Is Firewall Enough to Block DDOS Attack?

Before we delve into the issue whether a firewall is enough to block a DDoS attack, we must understand what a DDoS attack really means. DDoS stands for Distributed Denial of Service. In layman terms, a DDoS refers to making a computer resource unavailable to its intended users. This is done by saturating a target computer with external requests and rendering it too slow and hence ineffective to respond to legitimate traffic. The problem is, just about any computer connected to the Internet is vulnerable to a DDoS attack. What’s even worse, even big players in the game such as AOL and Microsoft are not immune to these attacks!

Firewalls are typically the most effective way to keep networked computers safe from malignant attacks. They help to block offending IPs that cause DDoS attacks. Firewalls work in accordance with intrusion detection and prevention systems or IDS/IPS. Together they monitor and log random traffic at unusual hours as well as incomplete TCP handshakes that appear as fragmented packets. In such cases, the traffic is diverted immediately from the victimized network to another separate subnet set up solely for the purpose of accepting unwanted or nefarious traffic. Alternately, all malicious traffic can also be diverted to a honeypot, which is a computer system meant to attract and trap malicious traffic that attempts to access or penetrate through other people’s computer systems.

However, firewalls are not 100% effective in combating complex DDoS attacks. DDoS attacks originate from not one but multiple offending IPs simultaneously. This indicates that bad traffic may actually come from thousands of servers that have been compromised.  Therefore, if a network is still facing issues even after blocking the offending IP through a software based firewall application, it is strongly to install a script that can automatically look for multiple offending IPs. For problems that get out of hand, it is best to consult a professional hosting company to get rid of troublesome DDoS attacks.

While it is clear that DDoS attacks can not only lead a company to lose its critical database of information as well as reputation. Firewalls cannot protect a company from such sabotage or financial loss. But taking preventive measures to minimize the risks of such attacks can definitely come handy in reducing the impact of the DDoS attacks. In this context, it is best advised to get a more robust router or server, get faster uplinks, cut down on the number of firewall rules, queues and packet handling actions that usually escalate CPU usage to up to 100% and track the attack route and block it closer to the source of the upstream provider.