DoS / DDoS protection

There are some unconventional ways to protect from a Denial of Service attack. In 2015 when this book is being published these are the most effective attacks in terms of return on investment – the price to shut down your public service / website is so low that without spending a considerable amount of money on ‘protection services’ (reminding you of any other business models?), it is very difficult to stay assured of your survivability.

The famous players on the field of DDoS protection charge ungodly amounts of money on a monthly basis for something which might never happen – hoping that your fear will keep driving money to their bank accounts. I agree, they are effective, but they are not the only solution.

Some of the measures suggested below are only applicable to small to medium organizations – of course, if your size justifies serious (TB/s) attacks, you will need to go with the big vendors.

Luckily there are less common and very effective ways to counter DDoS attack effectiveness.

Use 3rd party services to serve your customers on a constant basis

One very important thing is to learn and start using social media as a communication channel – and why not the main communication channel? It’s easy to flood your website with traffic – and extremely difficult to do the same to your Twitter / Facebook accounts.

Devise a plan to still being able to sell your services even if your website is completely down. Establish presence on online marketplaces, utilize Skype other similar VOIP services for communication in case your phone networks are down. You get the idea – decentralize. Do not depend on a single point of failure.

You can, even now, setup some of your web presence on services such as Google Sites – I would love to see an attacker take that down. In the event of an attack you just redirect your visitors there, while your team is working on mitigating the attack.

Use CloudFlare

I am not a part of their sales team, but considering their prices and effectiveness small organizations would benefit tremendously from the resulting protection. Besides the DDoS protection they have a pretty good Web Application Firewall and website optimization as part of their package.

All you need to do in order to place a website behind CloudFlare’s protection is change your DNS server settings in the domain control panel, as well as make sure all DNS records are properly replicated during the initial setup (mail, etc.) – that’s it. Usually takes less than an hour, I’ve managed to get it working in 20 minutes in some cases.

You should specifically look at the security features they’re offering – even in their free plans – here: https://www.cloudflare.com/features-security – besides everything else provided for free. In my opinion it is well worth to pay the $20/month for this service, especially remembering that other vendors charge more than $1000/month for much less.