Have you ever experienced being bullied by a group of kids or get tons of assignments to be submitted on the same date? How does that feel? Overwhelming, right? Well applications, systems, and other devices can also feel the same thing when they are getting Denial-Of-Service (DoS) attacks.
So you’re probably here because you have encountered or are curious about DoS/DDoS attacks and you want to know how to stop or prevent it from destroying your web applications. The good news is that, I can answer your question; the bad news is that the answer is a series of to do’s.
First things first. Like what I always say, there is no single security approach applies to everyone. But one must make sure that the defense mechanism of a web application is proactive – detective, preventive, and corrective. The following will guide you to a proactive web application security:
HOW TO DETECT DDoS ATTACKS?
- Get to know stage – ignorance is not an excuse! Like what grownups always say, learn about what you are getting into before you get involved. Learn from the past, save your web application!
- Start with the basics. What is a DoS/DDoS attack? Denial-Of-Service attack is where a hacker floods an application, system, or other devices for the purpose of making it or its service unavailable. The difference of a DoS and a Distributed DoS (or DDoS) is the number of sources. DoS attacks only come from a single source while a DDoS come from multiple sources usually from a zombie army (or a botnet).
- There are 4 types of DoS/DDoS attacks namely, TCP Connection, Volumetric, Fragmentation and Application attacks. However, I will only be focusing on Application attacks (although I might touch a bit of the others). DDoS application attacks basically target applications, trying to deplete their resources until they’re unable to be of service to their clients. Some examples of application attacks are HTTP floods, slow attacks and DNS query flood attacks.
- An example of these is the recent brute force amplification attack which attempts multiple brute force logins onto a WordPress deprecated feature. The attack uses only a single HTTP request but calls hundreds to thousands of procedures which can exhaust all the resources of a specific web application. Now that you know briefly about DDoS attacks, how do you detect them?
- Find the symptoms, indicators, precursors.
- The US-CERT has provided the following symptoms :
- Slow network performance
- Unavailability of a particular website or web service
- Sudden spike in comment/email spams you are receiving
- Remember some precursors or indicators of famous attacks like:
- Brute force amplification attacks are usually preceded by POST.demo.sayHello payload
- Some DDoS attacks start by accessing a non-existing page for a couple of times every few seconds (some attackers repeatedly access existing pages, too!); some do this as dry runs of the upcoming planned attacks
- Look out for too much requests from same source IP address or even multiple ones.
- The US-CERT has provided the following symptoms :
HOW TO PREVENT AND CORRECT AFTER DDOS ATTACKS?
I hate to break it to you but whether you like it or not, no matter how unpopular or popular your site is, you are going to be attacked. So why prevent when you know that DDoS attacks are inevitable, you know what I mean? You can’t prevent attackers from DDoS-ing your web application, but you can prevent them from penetrating and becoming successful in making your web application inaccessible. How? PREPARE.
KNOW YOUR SELF
Identify your ASSETS. To protect your web application’s confidentiality, integrity and availability (CIA), part of the job is to assess your system’s assets; an asset is a resource that should be protected. It can either be an information, physical device, software, people or in a web application’s case – a service. It is best to LIST all your assets and indicate their importance.
After all is documented and done, make the necessary adjustments. If it means you need to install a firewall or an anti-virus, or purchasing a service, do so. It is best that you know which firewall to use. In a web application, better choose a web application firewall that you know can protect you from DDoS specifically. WebRanger is an adequate tool to use in protecting your sites from DDoS attacks. Its signatures are up-to-date plus you have a security operations center (SOC) that handles your alerts 24×7.
ASK & WATCH OVER YOUR SELF
Assess and manage your RISKS. Am I immune to such attacks? What are the assets that still lack protection? What processes, products, services I need to start, stop or improve on? With the knowledge of your assets’ details, you can now evaluate and manage your risks. A risk is the likelihood of a possible threat being successful in exploiting the vulnerabilities in your web application. As you manage your web application’s risks, it is good to review your security objectives and policies to check if they are still fitting for your web application’s needs. In risk management, there will be modifications, additions or even removals to policies, objectives, processes, and the like.
To aid you in securing your web applications, it is important to have a RESPONSE PLAN and RESPONSE Team. Having a response plan will make it easier for you or your response team to handle certain incidents. You can either mobilize your own or outsource a response team. WebRanger is packed with a SOC which acts as a response team that analyzes, responds and reports your alerts 24×7.
Lyndon B. Johnson once said, “Yesterday is not ours to recover, but tomorrow is ours to win or lose”
It is important to be vigilant and get serious in protecting your websites. With thousands of sites getting attacked every day, how will you rate your site’s level of security? Are you winning or losing? If you’re still doubting, act now. Preventing DDoS attacks from attacking your website is impossible but preventing them from damaging and crashing your site is not. When you fail, learn from your mistakes and get back up. But don’t wait until it’s too late. Prepare for your tomorrow. Secure proactively. To know more about protecting your web applications, check out WebRanger! In case you are curious how WebRanger works, feel free to check out our live demo here, or try WebRanger out for FREE!