How to Prevent DoS Attacks
Last month I read through Verizon’s 2023 Data Breach Investigations Report and noted a few key vulnerabilities companies are facing in large numbers. One thing that stood out to me, in particular, was that many of the companies who responded to the survey reported experiencing Denial of Service (DoS) attacks. Seeing this as a trend, I set out to write this article on some ways for those companies to mitigate the risk of falling victim to a successful DoS attack.
In the Verizon report’s own words, DoS attacks “are intended to compromise the availability of networks and systems” and can be targeted at both the network and application layers of an organization’s tech stack. The report found 6,248 DoS incidents across multiple industries over the course of one year.
If a company falls prey to a successful Denial of Service or Distributed Denial of Service (DDoS) attack, it likely has not built up enough network resiliency to handle a large influx of traffic. This could be due to a lack of capacity for any of the systems involved, or it could also be because the corporation has not implemented backups for critical systems or the appropriate DoS prevention methods.
To prevent your corporation from becoming a victim of a DoS attack, you should ensure you have the proper tools in place, such as a Web Application Firewall to block suspicious attempts to access their applications and load balancers to help distribute the processing demands across multiple devices. Additionally, you should ensure that all of the company’s critical infrastructure, including all of its network devices and servers, are redundant and are sending logs to a centralized Security Incident and Event Management system (SIEM). Redundancy will ensure that the failure of one device will not cause a denial of service, because there will be a duplicate device ready to take its place. Sending logs to the SIEM will allow cybersecurity operations center analysts to inspect any suspicious logs that may indicate a DoS attack is taking place, and take the appropriate action to remedy the issue.
A DoS attack can be successful if just one link in your critical infrastructure is vulnerable. For that reason, a corporation should ensure its systems have adequate capacity to handle its expected traffic, plus that of an ongoing DoS attack. The cybersecurity team should also implement the controls previously outlined to help prevent DoS attacks from being sustained for extended periods of time. While this is, by no means, an exhaustive list, here are the actions your cybersecurity team should take to prevent DoS attacks:
1. Perform capacity planning for your applications and infrastructure
2. Implement load balancers to distribute traffic evenly across devices
3. Prepare backup devices for any critical infrastructure
4. Block malicious requests through Web Application Firewalls (WAFs)
5. Send logs to a centralized SIEM to detect any issues as the arise.