DDoS protection for the network layer: bandwidth and filtering systems
Defending against volumetric denial of service attacks occurring at the network layer requires two components: a resilient network architecture that can absorb large blasts of traffic and a system to detect and filter network traffic so that only legitimate traffic is permitted onto the network.
The following are DDoS protection best practices for the network layer.
1. One of the ways traffic is filtered for DDoS protection is called positive protection, where traffic is dropped from ports other than 80 and 443 (HTTPS) to eliminate excessive TCP SYN packets, floods of ICMP packets and UDP packets without application payloads.
2. Not all DDoS attacks target web applications or web services, however. Some DDoS attacks will attempt to sneak in through FTP or non-web ports and may attempt to bring down network access to a call center, for example. Some organizations will need DDoS protection for network infrastructure.
3. DDoS protection security controls only serve your web site or application when they are on. IDG Research found that on average, a DDoS attack isn’t detected until 4.5 hours after its commencement, and an additional 4.9 hours passes before mitigation commences. Always-on DDoS protection provides the fastest DDoS defense. A service level agreement can help to ensure promised DDoS protection levels.
4. While an organization may not be able to purchase enough excess capacity on its own, a DDoS protection provider may have access to the bandwidth needed. Ask the provider what peak flows they can accommodate.
5. Even if your cloud service provider is capable of protecting your site, you may not be able to afford the cost of all the extra traffic generated by a DDoS attacker. Look for a service provider that caps service fees.
6. Cloud solutions are designed to stop an attack before it ever reaches your data center, so you need not be concerned about DDoS attacks impacting that resource. On premise devices, however, require the attack traffic first invades your data center.
7. Determine your site performance requirements and look for a solution that’s architected for both performance and security.
8. When determining total cost of ownership (TCO), consider device costs, redundant system costs, management costs, the costs of failure, and system effectiveness against innovative and zero-day DDoS attacks.