End-User Education
Most attacks on the system occur as a result of activity by the users. While the network can be well protected from external attacks, through firewalls, this protection will be inadequate if the users are not aware of fundamental good practices. Users should be made aware of essential protection protocols and their rights in the system should be limited to what is necessary. Penalties, such as denying access to the system, should be imposed on users who abuse the system.
Constant evaluation of System to ensure protection
Network infrastructure is constantly under threat and it is the role of the network administrator to ensure that the system is protected from threats and vulnerabilities. Even with firewalls and anti-virus software installed, the system may not be entirely safe. The administrator should carry out research to understand where possible risks could be. With this knowledge, the administrator can come up with measures to protect the system.
Carry out Intrusion Prevention and Detection
Using Intrusion Detection, Prevention (IDP) systems, the network administrator is in a position to secure the network from sophisticated attacks that would otherwise occur without their knowledge. Intrusion Detection Systems notify the system administrator of suspect activities that may be occurring within the network. Once this detection has been identified, action should be taken to ensure that the threat is removed and future intrusion is prevented. Intrusion prevention is deemed as the first line of defense against DDoS Attacks
Run Maintenance, patching and updates on the system
Avoid the temptation to leave the security of the network entrusted to firewalls and the installed anti-virus software that come preloaded in the computer systems. Instead, periodically run updates and maintenance of the system. Keeping the security profile current will minimize DDoS exposure to the network. Securing the local operating system is the most practical way to ensure security against DDoS. The operating systems of the various host machines in the network should be configured such that they ignore directed broadcasts and incorporate SYN flood resilience (Russell, 2009).
Keep your security measures up to date
Network attacks exploit the vulnerabilities of a specific system. Even so, securing a network is at the best a very challenging task due to the fact that new software and hardware keep being developed and hence the security implementations of the previous year might prove to be grossly inadequate this year. Even as technology to fight against DDoS advances, DDoS attack tools also mature (Cisco Systems, 2004). Attacks continue to change and their levels of sophistication are constantly evolving. Vigilance is of great importance since the risks in a network scenario are constantly evolving.
Maintain security Software assurance
Support by the providers of security software should be maintained through assurance contracts. Software vendors often notify their clients of threats and vulnerabilities that they discover in their products. It is also important to opt for centrally managed versions of the software for the organization. This will enable the updating and verification of signatures to be done efficiently and in a uniform manner.
Maintain Diversity in DDoS Mitigation Tools
There are several tools and techniques that are at the disposal of the network security personnel to assist in mitigating DDoS attacks. Mitigation products from various vendors have varying vulnerabilities. In order to protect the system from the vulnerabilities that a single vendor possesses, the system should be made up of hardware and software components from various vendors. The system is therefore protected from the vulnerabilities in any of the single vendors to the DDoS mitigation tools.
Run Forensics
In case of attacks, the response procedure should always incorporate information gathering. Computer forensics which has a close relationship to cybercrime assists in the investigation as well as detection and response. Forensics deals with “the collection and analysis of data from computer systems, networks, communication streams and storage media in a manner admissible in a court of law” (Kessler, 2007). The information gathered from an attack can result in the adoption of more aggressive filters in the future as well as highlight key vulnerabilities in the system. The IT department can use forensic information to build a more secure system. Knowledge of tools and techniques for network forensics gives the network security personnel the means to deal with intruders and identify risks.
Make plans to recover from attacks
Once an attack has been perpetrated against the system, it is of great importance to get the system back online in the shortest time possible. Having security staff in IT who are knowledgeable about DDoS detection and response will enable an organization to cut the response time. It is therefore in the best interest of the organization to invest in experienced security personnel.
Adhering to these best security practices will lead to the internal network being better safeguarded against DDoS attacks. The entire organization will therefore thrive from the numerous benefits that computer network presents while avoiding the losses that result from DDoS attacks.
References
Cisco Systems (2004). Distributed Denial of Service Threats: Risks, Mitigation, And Best Practices. Cisco Systems, Inc.
Kessler, G. (2007). Online Education in Computer and Digital Forensics. Proceedings of the 40th Hawaii International Conference on System Sciences.
Russell, R. (2009). Hack Proofing Your E-Commerce Site: The Only Way To Stop A Hacker Is To Think Like One. Elsevier.