Many corporate Web sites have suffered from illegal denial-of-service (DoS) attacks more than once. The companies that learn how to turn these experiences to their advantage go a long way to ensuring it doesn't happen again. Sometimes there's nothing like adversity to give you a new look at your surroundings. And the events of a network attack can uncover some very important mistakes and provide you with more than a few lessons. Turning these lessons into best practices is where the rewards of such adversity are realized. You can arrive at these best practices by asking yourself: "How are we vulnerable?" The following best practices are a sample of some of the common conclusions companies have come to following a DoS attack.
Practice 1: Keep an audit trail that describes what was changed and why.
Practice 2: Create interdepartmental Standard Operating Procedures (SOPs) and Emergency Operating Procedures (EOPs).
Practice 3: Understand that success can result in complacency.
Practice 4: Network monitoring isn't enough; your administrators must know your configuration in detail.
Practice 5: Test yourself both locally and over the Internet.
Practice 6: Your processes can harm you just like hackers.
Practice 7: Keep people aware of old configurations and their purpose.
Practice 8: When something is different, ask why.
Practice 9: Know the trade-offs between simplicity, cost and survivability.
Practice 10: Protect yourself against hackers.
This was first published in August 2001