DDoS Mitigation 101

Distributed Denial of Service (DDoS) attacks are an increasingly popular method used against NGO and independent media websites to make them inaccessible during key political moments. 

How do they work?

The term DDoS in popular lexicon represents in reality a range of different types of attacks. Largely these attacks deal with the way in which computers and servers handles connection requests. The easiest way to think about DDoS attacks is to imagine your home telephone. If you receive one phone call at a time you can answer, talk, and communicate with ease. If, however, 50, 100, or 1,000 people all called you at the same time not even the best call waiting service would really suffice for your average home telephone. While computers and webservers can handle hundreds and at times even thousands of calls at the same time, they eventually reach a point were they are unable to respond adequately and give a busy signal. This busy signal prevents people from accessing content on your site, system, or online service.  

This "busy signal" represents  disruption, or degredation, of a website or web service. Its extent and severity largely depend on the type and scale of DDoS attack conducted. If you become the target of a DDoS attack, it can be downright overwhelming and result in a removal of your site from hosting companies. This, of course, has huge implications for organizations working in closing or closed environments, where DDoS attacks make independent content unavailable at times when it is needed most. Whether you are in Hong Kong, Belarus, or anywhere else in the world, DDoS attacks are a real problem.

What can I do about it?

The first thing you need to know is that you cannot in actuality prevent DDoS attacks unless you block all IP addresses globally or fully separate yourself from the Internet. Any public facing device is subject to a DDoS attack. That is both good and bad news. First, it means there are millions of other targets, second it means that if you and your organization have a high enough profile you are susceptible.

There are several ways to mitigate in advance the effects of a DDoS attack or to deal with them as they arise:

• First, make sure your server, website, and equipment are up to date with the latest software patches properly installed. It is not unheard of for misconfigured servers to DDoS themselves. Proper security maintenance of servers also minimizes success of attacks specifically designed to damage hardware.
• Second, if you think you are susceptible to DDoS attacks look at how you construct your website. Are you using a website with serverside calls such as php? if you are then you might consider going back to a basic HTML site. If you need a more robust presences of a content management system (CMS) consider using a large service to host your site such as Blogger, Tumblr, Wordpress or another service. By building your site in one of these environments you broaden your attack surface and are placing your site into a massive ecosystem designed to be resiliant.
• Third, if using one of the platforms is unavailable you can go wide by working with a content distribution network (CDN) such as one of the ones listed here. CDNs also broaded your attack surface and make it more difficult for a DDoS attack to take down your site. See CDN Image to the right. Notice that although two of the webservers are being attacked by a DDoS attack the CDN is still able to deilver content to endusers through the distrubuted network. 
• Fourth, You don't have the funds for a CDN and you want to host a site on its own server or a shared server, ensure that you have flexible bandwidth allocation, your server has sufficient disk space, and that you have sufficient processing speed to operate if you are subject to a DDoS attack. It is also important to have software modules installed such as ModSecurity and Mod_Evasive as a software layer of protection against DDoS attacks. Because your resource consumption can change quickly it can get very expensive before you know it so pay attention to how your resources are allocated.
• Fifth, and lastly, you can attempt to fight it out by blocking IP addresses. Often DDoS attacks will come from a specific set of IP Addresses. By blocking those addresses you are denying their connections. This process can be time consuming and ineffective if you are facing a determined adversary.

There are other options available. In writing this post our goal is to provide some simple to think about and easy to accomplish ways of mitigating DDoS attacks of all types. Even with all of these safeguards in place, no site is fully safe from the implications of a powerful DDoS attack.