Oakwood Hotel Group

Oakwood Hotel Group

DDOS MITIGATION STRATEGY FOR OAKWOOD

HOTEL GROUP

"An Evaluation of Multi-Layered DDoS Protection

Strategies to Safeguard Oakwood Hotel Group’s Digital
Infrastructure"

An Evaluation of Multi-Layered DDoS Protection

Strategies to Safeguard Oakwood Hotel Group’s Digital
Infrastructure"

Author: japneet kaur

Staff number: PY20789

Date: 12-04-2025
Version: version2

Date: 12-04-2025
Contents
Oakwood Hotel Group................................................................................................................ 1
Oakwood Hotel Group................................................................................................................ 1
Oakwood Hotel Group................................................................................................................ 1
Oakwood Hotel Group................................................................................................................ 1
1) Executive Summary................................................................................................................1
2) Introduction............................................................................................................................. 3
3) Identified DDoS Prevention Solutions.....................................................................................5
5. Recommendations.................................................................................................................. 9
6. Conclusion:........................................................................................................................... 11
7. References:...........................................................................................................................12

Japneet kaur
1) Executive Summary
This report analyses potential Distributed Denial of Service (DDoS) mitigation strategies for
Oakwood Hotel Group, focusing on solutions to ensure the security and continuity of the
hotel’s critical online systems. The primary objective is to assess various DDoS protection
solutions, evaluate their costs, technical feasibility, and effectiveness, and ultimately
recommend the most effective approach to safeguard Oakwood Hotel Group's infrastructure
from these cyber threats.

DDoS attacks can significantly disrupt online services, such as the hotel’s booking platform,
payment systems, and other essential services. These attacks can lead to website downtime,
payment processing failures, lost revenue, and reputational damage. With increasingly
sophisticated cyberattacks, Oakwood Hotel Group must implement a robust, multi-layered
defence strategy to mitigate these risks.

The report considers three primary DDoS protection solutions:

1. Cloud-Based Protection: Cloud services such as Akamai Prolexic, Cloudflare, and AWS
Shield offer scalable protection by filtering malicious traffic before it reaches Oakwood’s
network. These services are quick to deploy, cost-effective for smaller businesses, and can
handle high traffic volumes. The costs for this solution range from $15,000 to $150,000
annually, depending on the level of traffic and the service provider.

2. Web Application Firewall (WAF): A WAF provides targeted protection for web
applications, which is beneficial for safeguarding the booking website and preventing
threats such as SQL injection, bot traffic, and cross-site scripting. While cloud-based WAF
solutions are relatively affordable, starting at around $200 per month, on-premises WAFs
require higher upfront costs and ongoing maintenance.

3. Network-Level Protection: This solution offers protection against volumetric DDoS attacks
through firewalls, intrusion prevention systems (IPS), and traffic load balancing. While
practical and ideal for more extensive infrastructures, this option is the most expensive, with
implementation costs ranging from $45,000 to $250,000.

The report provides a detailed cost comparison and feasibility analysis of each solution,
highlighting the strengths and limitations of each approach. Based on these evaluations, the
recommended hybrid approach combines cloud-based protection, WAFs, and network-level
tools. This multi-layered strategy ensures Oakwood Hotel Group benefits from scalable,
efficient, and comprehensive protection against DDoS attacks while maintaining control over
its internal systems.

An implementation plan is also outlined, with phased deployment over 12 months. Phase 1
focuses on setting up cloud-based protection. Phase 2 adds WAF integration for the booking

Japneet kaur Page 1

system. Phase 3 upgrades the existing firewalls and network infrastructure for enhanced
security.

Japneet kaur Page 2

2) Introduction
As the digital landscape continues to evolve, businesses, including Oakwood Hotel Group,
increasingly rely on online platforms to manage operations, facilitate bookings, and engage
with customers. With this shift comes the growing risk of cyberattacks, mainly Distributed
Denial of Service (DDoS) attacks, which can overwhelm online systems, cause severe
disruptions, and damage an organisation's reputation. For Oakwood Hotel Group,
safeguarding critical systems, including booking websites, payment gateways, and customer-
facing services, is essential to maintaining smooth operations, customer satisfaction, and
financial stability.

This report analyses and evaluates various DDoS protection solutions to identify the most
suitable approach for Oakwood Hotel Group's infrastructure. By assessing these solutions'
technical effectiveness, scalability, and cost implications, this report will provide a clear
strategy to mitigate the risks associated with DDoS attacks and ensure the continuity of
Oakwood's core operations.

Objective:

The primary objectives of this report are as follows:

1. Evaluate DDoS Protection Solutions: To examine and recommend the most effective
solutions tailored to Oakwood Hotel Group's needs, considering the organisation’s current
infrastructure and future growth.

2. Cost and Feasibility: To assess the financial viability of different DDoS protection
strategies and their compatibility with Oakwood's budget and infrastructure requirements.

3. Ensure Operational Continuity: To recommend a solution that ensures the smooth

operation of Oakwood's critical online systems, minimising potential disruptions and
mitigating any risks associated with DDoS attacks.

Purpose:

This report aims to assist Oakwood Hotel Group in making informed decisions regarding DDoS
protection strategies. By identifying scalable and cost-effective solutions, the report ensures
that Oakwood’s online systems will be robust enough to handle current and future threats while
providing a positive guest experience and preserving the hotel's reputation.

