Guidance

Preparing for denial of service (DoS) attacks

Created:  31 Jan 2018
Updated:  31 Jan 2018
It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond, in the event your service is subjected to an attack.

Executive Summary

It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond, in the event your service is subjected to an attack:

  1. Understand your service the points where resources can be exhausted, and whether you, or a supplier, are responsible for them.
  2. Ensure your service providers are prepared to deal with overloading of their resources. 
  3. Ensure your service can scale to deal with surges in use.
  4. Have a denial of service response plan in place that includes graceful degradation of your service.
  5. Monitor for denial of service attacks and test your ability to respond. 

Five essential practices 

Whilst it is not possible to fully eliminate the risk that a DoS will be successful, it is possible to be well prepared.

You should understand the methods of attack that are likely to be most effective against your service, and have a response plan ready to manage an attack, minimising disruption to legitimate service users.

System designers and operators should think carefully about designing the service to cope with a DoS, and to choose third party services from suppliers they are confident will be able to help manage attacks. 

Below, we outline five practices which will help you prepare for a DoS attack. Each should be considered as just one component of an overall response.

Preparing for denial of service (DoS) attacks

  1. DoS Guidance - Understand your service

    Understand the points in your service where resources can be overloaded or exhausted. Determine whether you, or a supplier, are responsible for each.

  2. DoS Guidance - Upstream defences

    Ensure your service providers are ready to deal with resource exhaustion in places where they are uniquely placed to help.

  3. DoS Guidance - Scaling

    Ensure your service can scale to deal with surges in concurrent sessions.

  4. DoS Guidance - Response plan

    You should design your service, and plan your response to an attack, so that the service can continue to operate, albeit in a degraded fashion.

  5. DoS Guidance - Testing and monitoring

    Gain confidence in your defenses by testing them, and gain confidence you'll notice when attacks start by having the right tooling in place.

Was this guidance helpful?

We need your feedback to improve this content.

Yes No