The holiday season is full of traditions and unfortunately one of them is a higher number of cyberattacks. For some it is still a popular pastime to launch a DDOS attack, like the one late last November on the network of Dutch public broadcaster NPO. But with fewer staff at the office this time of year, what can you do if your network is being attacked?
There are three things you need to check today in order to enjoy a quiet Christmas and make sure your network is ready to fend off an attack. First: check your detection software. You can do this by attacking your own network in a controlled way for a short period of time, for instance using a tool such as iperf, to see if your detection software picks up the attack. That way you are sure you will be warned in time if an attack is happening and you can take the necessary measures.
Second: test your blackholing setup! Your IP transit provider(s) will listen to your IP black hole-announcements and will throw away traffic to the announced IP address, freeing up your network links for the rest of the traffic. The blackholed IP address will be down, but at least the rest of your network will remain available. Configure an unused IP address on a server and start the black hole announcement – then double-check that the IP address will become unreachable from the Internet. That way you will be sure you can blackhole an attack effectively.
And finally, in case blackholing is not a solution and you need your upstream ISP(s) to help filter the attack, make sure you have the correct contact details available. Call your upstream ISP’s Network Operations Center (NOC) today to double-check that the phone number you have is correct. Tell them your customer number or circuit ID and verify that they can find your details. Ask the NOC what else they would need from you in case there would be a DDOS-attack.
Take the time now to check these three simple things and you will be able to enjoy the holiday season and don’t need to worry about your network!