Hackers use a myriad of different tools and techniques. The resources for a hacker are so numerous, that it is entirely possible that no two hackers have the same tools or approaches for how they operate. For this reason, it is virtually impossible to make any system completely impenetrable. Instead, the question asked should be: how do I protect myself better than my competitors?
In the early days of hosting, many companies would brag about 99% uptime. With the growing popularity of uptime monitors, it was discovered that systems go down all the time. With a large enough DDOS attack, it is pretty much impossible to guarantee that your systems can always remain online, no matter how stable they are. Instead, the focus should be on recovery time, the security of the systems when they come back up, and the order in which those systems or services become available. For example, if your website was the target of an attack and you were forced to reboot in the event of a crash (an automated process for many hosts and applications) the operating system may spin up the database services before the web server. This can potentially expose a protocol or service to outside attack if the web server intercepts request or provide sanitization to these services. The same is true for many other layers of protection, such as firewalls. It may be best to load test your application. Plan the order at which services will reboot and audit the services, ports and protocols that are initiated when securing yourself. After that, you should have a plan of defense:
- What uptime or attack monitoring product will you use?
- How will you respond to notifications of downtime?
- Who will handle the response to unusual activity?
Answering these questions will not only give you peace of mind, but you will start the process of becoming both proactive and having faster reaction times. Let’s face it, you cannot prepare for every type of event, but you can recognize and respond to the common symptoms of an attack in a faster and more efficient manner