Proven Practices for Securing Your Website Against DDoS Attacks

Kevin Beaver, Principle Logic, LLC Andrew Sullivan, Dyn

A bit about Kevin Beaver

●  Independent consultant ­  25 years experience in IT –

19 years in information security ­  Focus on performing technical

security assessments ●  Expert witness

­  Data breaches, security best practices/due diligence, compliance, and intellectual property cases

●  Speaker ●  Writer

●  Creator/author of Security On Wheels audiobooks & blog

(securityonwheels.com)

A bit about Andrew Sullivan

●  Director of Architecture for Dyn, an Internet performance company ●  15 years in the Internet industry ●  Co-author of the DNS 64 specification ●  Active in the Internet

Engineering Task Force ●  Member of the Internet

Architecture Board

Insanity is…

“Doing the same thing over and over again and expecting different results.”  

-­‐Albert  Einstein  

Defining the term

More than one soft underbelly

P SYN floods P UDP amplification P Botnets SYN floods

UDP amplification

Botnets

Botnets are cheap and easy!

Why do they do it?

The main driver

Common vulnerabilities

How do DNS attacks work?

Someone else performs attack

Response size is key

In the words of Kevin…

“You cannot secure (or respond to) what you don’t understand.”  -­‐Kevin  Beaver  

Situational awareness

Additional Resources

●  Kevin’s website: principlelogic.com/resources

●  Kevin’s blog: securityonwheels.com/blog

●  Kevin’s audio programs: securityonwheels.com

●  Kevin’s latest books:

●  Three Ways Companies Can Avoid DDoS Attacks (webinar) brighttalk.com/webcast/10729/113345?ContentHub

●  DDoS 101 (video): dyn.com/dynedu what_is_a_ddos_attack/

●  The Cost of a DDoS Attack (whitepaper) pages.dyn.com/evaluating-cost-of-ddos.html

Your plan of action

“Before everything else, getting ready is the secret to success.”  

         -­‐Henry  Ford