14) Does your organisation have any controls implemented to protect it against Denial of Service (and Distributed Denial of Service) attacks?
Answer yes if your organisation has implemented controls to protect its services against DOS (Denial of Service) and DDOS (Distributed Denial of Service) attacks. Please describe the nature of these controls in the notes section.
What is the control?
Network Denial of Service Attacks are attacks aimed at denying a service by consuming all of its resources. This can be computing resource, system memory, or network bandwidth.
Such attacks tend to be distributed. Distributed in the sense that attackers will use a large number of compromised systems to send requests to tie up resources from numerous sources. This both amplifies the attack and makes it harder to filter.
To mitigate such attacks, services are available that can help absorb the bulk of DDoS attacks. These services tend to have significant network infrastructure with tremendous bandwidth able to effectively sponge up the malicious requests by sitting between your network and the wider internet. In fact, because of the breadth of some of their infrastructure, some are able to filter this malicious traffic far upstream close to the source(s).
Why should I have it?
A sustained DDoS attack can take down any internet-facing system whether it’s an ecommerce website or a payment gateway.
While a Denial of Service attack does not compromise data per se, it can stop your business operations. This can mean stopping your sales or processing activities, including any that your clients may be dependent on to operate their business. This can be not only damaging and costly in terms of lost revenue, but open up your organisation to contractual breaches due to missed SLAs.
How to implement the control
By configuring your site’s DNS servers to point to a DDoS protection provider’s network rather than your own directly, the provider can act as a buffer between you and DDoS attacks. They can mitigate malicious traffic and pass legitimate traffic on to your site.
When evaluating a DDoS Protection provider, consider not just their total capacity (in terms of absorbing traffic) but where their points of presence are based. It is usually favourable to choose the provider that has more capacity either spread out evenly across the internet, or closest to where you perceive your DDoS attacks are likely to originate from as this means the provider will be able to stop the attack as closer to the source. This reduces the impact to the network capacity and any legitimate traffic.
There are numerous consultancies or individual consultants that will be able to assist in crafting the correct security architecture in a way that meets your business and technical requirements. Please message us if you would like a recommendation.
If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.
