Power house companies including Amazon, Visa, MasterCard, as well as federal government websites haven’t been immune from DDoS attacks.  The disastrous event causes numerous headaches for business owners with online ventures as they have little control over the attacks, however, planning and preparation for a DDoS attack helps to alleviate the detrimental consequences.

Taking the First Step

The first step in combating a DDoS attack is taking an initial assessment of the company’s risk.  For businesses that tend to do the majority of their transactions online or utilize Web-dependent services, the chances increase for being a target of a DDoS attack; therefore it’s important to develop a contingency plan.

Consulting with an IT team, along with the network administrator, is the best line of defense when devising a game plan.  It’s important to secure the company’s risk of exposure.  When analyzing potential security breaches, it’s vital to implement caching, static home pages, CDNs, standby servers, scaling/burstable network connections, and adequate infrastructure to handle heavy traffic flow.  Additionally, proper configuration and altered performance monitoring can assist in detecting when a site is actually under attack.

Responding to DDoS Attacks

Responding efficiently to a DDoS attack is equally as important as preparation.  It’s imperative to have a comprehensible hierarchy of support staff and providers in place to contact immediately upon being attacked.  Often such individuals include in-house IT staff or hosting providers, ISP, and vendors to quickly coordinate an effective response to the event.   The quicker a response is launched, the faster the issue is resolved.

Opting for Anti-DDoS Solutions

In addition to having contingency plans in place, anti-DDoS solutions also serve a beneficial purpose in combating the attacks.  Cisco is one example that utilizes such a line of defense.  Specific solutions include Cisco/Arbor Clean Pipes 2.0 and Arbor PeakFlow.  Also, having a massive amount of bandwidth has the potential to thwart a DDoS attack.   This is best achieved by outsourcing to a large hosting provider that can provide adequate bandwidth to support heavy traffic peaks.  Furthermore, outsourcing to a third party provider is that it reduces the chance of DDoS attacks as well as having in-house DDoS mitigation procedures already in place.

Insuring Websites from DDoS

It can’t be stressed enough as to the importance of backing up websites and important data.  It’s advised website owners should always use a backup mirror website that can be a viable option if the original site goes down under attack.  It’s also recommended the backup site be supported at a different location, hosted b y a different provider.  Optimal strategies for successful backup include server farms, load balancing, and global server load balancing spread across various data centers and physical/geographical locations.

In addition to insuring your website by backing up websites, many business ownwers with online ventures are opting for cyber insurance.  When it comes to companies protecting their websites from DDoS attacks, the best insurance is a policy that covers crisis management.  The policy is intended to help recover the costs of restoring the network and retrieving lost data.  The leading providers of cyber insurance include CyberSecurity, Chubb’s Safety Net and AIG’ s netAdvantage.

Due to the fact that DDoS attacks are becoming increasingly easier to carry out, website owners must remain vigilant to protect online business ventures as well as important data in the event of an unpredictable attack.

Related posts:

• September 13, 2011 – How to Keep Your Server Safe From Common Security Problems
• July 22, 2011 – LulzSec’s Hacking Career Slated to End
• January 13, 2009 – How to Find Secure Shared Hosting
• January 20, 2012 – Data Backup and Recovery Solutions
• January 3, 2012 – Battle of the Giants: Linux and Windows Compared
• December 14, 2011 – Avira Antivirus Features
• November 28, 2011 – Bit-Defender Internet Security Review
• November 19, 2011 – A Dark Cloud: Anonymity and Privacy Fall Further Before a Cloud Computing Experiment
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• November 11, 2011 – DARPA: The Internet’s Midwife

Finding the Right Web Hosting Company

There are literally hundreds of web hosting companies in the internet industry, with even thousands more being subsidiaries or resellers of these companies. Finding the right one can be compared to finding a needle in a haystack, as the meticulous process of elimination that occurs in the pursuit of  an optimal web hosting account can seem endless. There are review sites everywhere, and it seems as if everyone promises the same level of service and features – unlimited. While there are very few opinions online that can be trusted, there are forums in which you can find reliable information about the security practices of web hosting company.

Testing Web Hosting Services

Although it is somewhat easy to find a reputable web hosting company, some companies rely upon the popularity of their brand to bring repeat business, instead of providing quality services. Thus it is imperative to test the security measures tat are used by your web hosting company. Obviously doing this without any expertise can be difficult if not impossible, so if you want to know if your web hosting company has what it takes to stand up against DDoS attacks then you can contract the help of a professional web security agency. This kind of service is generally recommended for larger corporations or companies.

The Real Test

The ultimate test occurs when you have actually been using the web hosting company for a while and you have not experienced any server down time or lagging pages. This field testing will show whether or not your web hosting company is worth their weight in gold. If you consistently experience slow loading pages, and your site is showing errors when certain pages load, then it may be time to switch to a new hosting company.

Conclusion

Although it can be difficult to find a secure hosting company that lives up to their promises of unlimited functionality, they do exist, and can be found on many of the most popular web hosting forums.

