Protecting Against Denial of Service Attacks

The best and worst aspect of the how the internet is designed is that every website it accessible to anyone with an internet connection. This means a potentially huge audience for your website - but also means you have to deal with malicious traffic. If an attacker can generate sufficient traffic to starve you server of resources, they can make deny service to legitimate users.

Risks

Prevalence Occasional
Rating prevelance on a298cccc3e525887223509d0e6fe9a464d7d7f60574014de1fe402608154d354 Rating prevelance on a298cccc3e525887223509d0e6fe9a464d7d7f60574014de1fe402608154d354 Rating prevelance on a298cccc3e525887223509d0e6fe9a464d7d7f60574014de1fe402608154d354
Exploitability Moderate
Rating exploitability on 6b817c6c589f0911378579408b6cbfc6d82345849ae2da559b8d11602b9a987b Rating exploitability on 6b817c6c589f0911378579408b6cbfc6d82345849ae2da559b8d11602b9a987b Rating exploitability on 6b817c6c589f0911378579408b6cbfc6d82345849ae2da559b8d11602b9a987b
Impact Harmful
Rating impact on 48bdb4077813afe9762f27e229e64207ec59c3891a54a3adf931c2c91a6d99bd Rating impact on 48bdb4077813afe9762f27e229e64207ec59c3891a54a3adf931c2c91a6d99bd Rating impact on 48bdb4077813afe9762f27e229e64207ec59c3891a54a3adf931c2c91a6d99bd

Denial-of-service attacks are designed to make a site unavailable to regular users. Attacks can be launched for political reasons (“hacktivism” or cyber-espionage), in order to extort money, or simply to cause mischief. Sophisticated attackers will use distributed applications to ensure malicious traffic floods a site from many different IP addresses at once, making it very difficult for a defender to filter out all sources.

Protection

There a variety of commercial tools and services that allow you protect against denial-of-service attacks. Check with your hosting provider to see what options are available - many cloud computing platforms provide simple protection and alerting services for free, with more sophisticated bandwidth management tools available for an extra cost.

If you web-site is build to scale, it will be better able to handle high-traffic scenarios. Some common approaches to achieving scalability include:

  • Serving images, stylesheets and other resources from Content Delivery Networks (CDNs).
  • Caching commonly accessed resources in-memory or on-disk to reduce database access.
  • Setting the Cache-Control header on rarely-changing resources, so browsers do not request them each time a page is viewed.
  • Executing long-running processes (like accessing APIs or sending emails) in an asynchronous job queue, rather than in the web-process itself.
  • Automating web-server deployment, so the number of instances can be scaled up transparently.
  • Splitting complex applications into micro-services so each component can be scaled separately
  • Implementing web-page analytics so you can detect high-traffic periods and respond accordingly.

Further Reading

Is your site vulnerable to attack?

Netsparker n 834848961a0bf6ec5556448ff47f421d0b1204a572877a59717064b1088e8c43 Check today. Scan your website for vulnerabilities with the