In Oct of 2016 a large Distributed Denial of Service (DDoS) attack against DYN DNS, brought down networks such as Twitter, Amazon, Paypal, CNN, Reddit and other big names. Dyn, is a company that controls a good chunk of the internet’s domain name system (DNS) infrastructure. This was Dyn's comment...
Starting at approximately 7:00 am ET, Dyn began experiencing a DDoS attack. While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different (more on that later). Approximately two hours later, the NOC team was able to mitigate the attack and restore service to customers. Unfortunately, during that time, internet users directed to Dyn servers on the East Coast of the US were unable to reach some of our customers’ sites, including some of the marquee brands of the internet.
Chief Strategy Officer (DYN DNS)
Dyn disclosed that, according to business risk intelligence firm FlashPoint and Akamai Technologies, the attack was a botnet coordinated through a large number of Internet of Things-enabled (IoT) devices, including cameras, residential gateways, and baby monitors, that had been infected with Mirai malware.
So how exactly do you minimize the chance of hackers taking down your network, and disrupting your business?
There is no real 100% guarantee, but there are some steps you can take to minimize the chance of a DDoS attack. Here they are...
The first thing Hackers look for is the weakest link. If you are hosting your DNS yourself or if it is hosted on two small DNS servers, your DNS can be brought down quite easily. All a hacker has to do is take down those two servers and your website(s), network and email will not work. If you host with top tier DNS providers as the one's mentioned above, they all have big pipes and numerous servers to handle the requests of a large DDOS attack. Some of the smaller DNS providers do not have the robustness of the top three. If you are really paranoid, you could host two DNS servers on each of the top three DNS Providers for your domain.
The guy's over at SolveDNS will show you the rankings of the top DNS providers
Secondly, if you host your email with either Google or Microsoft, any attacks on their networks will have to be handled by them. You can rest assured that Google and or Microsoft want to keep their networks running so they will be on it right away. That is why we at Clustered Networks do not recommend hosting your own email servers or placing them with a small hosting company.
Thirdly, your webservers. By hosting your Website on multiple cloud networks, your site is not in any one place. If there is an attack on your "cloud hosting provider number 1", the DNS service such as DNSMadeEasy failover service can flip your DNS to point your DNS reords to the "cloud hosting provider number 2" network. Hosting your website on two servers is very inexpensive and can be setup with a simple rsync script to mirror the websites daily. Essentially Clustering your Cloud Services to multiple networks rather than just one provider.
Ron has been a network administrator since the 1994 and has worked extensively with Microsoft, LINUX and FreeBSD products. He has also owned and operated a successful ISP business and has consulted to numerous companies offering network security services and management.
Located in Edmonton, AB Canada, Clustered Networks was Incorporated in 2001 and has offered Network / Internet and IT Consulting services for over 15 years. We offer personalized service!