The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide to help organizations prevent or reduce the impact of distributed denial of service (DDOS) attacks.
The advisory describes the most common types of denial of service (DoS) attacks and provides mitigations that organizations can implement to reduce the risk of DDoS attacks. These include: understanding what services and assets are critical for an organization and how users connect to its network; enrolling DDoS protection; understanding dedicated edge network defenses and service provider defenses; develop a DDoS response plan; conducting a DDoS tabletop exercise and/or regularly test the DDoS response plan.
The guidance also provides instructions on how to react to a DDoS attack and what to do after a DDoS attack has occurred.
CISA has published a separate DDoS guidance for government agencies.