1 00:00:00,05 --> 00:00:02,06 - [Instructor] Although botnets and distributed denial 2 00:00:02,06 --> 00:00:05,08 of service, or DDoS attacks may be growing threats 3 00:00:05,08 --> 00:00:08,04 on the cyber security threat landscape, 4 00:00:08,04 --> 00:00:11,07 there are effective ways to minimize your exposure to them. 5 00:00:11,07 --> 00:00:14,04 In this video, I'll cover how to protect against botnet 6 00:00:14,04 --> 00:00:16,01 and DDoS attacks and how 7 00:00:16,01 --> 00:00:18,09 to keep your systems from becoming part of a botnet. 8 00:00:18,09 --> 00:00:21,00 We'll start by talking about five ways 9 00:00:21,00 --> 00:00:22,03 to protect your websites 10 00:00:22,03 --> 00:00:25,08 and online applications from DDoS attacks. 11 00:00:25,08 --> 00:00:28,07 First, you absolutely must have either firewalls 12 00:00:28,07 --> 00:00:30,05 or web application firewalls 13 00:00:30,05 --> 00:00:33,08 or WAFs for short in front of your websites. 14 00:00:33,08 --> 00:00:36,02 Firewalls and WAFs can be used to detect 15 00:00:36,02 --> 00:00:39,06 and block unwanted and abnormal traffic. 16 00:00:39,06 --> 00:00:41,02 They can also be used to control 17 00:00:41,02 --> 00:00:44,05 or throttle the traffic that reaches your applications. 18 00:00:44,05 --> 00:00:45,09 Firewalls and WAFs though 19 00:00:45,09 --> 00:00:48,09 can still be overwhelmed by DDoS attacks. 20 00:00:48,09 --> 00:00:51,03 The second way you can protect against DDoS attacks 21 00:00:51,03 --> 00:00:53,00 is by using load balancers 22 00:00:53,00 --> 00:00:56,05 or content delivery networks or CDNs for short. 23 00:00:56,05 --> 00:00:58,07 Load balancers and CDNs can share 24 00:00:58,07 --> 00:01:01,06 the traffic load across servers in different locations, 25 00:01:01,06 --> 00:01:04,05 which waters down the DDoS attack. 26 00:01:04,05 --> 00:01:06,09 Third, consider using DDoS defense systems 27 00:01:06,09 --> 00:01:09,07 or service providers that specialize in protecting 28 00:01:09,07 --> 00:01:12,05 organizations from these attacks. 29 00:01:12,05 --> 00:01:15,00 CloudFlare for instance provides a service 30 00:01:15,00 --> 00:01:16,08 that can absorb DDoS traffic 31 00:01:16,08 --> 00:01:21,02 and route only legitimate traffic to your web servers. 32 00:01:21,02 --> 00:01:23,05 Next, a good network monitoring system 33 00:01:23,05 --> 00:01:25,07 will detect unusual internet traffic 34 00:01:25,07 --> 00:01:28,04 like a DDoS attack once it starts. 35 00:01:28,04 --> 00:01:31,03 Notifications from a network monitoring system will give 36 00:01:31,03 --> 00:01:33,03 you an early warning about the attack, 37 00:01:33,03 --> 00:01:35,06 so you can respond quickly. 38 00:01:35,06 --> 00:01:39,05 And finally, develop a denial of service response plan. 39 00:01:39,05 --> 00:01:42,06 Define who will be on the response team in the event 40 00:01:42,06 --> 00:01:45,03 of a DDoS attack, and write down the procedures 41 00:01:45,03 --> 00:01:48,03 that must be followed in the event of an attack. 42 00:01:48,03 --> 00:01:50,01 When you have these protections in place, 43 00:01:50,01 --> 00:01:52,04 you can hire a qualified third-party firm 44 00:01:52,04 --> 00:01:54,09 to conduct a DDoS test. 45 00:01:54,09 --> 00:01:56,02 There are many security companies 46 00:01:56,02 --> 00:01:59,00 that specialize in pretend DDoS attacks, 47 00:01:59,00 --> 00:02:02,08 load tests, and other external threat simulations. 48 00:02:02,08 --> 00:02:05,09 They can help identify system misconfigurations, 49 00:02:05,09 --> 00:02:10,03 network bottlenecks, poor instant response, and more. 50 00:02:10,03 --> 00:02:11,04 Now let's talk about how 51 00:02:11,04 --> 00:02:13,08 to keep your systems from joining a botnet. 52 00:02:13,08 --> 00:02:16,04 Since the primary way systems are taken over 53 00:02:16,04 --> 00:02:19,05 and added to botnets is through the use of malware, 54 00:02:19,05 --> 00:02:21,01 the best way to protect your systems 55 00:02:21,01 --> 00:02:23,08 is by using effective anti-malware. 56 00:02:23,08 --> 00:02:25,06 Make sure you're using the latest version 57 00:02:25,06 --> 00:02:28,05 with the most current malware definitions. 58 00:02:28,05 --> 00:02:31,00 Next, you should monitor your system processes, 59 00:02:31,00 --> 00:02:33,03 investigating any that look unusual 60 00:02:33,03 --> 00:02:36,03 or take excessive CPU or memory. 61 00:02:36,03 --> 00:02:39,05 These can be signs that your system is part of a botnet, 62 00:02:39,05 --> 00:02:43,02 and of course follow good enterprise security practices. 63 00:02:43,02 --> 00:02:45,06 Example practices include, 64 00:02:45,06 --> 00:02:48,05 make sure all your devices have strong passwords, 65 00:02:48,05 --> 00:02:50,01 keep software, firmware, 66 00:02:50,01 --> 00:02:52,07 and applications updated and patched. 67 00:02:52,07 --> 00:02:55,08 Implement anti-spam controls on your email server. 68 00:02:55,08 --> 00:02:58,04 Use web filtering to block access to sites 69 00:02:58,04 --> 00:03:00,06 that commonly host malware, 70 00:03:00,06 --> 00:03:03,03 and conduct regular user security awareness training 71 00:03:03,03 --> 00:03:05,01 and phishing training. 72 00:03:05,01 --> 00:03:07,06 These may seem like basic security tasks, 73 00:03:07,06 --> 00:03:10,02 but they'll go a long way toward protecting your systems 74 00:03:10,02 --> 00:03:12,04 from becoming part of a botnet. 75 00:03:12,04 --> 00:03:16,03 Botnets and DDoS attacks are getting bigger and more common. 76 00:03:16,03 --> 00:03:18,09 And like an arms race, their attack methods 77 00:03:18,09 --> 00:03:20,02 are getting more creative 78 00:03:20,02 --> 00:03:23,09 and evolving to overcome existing defense measures. 79 00:03:23,09 --> 00:03:25,06 Take the steps I covered in this video 80 00:03:25,06 --> 00:03:27,03 to protect your organization's data 81 00:03:27,03 --> 00:03:30,00 from botnet and DDoS threats.