Mitigation of risk of DDoS attacks on your firms website and email
If your firm's website is one of the 3.5million that have been set up through the ISP (Internet Service Provider) 123-reg, you may have noticed that your website and/or email stopped working between about 11am-1pm today.
123-reg suffered a Distributed Denial of Service (DDoS) attack. With gloomy predictions that the frequency, size and impact of these attacks is going to be greater than ever in 2017, we look at what your firm can do the mitigate the risk for your business.
What is a DDos Attack?
Distributed Denial of Service (DDoS) attacks are a malicious attempt by a third party to knock your website and/or email infrastructure offline. The attack can be targeted at the web services of a particular company (such as the attack on William Hill bookmakers last November) or at an Internet Service Provider (ISP) such as the attack on Dyn in October 2016 which knocked services such as Twitter and Spotify offline.
In the case of the attack this morning (and a similar one back in December 2016), the ISP 123-reg was targeted. 123-reg’s core service is providing the registration of domain names (e.g. www.awesomesolicitors.co.uk), and as part of their registration service they also by default take on the responsibility of managing the DNS (Domain Name System) records for that domain name.
Why does DNS matter?
The internet operates at the basic level on a set of numbers that make an address, so that your computer or smartphone knows where to find a given website. Where the DNS system comes in is that it allows you to give your company website a friendly memorable name such as www.awesomesolicitors.co.uk rather than a string of numbers such as 126.96.36.1994.
The responsibility for translating names into numbers lies with nameservers. By preventing access to a company's nameservers, you prevent a smartphone or computer from being able to find out the real address for a website1.
This is the essence of a DDoS attack, and the result of this morning’s attack will have been that users trying to access the website of or send email to a law firm reliant on 123-reg’s nameservers may have been unable to do so.
How can I mitigate the risk of DDoS attacks against my firm?
Unless your firm does something that really upsets someone2 or you are targeted directly for another reason, you are more likely to be impacted by a DDoS attack on your ISP, rather than against your firm directly.
Mitigating the risk of a direct attack on your firm goes beyond the scope of this article. To find out whether you need to mitigate the risk of a DDoS attack against your ISP, you can perform a very simple check.
1. Go to http://dnscheck.pingdom.com/
Enter your firm's domain name and hit ‘Test Now’
2. Under the Nameserver section, look at the list of nameservers
If they all have very similar names then you may have a single point of failure and as such be vulnerable to a DDoS attack.
Examples from common ISP’s
3. Mitigate the risk
If it looks like you may have a single point of failure ask your IT team to investigate further, they will be able to check whether your ISP has a strategy in place already to reduce the likelihood of suffering from a DDoS attack, or whether they have a history of having been affected by DDoS attacks.
The risk can be mitigated by adding a secondary DNS server3that is operated by an entirely different ISP to your first DNS server. Some ISP’s such as 1&1 make it easy for you to add a secondary DNS server whilst other such as 123-reg don’t currently support this. Consider switching ISP’s if you cannot get the support you need.
1. Because of the way DNS works, it is possible that if you already know the real address of a website before the attack, you could still be able to get to the site. This is down to the TTL value for your DNS records.
2. The DDos attack that took place against ACS law in 2010 was believed to be over its actions against people allegedly infringing copyright through peer-to-peer file sharing.
3. How to set up primary and secondary namservers