It is important to protect your company from the impact of Distributed Denial of Service (DDoS) attacks, as well as other cyber attacks. Maintaining customer confidence in your service by preserving the availability and responsiveness of your website and any applications is a priority. You must also avoid unnecessary direct costs when your infrastructure must scale in response to an attack.
Mitigation techniques:
Avoid becoming a bot. It is important to prevent your corporate devices from becoming 'zombies' used to attack your own or other networks. To do this, you should apply a series of actions aimed at improving your computing posture: remember to always use complex passwords, set up a firewall. never open random attachments and remember to carry out a daily anti-virus scan. But what happens if one or more devices have become a bot? The machine must be isolated, disconnected from the network and cleaned before being reconnected.
Reduce the attack surface. Separate and distribute network resources so that it is more difficult to be targeted. For example, you can have the web servers in the public network, but the underlying database servers should be in a private subnet. Also, you can restrict access to database servers from your web servers and not from other hosts. For sites accessible via the Internet, you can reduce the attack surface by limiting traffic to the countries where your users are located.
Use a Content Delivery Network (CDN). A CDN distributes your content and improves performance by minimising the distance between your resources and end users. By caching your content in multiple locations a CDN helps mitigate DDoS attacks by avoiding leaving a single access point exposed.
Rate limiting Limits the number of requests the server accepts in a given time interval from an IP.
Use a WAF A Web Application Firewall (WAF) is a tool that can help mitigate DDoS attacks on websites. A WAF can be placed between the Internet and the originating server so that the WAF acts as a proxy protecting the server. Using WAFs, you can rapidly implement customised rules in response to an attack and, in turn, mitigate them so that traffic is interrupted before it even reaches your server.