Related posts:

• July 21, 2011 – How to Combat a DDoS Attack
• March 1, 2011 – What to Consider When Selecting a Web Hosting Provider
• October 20, 2010 – Web Hosting Security – Difference Between SSL, TLS and SSH
• June 16, 2010 – Protecting Your Site from DDoS Attacks
• June 11, 2010 – Colocation Hosting – Security over Savings
• March 11, 2010 – Top 3 Important Aspects of Web Hosting Security
• January 13, 2009 – How to Find Secure Shared Hosting
• December 8, 2008 – NTTA To Unveil White Paper on Network Security

The major issue with shared hosting has always been the same – the availability of security and the fact that this platform can only be so secure.  Without adequate protection, the web host’s server is vulnerable to a wide range of threats including DDoS attacks, malware infection and network intrusion.  You could also be exposed to attacks such as SQL injection, cross site scripting and even the malicious actions of your neighbors on the server.  When your hosting environment isn’t properly secured, you stand the risk of losing the most sensitive of information.

Security is definitely an issue in the shared hosting environment, one that could make the low cost an uneven trade.  The good thing is that several web hosting providers are aware of these vulnerabilities and they are taking the necessary approaches to deliver a secure service.  When looking for a company to host your site, we recommend keeping the following security considerations in mind.

Protection from Thy Neighbor

When assessing the security of a particular web host, you must not only analyze the protection offered against outside threats, but security that keeps you protected against other website owners on the server.  You never know who you’re sharing the server with, as they could be into dealing porn, distributing spam or malicious software.  A few of your next door neighbors just might be prolific computer hackers.  To keep yourself protected in this regard, you should make sure the provider doesn’t allow any unsolicited code to be executed or access to your directories.

Clean Code

One of the biggest threats to your website lies in the code used to build your applications.  When they are not properly scripted, intruders can use them as an entrance to your data and reap major havoc.  You can minimize the possibility of common website exploits by ensuring that the web hosting company offers the latest in development tools whether its PHP and MySQL or ASP and MS Access.  Most importantly, it is up to you to make sure you are coding your applications and web pages in a secure manner.

Security Features

There are also a number of features that will give you an idea of how secure a particular web hosting platform is.  This includes protection for the actual server such as software that defends against DDoS attacks and viruses as well firewalls and network intrusion systems to fend off hackers.  If your site is to involve online business transactions, you will also require SSL support to protect your customers’ credit card information.  When making sure all the vital security issues are addressed, you can better your chances of enjoying a smooth run in the shared hosting environment.

Related posts:

• October 16, 2009 – Major Threats to Business Website Security
• May 7, 2009 – Protect Your Site From Maliciously Activities
• December 14, 2011 – Avira Antivirus Features
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• July 29, 2011 – Is SSL Essential for eCommerce Sites?
• July 21, 2011 – How to Combat a DDoS Attack
• April 13, 2011 – Using Captcha Scripts to Prevent Spam
• March 2, 2011 – The Release of the February 2011 Email Security Report
• August 4, 2010 – Top Five Drawbacks to Shared Hosting Services
• December 15, 2009 – The Top 3 Web Hosting Security Issues

NTTA (NTTA America) Inc., wholly owned subsidiary of web hosting and services company NTT Communications, is set to discuss its latest white paper on network security.  The white paper focuses on the increasing number and development of network attacks, the impact of “silent threats” and how both small and large networks can help to mitigate these growing problems.  The paper is set to be presented by Darren Grabowski, manager of NTT American Security and Abuse Team, on December 1 at the IEEE Globecom 2008 conference in New Orleans.  The white paper will be publicly available at NTT America’s website starting on December 3.

Grabowski states that spam, phishing, malicious software and DDoS attacks are all growing problems that just are not going to go away.  He says that small and large networks must work cohesively to deploy monitoring systems and report their findings to mitigate these threats.  Grabowski ended by remarking that most companies already have such tools incorporated into their networks, saying that more of them simply need to invest a small amount of time and effort into using these mechanisms and protecting themselves in a more proactive manner.

The firm is presenting the white paper as a part of a broader initiative spearheaded by NTT’s Dr. Kazuhiko Ohkubo.  Along with other panelists, Ohkubo will be introducing comprehensive approaches in regard to better security in advanced telecommunications networks, basing new service creations on the ring of trust and secure ROI management.

Aptly titled “The Silent Threat”, the white paper touches on how millions of computers connected to the internet are being compromised at an alarming rate.  It also reveals how a single botnet initiation has the ability to enslave thousands of machines, abuse the internet infrastructure and cause financial havoc.  The white paper outlines the measures small and large networks can take to mitigate these common threats simply by utilizing many of the tools they already have in place.  Darren Grabowski believes such measures will prevent attacks while keeping expenses at a minimum.

The NTT America Security and Abuse Team has the task of responding to security and abuse issues such as spam, port scanning, malware, DDoS attacks and across NTT’s entire Global IP Network.  They are also responsible for consistently monitoring the network, utilizing a number of tools such as those that look for trends in bandwidth consumption in comparison to legitimate traffic, as minimal consumption often shows signs of a silent threat.

As a U.S. subsidiary of NTT Communications Corporation, NTT America acts as North America’s gateway to the Asia-Pacific region.  It provides world-class IP networking services, managed network and enterprise hosting solutions to customers and service providers throughout the world.

Related posts:

• January 13, 2009 – How to Find Secure Shared Hosting
• December 14, 2011 – Avira Antivirus Features
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• July 21, 2011 – How to Combat a DDoS Attack
• March 2, 2011 – The Release of the February 2011 Email Security Report
• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• May 18, 2010 – How to Find a Secure Web Hosting Company
• March 11, 2010 – Top 3 Important Aspects of Web Hosting Security
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• August 11, 2009 – Bursting Five Managed Hosting Misconceptions