never overwhelmed. Since that’s rather unfeasible, here are a few alternative tactics you might
               use.


               1. Identify and Drop Junk Traffic
               DDoS attacks come in many shapes and sizes, and use many different threat vectors. At their
               core, however, they’re ultimately all the same. They want to flood your server and bring it to its
               knees.


               You need to ensure you’ve measures in place to track down potentially bogus requests,
               including:

                    •  Ensure your routers are configured to drop junk packets. Any packet headed through a
                      port your users never use is almost guaranteed to be part of an attack - blocking that port

                      is a good first step in defending yourself.
                    •  Set up blacklists and whitelists of ‘bad’ and ‘trusted’ devices and IPs.
                    •  Check with your ISP to see if they can implement upstream blackholing, blocking
                      undesired or bogus traffic.

                    •  Setup firewalls with established, well thought-out rules that guard against both malware
                      and malicious traffic.

               2. Set Traffic Thresholds

               Another good preventative measure to take involves traffic thresholds. Keep a close eye on how
               many visitors you receive on average per day, hour, and minute. Whenever you see an unusual
               deviation in that number, alarm bells should be going off in your head. Certainly, there’s a
               chance you’re getting a legitimate influx of traffic (say, for example, if you were featured in a
               major publication.


               But if you’re suddenly going from six hundred unique users per day to sixty thousand, there’s
               probably something extremely shady happening beneath the surface.

               3. Use Multiple DNS Providers

               Given the size of modern botnets, attackers no longer need to target individual businesses.
               Instead, they can simply launch attacks against DNS providers. You could potentially be crippled
               by an attack even if you aren’t that attack’s intended target, as your provider struggles to stay
               afloat and keep its clients online.


               Redundancy is the key word here. Use a tool such as Netflix’s Denominator to mirror your DNS
               records. If one of your providers is taken offline, you can quickly and easily switch to another -
               without interrupting the experience of your end users.


                    97   Cyber Warnings E-Magazine – August 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.