However, before going through choosing a weapon and firing, the smartest attackers do their homework first. After all, there's a ton of public information available about any business, including yours. For instance, a simple DNS look-up can reveal a lot of information about your public-facing assets. Attackers will also check your infrastructure for open ports, protocols, applications and firewalls. By doing recon on your infrastructure and understanding what it's built to support ecommerce, customer service or public information, let's say the bad guys will assess what's at risk and will look for the best ways to exploit these weak spots in your infrastructure.
In the ramp-up to an attack, you might notice bursts of heavier traffic in key areas of your network. The attacker is probing, trying to find a way in. While some will simply try to flood you, others will try to find a little crack in your network defenses, some piece of infrastructure too tempting to ignore. If you're a retailer, for example, and someone succeeds in bringing down your point-of-sale applications, the pain could be acute. For the attacker, it's well worth the time investment and ensures that your entire organization will take notice of the attack.
Everything's not all doom and gloom though. While criminals have many tools at their disposal, understanding what's at risk, and how it will be attacked, allows you to understand how to take the first steps in order to protect it. For starters, make sure your team knows not only your network inside-out but also your security set-up. Conduct a security assessment, either in-house or with third-party experts who can give independent validation. Use these findings to help optimize your systems. It's also critical to monitor traffic, so you know what's normal and what's not. With a clear baseline, you'll be able to spot and mitigate DDoS attacks faster.
Maybe most important of all, devise a DDoS response plan to counteract some of the tactics described here, listing procedures to follow and which team members are responsible for what. And practice executing this plan regularly. If you have to dust it off in the midst of an attack, you're inviting chaos. Run regular drills including simulated communications with customers, so you can become adept at managing their expectations.
At the end of the day, it's not only attackers whose thinking makes a difference. Companies that invest more brainpower in understanding how DDoS attacks work, to better protect themselves are also more skilled in deploying the technologies designed to keep their online presences safe.
Ted Swearingen is Neustar's director of information security operations and currently manages the company's Security Operations Center (SOC). He is also responsible for project consolidation between the network and security teams, along with oversight of security responsibilities for both.
Sign up for CIO Asia eNewsletters.