Antivirus software

4 Tips to Fight Botnets

Other Tips for Security

IP Source Guard

This one isn't part of the top 5, but I thought it worth mentioning nonetheless. Another tip is to turn on IP Source Guard on your switches. This prevents a host from sending out spoofed packets in the event that it becomes a bot itself.

This is not so much a defense tool but rather a good citizen tool, although it would help dampen an internal spoofed DDoS attack. If every company had IP Source Guard enabled it would help reduce the number of spoofed DDoS attacks we have. An added benefit of having this feature enabled is it can help you identify hosts that are part of a Botnet on your network. When the malware launches its spoofed attack the switch port can be automatically locked down (error disabled) and report this event to your security monitoring station. Or you could just have it report the event and keep the port up but drop all traffic except the real IP address sources traffic.

If someone has some other tactics for protecting against DDoS attacks please share them. Here are some helpful links:

Verizon Data Breach Investigations Report (pdf)

Arbor Networks Infrastructure Security Report

Subscribe to the Daily Downloads Newsletter

Comments