Tips for validating DDoS defenses
Prolexic has issued a number of recommendations that organizations can use to validate their DDoS defenses, as well as protection services they receive from mitigation providers.
Organizations should work closely with their DDoS mitigation providers to complete a professional, planned provisioning and service validation.
The only way to be sure that DDoS protection will be effective is through proactive validation against different types of attack scenarios.
Best practices:
- With the DDoS mitigation service active, verify that all applications are performing properly.
- Verify that all routing and DNS is working.
- In partnership with your mitigation service provider, generate a few gigabits of controlled traffic to validate the alerting, activation and mitigation features of the service.
- Test small levels of traffic without scrubbing and without any DDoS protection to validate that your on-premise monitoring systems are functioning correctly. This action will also help you identify the stress points on your network.
- Conduct baseline testing and calibrate systems to remediate any network vulnerabilities.
- Schedule validation tests on a regular basis (yearly or quarterly) with your DDoS mitigation service provider to validate that the service configuration is still working correctly – and eliminate the risk of network element failures due to DDoS. If network issues arise during testing, your service provider may need to make modifications based on recent changes to your network, such as modified firewall rules, firmware updates and router reconfiguration.