowns, inability to access webpages and an abundance of spam emails.

5. Developing an effective response plan

Even if you implement all the security solutions outlined above, slip-ups can happen. If a DDoS attack actually hits a server, the best weapon against it is an effective DDoS mitigation plan.

Companies should form a DDoS response team that is technically competent to quickly execute a recovery plan. This team should build multiple strategies for identification and mitigation along with exact guidelines that staff must follow. Different strategies may be needed depending on the critical nature of different servers that could be attacked. A thorough recovery plan with multiple fail-over options can keep a business up and running during a DDoS attack.

Unfortunately, DDoS attacks are becoming more prominent every day, and they show no signs of slowing down. Apart from becoming more sophisticated and more destructive, these attacks can now be easily executed, even by a hacker with a relatively low level of technical knowledge.

Proper protection from DDoS attacks is a must for businesses operating in the digital economy. By building a modern infrastructure, creating a solid security strategy and developing disaster recovery scenarios, organisations can insulate themselves from the worst damage that DDoS can cause.

The author is Seth Robinson, senior director, technology analysis, CompTIA.

About the author

Seth analyses technology trends in the IT industry and provides insight into trend drivers and future direction. He has led research studies on IT security, cloud computing, IoT and mobility, among other areas.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

ICP DAS partners with IoT software provider Exosite to introduce “ExoWISE” solution

Posted on: January 18, 2022

Taipei Taiwan. Jan. 16, 2022 – ICP DAS, a  manufacturer of industrial automation equipment, is pleased to announce the new ExoWISE solution. The creation of ExoWISE is the result of a new partnership with Exosite, an enterprise software company and a provider in the Industrial Internet of Things (IIoT) platform market.

Read more

A busy time in the world of telco IoT

Posted on: January 17, 2022

It’s been a busy period for IoT (Internet of Things) market developments that affect the evolving 5G space for telcos. Global freelance business technology journalist, Antony Savvas looks at how IoT movers and shakers could help to further evolve mobile data processing and security.

Read more