There are seven varieties of DoS (Denial of Service) attacks. To prevent or block them, you must first identify the type of attack. Below are several general ways you can protect yourself from DoS attacks:
- Define a comprehensive security policy for your network and take all necessary measures to implement that policy.
- Work with your Internet service provider to filter out bad content and requests before they reach your servers. Use clean pipe techniques, which allow only the valid packets to reach the servers. Companies such as VeriSign offer these services.
- Protect your network with a firewall that has the capability to ingress and egress filtering at the gateway level. Firewalls are an effective solution because they have the ability to allow or deny protocols, IP addresses, and ports.
- By using router filters your can limit DoS attacks. Most modern routers are equipped with ACL and allow you to limit the rate of inbound and outbound requests, TCP splicing, and deep packet inspection.
- The best defense against DoS attacks is an intrusion detection and prevention system. Intrusion prevention systems have the ability to detect and block both anonymous and signature-based intrusions. These systems have extreme processing capabilities that prevent attacks with legitimate content, but bad intent.
- Gain maximum protection by using proactive protection methods. Use simulated DoS attack techniques to verify the authenticity of your security policy and defensive mechanisms.
- Use blackholing and sink holing techniques at the ISP level. Blackholing redirects all the traffic and requests intended for the victimized machine to a non-existing server or a null interface. Sink holing works in a similar way, but it redirects these packets to a valid server that analyzes and rejects only the bad packets.