In part 2 of our DDoS series, we shared some ways to go about protecting yourself against a potential attack. So what should you do in the meantime? Prepare of course!!
Here’s a List of DDoS Preparations You SHOULD Consider:
- If you went through the time and money to protect your network from a DDoS attack you better be setting up process and procedure on how to act once it happens. If you’re lucky you’ll never need to put these into action, but if you’re not (and you should assume that you will get hit at some point) you’ll be happy they are in place.
- Each department should know exactly what they’re doing if a DDoS attack happens and how to respond to an attack once one occurs. There should be written instructions per team that’s involved on what to do during an attack (this isn’t cookie cutter and will change) and how they should sound alarm if they see something that smells like DDoS.
- The teams should meet on a scheduled basis to review any incidents, either at the company or in the news, and discuss what they can do in order to make the procedure better.
- There should also be “Red Team” drills that incorporate getting your DDoS incident management team in a room to discuss potential scenarios of attack and how they would react.
The keys here are to be consistent with the meetings and clear with the documentation.
Here are a few things you SHOULDN’T do regarding a DDoS that can make things much worse:
- Don’t take this opportunity to be the first time you speak with law enforcement. Make sure you have a working relationship with local and federal law enforcement before an incident occurs. When the time comes, and hopefully it won’t, you’ll already have the contact and procedure of reporting incidents. Many of these attackers are testing sites and selling the information to the highest bidder. You might not see tangible effects of the alerting them right away, but speaking with law enforcement when appropriate can potentially help them piece together something a lot larger and take down an attacker before they wreak havoc.
- Never, ever trust one solution. If you hear a vendor say they’re the end-all-be-all solution for DDoS attacks walk the other way. You need layers of protection that start at your policy and procedures and move into hardening your environment. Additionally, seek help from the ISPs and potentially a third party mitigation solution. One-stop-shops don’t work for DDoS… just say no!
- Do Not Communicate with the Attacker. If the attacker tries to contact you don’t communicate with them if possible. Anything written should be sent to your law enforcement contacts, and anything verbal, if called, should let them know that anything you say will be recorded and that law enforcement is involved. That’s all – keep it cool.
- Don’t Talk to the Press. What’s the first rule of Fight Club? The theory stays the same. Don’t speak to anyone about it that’s not “in the know”. Keep it off social media and don’t speak to the press about it in anyway. The appropriate people will speak to those that need to know and alert the media if and when needed. The word is mum, otherwise.
- Don’t assume that attackers are just DDoS’ing you. Many times attackers will DDoS a company and use this as a smoke screen. While you’re there fighting the crippling DDoS on a particular site, they could also be taking advantage of a flaw on your network that allows them to gain access or steal data. Many attackers are using DDoS as an electronic flash grenade to distract and disorient defenders away from what they’re about to do. Verify that your normal security monitoring is still taking place during a DDoS.
So with this in mind DDoS is here to stay and we should keep these attacks as something extremely serious. There are many motives behind DDoS attacks, from financial to political, but the end still stays the same… and you need to be ready. Knowing your environment and getting the proper pieces in place to protect you from the inevitable DDoS attack now, will pay back in spades when the attack is underway. You may as well prepare yourself now.
Subscribe to Blog
Receive notifications of new posts by email.