8 Ways To Protect Your Website From DDoS Attack

===================================

1. Efficiency
DDoS is a war of attrition — efficient use of resources is a key defence. Applications need to be designed from the ground up with efficiency in mind:

- well architected and designed
- efficient code and algorithms
- proper memory allocation and clean up
- configurable time outs and resource restrictions

====================================

2. Excess Capacity
If your site is running at 90% capacity with normal traffic — it is a sitting duck for a DDoS attack.

The more excess capacity (throughput) you have the better — cloud infrastructure that allows you to dynamically add capacity is ideal 

====================================

3. Testing and Planning
DDoS attacks can be simulated as part of performance testing. Testing helps you to understand how your application bares the stresses of a DDoS — so that you can plan a defence

====================================

4. Layer 4 Network Equipment
Switches and routers generally built in defences for layer 4 attacks.

Effective layer 4 defences include bogus IP filtering, traffic shaping, TCP splicing and rate limiting. Work with your ISP or network equipment vendor to understand the features of your network.

====================================

5. Bandwidth Management
Bandwidth management hardware allows you to classify incoming traffic as priority, regular or dangerous. It event of a DDoS attack non-priority requests can be dropped

====================================

6. Intrusion Detection Systems (IDS)
IDS look for attack patterns in incoming traffic and can drop suspicious packets.

====================================

7. Custom Defence
Many layer 7 attacks require a custom on-the-fly defence. Typically, web developers analyse traffic patterns for irregular:

- IPs
- request signatures
- http headers
- form parameters

Once a pattern is determined filters can be implemented on the web server to drop matching requests

====================================

8. Blackholing and Sinkholing
Severe DDoS attacks may require Blackholing — sending all requests to a non-existent server. This brings the website down but relives the pressure on the server.

Sinkholing sends all requests to a logger that logs some statistics and then drops the requests. Sinkholing can help developers establish attack patterns
====================================

Thanks You




ABH

8 Ways To Protect Your Website From DDoS Attack 2012-04-05T02:01:00-07:00 Rating: 4.5 Diposkan Oleh: r007-