Guidance

DoS Guidance - Testing and monitoring

Created:  31 Jan 2018
Updated:  31 Jan 2018
Gain confidence in your defenses by testing them, and gain confidence you'll notice when attacks start by having the right tooling in place.

Testing

Thinking you are well prepared to defend against denial of service attacks is not the same as knowing. There could be bottlenecks in your service you hadn't anticipated, and you would not have foreseen with a paper-based review alone. It's better to test your ability to defend an attack, and to have some knowledge of the types and volume of attacks you are able to defend. Consider testing your ability to defend both network layer and application layer attacks. 

Monitoring

It is important that system monitoring is in place to allow you to spot an attack when it begins as well as analyse and respond to the attack while it's underway. Depending on your system design there are various places you can monitor for resource usage.

Ensure that you have sight of the network, compute and storage aspects relevant to your service. You'll need these to help you understand how the attacker is causing a denial of service, so you can respond appropriately. For monitoring websites there is a large marketplace of suppliers offering tools to help you monitor the availability of your site from diverse geographic locations.

You may also be able to obtain monitoring feeds or alerts from your upstream providers. These can provide useful insights into traffic flows attempting to reach your service, even if they are filtered by any upstream protections.

Was this guidance helpful?

We need your feedback to improve this content.

Yes No