One of the most important things you need to have on your computer to improve security is a solid firewall. If you’re an owner of a Mac or Windows system then this is pretty much handled for you but at server and hosting level did you know some bugs in firewalls can lead to a denial of service and could take you’re business offline in no time?
One of the biggest risks with relying on a firewall to protect you is the possibility that traffic is interpreted as good traffic. This means that a firewall is far from foolproof and certainly there are many improvements that can be made to ensure that you protect yourself from a DDOS without automatically defaulting to the use of a firewall.
The other big issue with a firewall is the fact that a DDoS can actually simply overwhelm a firewall. They only have a limited amount of bandwidth and so it doesn’t take long for an attack to become far more serious than a firewall control.
The biggest issue with relying on a firewall against an attack however has nothing to do with the server itself. You can find yourself in a position where there is a DNS attack. If you decide that one of the best ways to protect yourself is a firewall then you leave yourself completely open and vulnerable but fortunately there are other ways of improving the security on your system and we will go into some of those just now.
What are the alternatives to a firewall to maintain security?
If I wanted to protect my DNS now I would use a cloudDNS service like Rackspace or Cloudflare. These systems are in place to help you avoid a DDoS. Cloudflare do far more than just DNS protection these days. They have a complete system that will check your browser prior to forwarding the traffic to ensure that it is a real human being and not a bot. Due to their incredible database of nasty attackers they can instantly differentiate between the two and can resolve your issue in almost no time at all. This can be a little pricey but if you are receiving an attack and it is solving the problem while keeping your business running then it is definitely something worth considering an remember even infrastructure is vulnerable to attacks, let alone servers.
You can in fact tweak your firewall and improve it. You can also set your system up so that it permanently bans ip addresses that it knows to be malicious. The only problem with getting too aggressive with an attacker is the fact that you are almost certain to block legitimate traffic which is entirely counter productive and certainly not something that we would wish.
The sad reality of today is that we are absolutely certain to come under attack, we just need to make sure that we are in a situation whereby we give ourselves the best opportunity to defend against unwanted traffic and malicious attempts to break our security.