A distributed denial-of-service (DDoS) attack is a method of compromising a machine over the Internet by attacking vulnerabilities in the software or applications it is running. The result of such an attack is that the computer being targeted will crash under a flood of data. As DDoS attacks become more commonplace, knowing how to prevent a DDoS is key to keeping your servers online.
Select a firewall that is capable of gateway filtering both ingress and egress packets, such as the Advanced Policy Firewall (APF) program (see Resources). Install the firewall and configure it to suit your own servers and the tasks they will perform. This prevents holes in the firewall caused by being set up too generically from being exploited.
Install an intrusion detection system such as AIDE, or Advanced Intrusion Detection Environment, and configure it to your particular system (see Resources). An IDS will detect attempts to probe your servers, which is an early warning for many attacks and hacking attempts, including DDoS. Set up rules in your IDS to detect changes in file access permissions as these may be altered to make it easier for hackers to gain control of your computer.
Reconfigure your sysctl installation. Sysctl allows the kernel (the core of your operating system) to be reconfigured while the computer is running, and thus it needs to be protected from unauthorised access. Access the sysctrl.conf file and add lines to turn on protection against IP spoofing and TCP SYN cookies. Restart the network after saving the configuration file so the new parameters are implemented.
Determine whether Apache is installed and running on your system. If it is, install a copy of mod_dosevasive. This software attempts to protect your system from DDoS attacks by evading many of the common security exploits used in DDoS attacks. Once again, configure it to the precise requirements of your system. Restart your Apache installation once the software is configured.
Install the mod_security application into your Apache installation, if one is present. Mod_security is a set of security filtering controls that check each request sent to the server and filters out dangerous packets. This is especially useful for an anti-DDoS setup because many such attacks are initiated via standard HTTP requests.
If you are running a medium- to large-scale organisation, it is an advantage to create a dedicated network security team. This team can maintain your servers, installing the latest patches and keeping the network's security configurations up to date, as well as auditing the network regularly to find new holes in your security, which can then be plugged.
No security setup remains totally secure forever. Technology and techniques advance with time on both the security and hacker sides, so you need to be conscious of these changes if your servers are to remain protected from DDoS and other attacks. Install the latest security patches and keep aware of the latest server security news in order to maintain a secure computer system.