A.25 Chapter 24: Denial of Service Attacks and Solutions

• Ensure good physical security for computers, network cables, and connectors.

• If user quotas are available on your system, enable them.

• Configure appropriate process and user limits on your system.

• Don't test new software while running as root.

• Educate your users on polite methods of sharing system resources.

• Run long-running tasks in the background, setting the nice to a positive value.

• Partition disks to isolate critical partitions from those that might be filled by mail or file uploads.

• Configure disk partitions to have sufficient inodes and storage.

• Make sure that you have appropriate swap space configured.

• Monitor disk usage and encourage users to archive and delete old files.

• Consider investing in a network monitor appropriate for your network. Have a spare network connection available, in case you need it.

• Install a firewall to prevent and react to network problems.

• Keep an up-to-date paper list of low-level network addresses (e.g., Ethernet addresses), IP addresses, and machine names available.

• Enable SYN cookies if your kernel supports them.

• Use egress filters on border routers to prevent spoofed packets from being sent out from your network.