How to protect against a DDoS attack?

I have a question about defending against  DDoS attacks.  My ISP charges a large penny for service to protect me from DDoS attacks, it's basically the same amount for my internet, and it's not cheap.  Besides buying hardware, does anyone recommend any online companies that can provide the same kind of service as my ISP, but at a descent cost?

What other options do I have, or does anyone recommend a good solution?
DanNetwork EngineerAsked:
Who is Participating?
 
atlas_shudderedSr. Network EngineerCommented:
DDOS is a brute force attack meant to overwhelm buffer and other memory allocations with embryonic connections.  There are plenty of things you can do on the local devices to extend survivability during an attack but the best method is to blackhole aggressive traffic before it has the chance to reach the equipment.  Some of the things you can do on your equipment is to set up blackhole routing from known or suspected IP's, shunting any returns to a Nul interface, standing up access lists against known attackers, etc.  The problem you will face though is that addressing DDOS defense only, you won't be defending against more sophisticated threat vectors (code work, exploit attempts, etc.)  To do that you need something that is going to inspect traffic inbound (firewalls, IPS/IDS and other inband mitigation).  I've worked with Radware and like their offerings.  They support the ability to house local equipment and hybridizing up to a fully cloud based model.  If you are interested in talking with them, let me know and I can send you the contact info for the engineer and rep that I usually work with.
0
 
atlas_shudderedSr. Network EngineerCommented:
You can check into Radware.  Solid product with several options if you are looking for an all in one service.  Akamai and Cloudflare have offerings as well.

If you are looking at deploying from a defense in depth perspective, you can check with your hardware vendors to determine if they have either recommended configurations or deployable options.

It's kind of a broad question and difficult to answer without really understanding what your goals and acceptable models would be.
0
 
DanNetwork EngineerAuthor Commented:
I was going to look into cloudfare and akamai, I'll contact Radware.  Basically, I just want to know if I have any wholes I need to close, just in general, to make my network less hackable, or more secure.
0
 
DanNetwork EngineerAuthor Commented:
I called them before your post, and I have a call scheduled for tomorrow.  Sure, if you want to send me the info you have, that would be great.
0
 
DanNetwork EngineerAuthor Commented:
Thanks for the info, I'm checking out a few different places you mentioned, and a few others.
0
All Courses

From novice to tech pro — start learning today.