Protecting Against Denial of Service Attacks

The best and worst aspect of the how the internet is designed is that every website it accessible to anyone with an internet connection. This means a potentially huge audience for your website - but also means you have to deal with malicious traffic. If an attacker can generate sufficient traffic to starve your server of resources, they can make deny service to legitimate users.

Risks

Prevalence Occasional
Exploitability Moderate
Impact Harmful

Denial-of-service attacks are designed to make a site unavailable to regular users. Attacks can be launched for political reasons (“hacktivism” or cyber-espionage), in order to extort money, or simply to cause mischief. Sophisticated attackers will use distributed applications to ensure malicious traffic floods a site from many different IP addresses at once, making it very difficult for a defender to filter out all sources.

Protection

There a variety of commercial tools and services that allow you protect against denial-of-service attacks. Check with your hosting provider to see what options are available - many cloud computing platforms provide simple protection and alerting services for free, with more sophisticated bandwidth management tools available for an extra cost.

If you web-site is build to scale, it will be better able to handle high-traffic scenarios. Some common approaches to achieving scalability include:

  • Serving images, stylesheets and other resources from Content Delivery Networks (CDNs).
  • Caching commonly accessed resources in-memory or on-disk to reduce database access.
  • Setting the Cache-Control header on rarely-changing resources, so browsers do not request them each time a page is viewed.
  • Executing long-running processes (like accessing APIs or sending emails) in an asynchronous job queue, rather than in the web-process itself.
  • Automating web-server deployment, so the number of instances can be scaled up transparently.
  • Splitting complex applications into micro-services so each component can be scaled separately
  • Implementing web-page analytics so you can detect high-traffic periods and respond accordingly.

Further Reading

Is your site vulnerable to attack?

Check today. Scan your website for vulnerabilities with the