What is DDoS Attack?
In cyber world, denial of service attack is an attempt to make a computer or network resource unavailable to its intended users. A distributed denial of service (DDoS) attack is a variant of such attack that employs two or more attacking computers from different sources to overwhelm the target with bogus traffic. The common motivations behind a DDoS attack are extortion, disruption of competitor’s reputation, hacktivism, etc. Basically, DDoS attack attempts to consume both network bandwidth and server resources of the targeted organisation. Large scale DDoS attack is often performed by botnets which can co-opt numerous infected computers, which usually spreading across different points around the world, to unwittingly participate in the attack.
How to Detect DDoS Attack?
- Monitor internal network traffic and usage of server resources, such as Domain Name Server (DNS) and web server, to detect early traffic spikes and abnormal utilisation of system resources.
- Work with Internet Service Providers (ISPs) or security service providers to monitor your Internet traffic at their operation centre.
- Log security events and review alerts generated by security system, such as Intrusion Detection System (IDS) or Intrusion Prevention System (IPS), anti-malware solution, Internet gateway and firewall, to detect suspicious activities.
What Can I Do to Mitigate Risks of DDoS Attack?
- Consider segregating your network so that critical and normal services can utilise different network connections.
- Increase your network’s resilience against DDoS activity by implementing at least two links to the Internet via different ISPs.
- Consider adopting third-party security service for DDoS protection via content delivery network and distributed DNS service.
- Work with your ISP or security service providers to analyse and block the DDoS traffic at their operation centres, where larger Internet traffic can be handled.
- Develop business contingency plan and conduct drill regularly on what actions should be carried out in the event of a DDoS attack.
- Report the case and seek advice from relevant organisations, such as Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) and Hong Kong Police's Cyber Security and Technology Crime Bureau about the suspicious attack.
Best Practices to Protect Against Cyber Attack
- Apply latest security updates and patches to your computer and network device to fix known security vulnerabilities timely.
- Adopt security solutions such as IDS/IPS, anti-malware solution, firewall, etc. for your computer and your network at the border.
- Set up a demilitarised zone (DMZ) network for Internet facing servers and locate internal computing facilities behind firewalls.
- Configure your network devices properly to drop unnecessary network traffic. For example, blocking unnecessary ping traffic and request from unauthorised network port.
- Perform security risk assessments and audits regularly to ensure adequate security measures have been adopted.