On September 10^th, 2012 we were reminded how vulnerable the most sophisticated infrastructures can be brought to its knees. Go Daddy and millions of sites were knocked offline for several hours by a DDOS attack on Go Daddy’s DNS servers.

Security is a huge concern and each time companies like GoDaddy and LinkedIn get hacked, it becomes an issue that ia at the forefront for most online businesses. These attacks should make organizations question:

• Do they have a secure network?
• How long can their organization be down and offline before it costs them thousands of dollars?
• Do they have a Disaster Recovery plan in place to avoid these types of attacks?
• What can we do to protect our organization and our data from harm?

Here are a few quick and easy methods to protect you from those who would do harm:

1) Keep Strong Passwords.  Weak passwords are the number one way that sites are compromised.  Practice having strong and complex passwords.   Change your passwords often, especially when you change staff.

2) SQL Injection Cross Platform Scripting.  If you don’t have a strategy to check and guard against SQL Injections and Cross Platform Scripting then you need to get one.  You need to engage with a web security professional in order to confirm that you are protected.

3) Update, Patch and Service Pack.  Keep your web infrastructure updated.  Unfortunately this takes time and knowledge to stay on top of, exploits can come out daily weekly or yearly.   So staying on top of this type of activity requires an IT professional’s assistance.    Usually the products that you buy have bulletins or some kind of alerts that come out, or they have a regular patch and update schedules.

4) Have a Contingency Plan.  It doesn’t have to cost a tremendous amount of money to create a secondary site or disaster plan.   Having a backup copy of your website along with a location to host it at in the event of an outage can save you time and a tremendous amount of money.  If your website needs to be up and capable of processing transactions then you might want to invest in a disaster site, so that you can continue to do business.   Time is money.

5) Understand DDOS attacks.   Distributed Denial-of-Service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users.   One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.  You can go with a provider or use technology that is more effective at blocking DDOS attacks.

6) DDOS Defense.  Some of the ways you can protect yourself from DDOS attacks are: having a firewall, Blackholing, Sinkholing, IPS, over-provisioning, application front end hardware, Routers,  Smart Switches, Clean Pipes, hardware or software designed to prevent it, server configurations, security patches and a strong experienced IT support organization.