How to protect against a DDoS attack?

I have a question about defending against  DDoS attacks.  My ISP charges a large penny for service to protect me from DDoS attacks, it's basically the same amount for my internet, and it's not cheap.  Besides buying hardware, does anyone recommend any online companies that can provide the same kind of service as my ISP, but at a descent cost?

What other options do I have, or does anyone recommend a good solution?
DanNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

atlas_shudderedSr. Network EngineerCommented:
You can check into Radware.  Solid product with several options if you are looking for an all in one service.  Akamai and Cloudflare have offerings as well.

If you are looking at deploying from a defense in depth perspective, you can check with your hardware vendors to determine if they have either recommended configurations or deployable options.

It's kind of a broad question and difficult to answer without really understanding what your goals and acceptable models would be.
DanNetwork EngineerAuthor Commented:
I was going to look into cloudfare and akamai, I'll contact Radware.  Basically, I just want to know if I have any wholes I need to close, just in general, to make my network less hackable, or more secure.
atlas_shudderedSr. Network EngineerCommented:
DDOS is a brute force attack meant to overwhelm buffer and other memory allocations with embryonic connections.  There are plenty of things you can do on the local devices to extend survivability during an attack but the best method is to blackhole aggressive traffic before it has the chance to reach the equipment.  Some of the things you can do on your equipment is to set up blackhole routing from known or suspected IP's, shunting any returns to a Nul interface, standing up access lists against known attackers, etc.  The problem you will face though is that addressing DDOS defense only, you won't be defending against more sophisticated threat vectors (code work, exploit attempts, etc.)  To do that you need something that is going to inspect traffic inbound (firewalls, IPS/IDS and other inband mitigation).  I've worked with Radware and like their offerings.  They support the ability to house local equipment and hybridizing up to a fully cloud based model.  If you are interested in talking with them, let me know and I can send you the contact info for the engineer and rep that I usually work with.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DanNetwork EngineerAuthor Commented:
I called them before your post, and I have a call scheduled for tomorrow.  Sure, if you want to send me the info you have, that would be great.
DanNetwork EngineerAuthor Commented:
Thanks for the info, I'm checking out a few different places you mentioned, and a few others.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cyber Security

From novice to tech pro — start learning today.