Analecta Cyber Company Blog: Increase Server Capacity and Bandwidth to Reduce the Effects of DDoS Attacks and Server Crashes

2019-03-19

Increase Server Capacity and Bandwidth to Reduce the Effects of DDoS Attacks and Server Crashes

fiber optics cable tube graphics - Analecta cyber Increase Server Capacity and Bandwidth to Reduce the Effects of DDoS Attacks and Server Crashes - Analecta LLC banner
The classic model for cybersecurity focuses on three main objectives, often referred to as the CIA triad: confidentiality, integrity, and availability. Confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people. Let’s take the opportunity to see how small businesses can maintain availability by making sure they have enough network capacity.

Network capacity


The main idea behind adequate network capacity is to ensure a business can continue, uninterrupted, regardless of the network demand. The first step is to make sure that your network baseline measurement is current. This means that as Chief Information Officer (CIO), you need to understand the business’s network baseline and continuously evaluate the baseline as business and technological demands change.

Once you understand your current network baseline, evaluate how much demand is expected to increase and determine if your current configuration can handle the increase. Some factors that you need to consider when deciding if you need additional capacity are:
  1. Network equipment
  2. End-user equipment
  3. On-premise/offsite servers
  4. Outsourced services
  5. Networked applications
  6. Subnets
  7. Remote access requirements
  8. External demand
Plan ahead and include some extra bandwidth to prepare for unexpected upgrades or increased demand. You don’t want to have to upgrade your network each time you add a network device or in response to heavy usage. In the early days if the internet, companies were proud of the fact that demand was so high that they “crashed the servers” in response to heavy traffic peaks.
That is no longer the case, and down time means lost revenue.

Visit this 2010 retrospective on crashing servers!

Fake Server Crashes and Marketing Morons

by Jeff Walker

Stopping DDoS Attempts


Hackers frequently use distributed denial-of-service as an attack vector, and there are tons of resources on the dark web that will help those attacks be more effective. Usually, the goal of a DDoS attack is to knock the organization, or a component of the organization, off the internet for as long as the attack lasts. So how do you protect your business?

NIST Cybersecurity Framework supplemental guidance suggests that businesses combine multiple methods to reduce the risk of DDoS attempts, possibly eliminating the effect that such an attack would have on the organization. Increasing network capacity and bandwidth combined with service redundancy may also reduce your susceptibility these types of attacks.

fiber optics cable tube graphics - Analecta cyber
You can’t anticipate DDoS attacks, but you can anticipate periods of high demand. Make sure you have enough capacity and bandwidth before you experience heavy usage to keep you up and running.

Putting it into practice


Suppose that your organization uses a single public-facing web server and all of your network traffic routes through the same network node. If a DDoS attack focuses all its effort toward that one web server, all traffic stops going in and out of your network, halting internal and external business. Adding a backup web server, segmenting your networks (so inbound web traffic from customers and outbound web traffic from employees do not share a link), and increasing your network bandwidth to handle increased demand will allow your business to continue even if hackers targeted the IP address of your primary web server.  

How much is enough?


Whether you have a complete understanding of your network baseline and need help determining future capacity, or if you have never done a baseline on your networks and need to know where start, we can help! Contact us at info@analecta-llc.com or visit our Cybersecurity website. Our experts can walk you through everything that you need to know to stay protected. 

Analecta Cyber is a Maryland-based cybersecurity firm providing cyber risk assessments for small and medium sized businesses. Analecta is a trusted partner to help companies achieve their cybersecurity objectives. 

Analecta LLC Logo

Further Resources

No comments :

Post a Comment