Security measures for a server against DDoS attacks
Security measures for a server against DDoS attacks
You and your team manage a server room for hosting projects and websites, but you face frequent DDoS attacks that persist despite shutting down servers. The internet remains unreliable even after disconnection. You're considering adding an extra server between the modem and network switches to monitor traffic, using high-performance hardware. Is this feasible? Would purchasing specialized servers from reputable vendors like Riot.com be necessary? Your existing capacity in those servers could support this solution without needing cloud services. Any suggestions would be greatly appreciated. Thank you!
Have you explored options such as Cloudflare? What kind of firewall configuration do you currently use? A few adjustments might help, but if you're hitting the limits of your ISP connection, the only real solution could be upgrading to a faster link, and using the cloud is often more cost-effective.
our servers run a standard Linux firewall, and our ISP doesn’t manage one for us. we have 50 terabytes of storage that must stay accessible, making Cloudflare unnecessary. the real issue is that shutting down the servers and blocking all ports leaves us vulnerable to DDoS attacks, leaving our internet connection unstable.
our servers use the default opensuse firewall, while our modem (cisco epc3925) has only one checkbox enabled. The last update for this modem was in 2014. is this setting correct for the servers? but when we power off the servers, the DDoS continues and we still lack internet access.
You should definitely upgrade your firewall and reach out to your ISP. I can't offer much guidance on the ISP side, but for the firewall side here are some suggestions. It's unlikely you have enough budget for a full next-gen firewall, so I’d suggest creating one yourself. Assuming you have some Linux and networking experience (or better yet, someone with more expertise nearby), start with a compact PC, add a couple of high-speed Ethernet NICs (using PCIe cards), and install pfSense. This setup will significantly outperform most alternatives in the $200 range. If you want something even more budget-friendly, consider a small embedded device to run pfSense. There are several choices based on your budget. If you really need a ready-made solution, research the required bandwidth, expected connections, and advanced features you need—sites like http://firewalls.com can assist. Also, cloud options such as CloudFlare exist, but they mainly provide DDoS protection and won’t give you full network control like a local firewall.
Are there any resources I should retrieve that require external access? If so, do they need global availability or can we use internal whitelists and VPNs to connect?
You should install a firewall between your modem and router to ensure all incoming and outgoing traffic is routed through it. This setup can enhance your network security. While you're familiar with network concepts, understanding what a firewall actually does would be beneficial. If you have contacts in the field who specialize in network protection, consider involving them for more detailed guidance.