The DDoS attack that happened on Friday, October 21st 2016, took a massive number of websites offline and caused widespread outages. Even if your application wasn’t affected, you more than likely noticed that some of your favorite sites were completely inaccessible for a period of time. The attack made one thing very clear: there are single points of failure all over the Internet, even in this day and age of hyper-conscious networking security.
Even Engine Yard, which prides itself on being an incredibly secure platform, was affected negatively by the late October attack and suffered platform downtime. Although these attacks are a scary display of Internet insecurity, they present a great opportunity to make your application and offering stronger. Studying what happened and learning from these attacks is an important piece of getting better and stronger. Here’s what we learned to harden our platform, and what you can too.
Through detailed investigation, Engine Yard identified the individual components of our platform that failed as a result of the DDOS attack and has implemented changes that prevent recurrence of these events; specifically, Engine Yard has set up alternative DNS service providers. At a moment’s notice, Engine Yard is now able to switch among multiple providers in the event of a similar DDoS attack in the future.
Engine Yard highly recommends that all of our customers also look into solutions such as this. In addition to setting up multiple DNS providers, creating a well documented process to switch from one provider to another in the case of an emergency is also important. Ensuring your documentation is clear and easy to follow will allow almost anyone within your organization to assist in an emergency. We also suggest that you undertake a series of simulated dry-runs, so that when the moment comes, you’ll be ready.
These types of attacks present a hidden opportunity to learn and develop safer systems. Our mission is to not only harden our own platform, but help our clients reduce their own risk as well.
If you have any feedback, please contact Engine Yard at firstname.lastname@example.org.