Japneet kaur Page 3

Audience:

 Management Team: The management team is responsible for approving cybersecurity

measures and allocating the necessary resources for implementation. The report will
provide detailed insights into the risks associated with DDoS attacks and recommended
solutions, enabling the management team to make informed decisions on budget allocation
and strategic direction.

 IT Department: The IT department will implement, maintain, and monitor the selected
DDoS protection strategies. This report provides a technical overview of the available
solutions and outlines the steps for their integration into Oakwood’s existing infrastructure.

Japneet kaur Page 4

3)Identified DDoS Prevention
Solutions
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt regular traffic by
overwhelming a server, service, or network with a flood of internet traffic. The consequences of
such attacks can be severe for a hospitality brand like Oakwood Hotel Group, which relies
heavily on online services for bookings, customer support, and payments. Below are the
leading solutions:

1. Cloud-Based Protection
2. Web Application Firewall (WAF)
3. Network-Level Protection

Cloud-Based Protection:

Explanation: A Web Application Firewall (WAF) protects web applications, such as the hotel’s
booking and payment systems. WAFs are designed to filter and monitor HTTP/HTTPS traffic
between the web application and the internet, blocking harmful requests while allowing
legitimate ones to pass through.

Technical Method: WAFs operate by inspecting the content of incoming HTTP requests,
looking for patterns consistent with attacks such as SQL injection, cross-site scripting (XSS), or
DDoS attempts. WAFs can also challenge suspicious traffic with CAPTCHA or block malicious
IP addresses.

Cost Implications: Cloud-based WAF services start at around $200 per month. On-premises
solutions, however, may require a significant investment, with initial costs reaching up to
$10,000 or more for installation and ongoing maintenance.

Network-Level Protection:

Explanation: Network-level protection involves defending the hotel’s internal network

infrastructure from DDoS attacks by deploying firewalls, Intrusion Prevention Systems (IPS),
and load balancing. These solutions aim to detect and block malicious traffic before it can
overload network resources.

Japneet kaur Page 5

Technical Method: Firewalls and IPS are placed at various points in the network to analyse
traffic patterns and identify attack traffic. Load balancing distributes traffic evenly across
multiple servers to prevent one server from being overwhelmed. This solution often involves
custom configuration to suit the hotel’s specific infrastructure.

Cost Implications: Network-level protection is the most expensive solution, with costs ranging
from $45,000 to $250,000, depending on the infrastructure size and complexity of the setup.
Ongoing maintenance costs typically range from $5,000 to $20,000 per year.

Cost and Feasibility Analysis

Each of the three solutions offers distinct advantages and challenges. When evaluating DDoS
protection strategies for Oakwood Hotel Group, it is essential to consider the technical
effectiveness of each solution and the financial and operational feasibility. The following
analysis outlines the initial setup costs, ongoing maintenance expenses, and suitability for the
hotel’s current infrastructure and long-term needs.

Cloud-Based Protection

 Initial Cost: Cloud-based solutions typically follow a subscription-based model rather than a
one-time capital expense. Pricing ranges from $15,000 to $150,000 per year, depending on
the size of the organisation, the level of traffic, and the provider's service tier.

 Maintenance: Ongoing maintenance is generally included in the subscription, meaning the

internal IT team has fewer responsibilities.

 Feasibility: This approach is highly feasible for Oakwood Hotel Group in the short term. It
requires minimal setup, is scalable, and can be quickly deployed to respond to active
threats. It is ideal for organisations looking for immediate protection without investing
heavily in infrastructure or in-house expertise. However, reliance on third-party providers
may limit customisation and control.

Web Application Firewall (WAF)

Japneet kaur Page 6

 Initial Cost: WAFs vary in pricing depending on whether the solution is cloud-based or on-
premises. For on-premises installations, initial costs range from $5,000 to $75,000,
including hardware and software licensing.

 Maintenance: Annual maintenance and update fees typically range from $5,000 to $10,000,
covering security updates, policy tuning, and monitoring.

 Feasibility: WAFs provide focused protection for web-based systems, such as the hotel’s
booking and payment portals. While not as comprehensive as other options, they are
suitable for businesses that face application-layer threats. WAFs are a good mid-tier
solution for Oakwood Hotel Group, balancing affordability with a targeted security benefit.

Network-Level Protection

 Initial Cost: As the most robust option, network-level protection demands significant
investment, typically between $45,000 and $250,000, covering hardware, software, and
installation.

 Maintenance: Maintenance and operational costs can range from $5,000 to $20,000
annually, requiring regular updates and substantial IT oversight.

 Feasibility: Although costly, this solution offers the deepest level of control and defence,
particularly against volumetric and protocol-based attacks. It is best suited for organisations
with in-house IT capabilities and a long-term focus on cybersecurity. This may be a long-
term investment for Oakwood Hotel Group to consider once core defences are established.

Japneet kaur Page 7

The following table compares the initial costs, maintenance costs, and overall feasibility for
Oakwood Hotel Group:

Table 1: Cost and feasibility comparison

Solution Initial Cost Maintenance/Year Feasibility for Oakwood Hotel Group

Cloud-Based $15k–$150k/ Scalable, good for short-term,

Included
Protection year minimal setup.

Web Application Mid-level protection, focused on

$5k–$75k total ~$5k–$10k/year
Firewall web apps.

Network-Level $45k–$250k Most robust, best for long-term, high

~$5k–$20k/year
Protection total cost.

Japneet kaur Page 8

5. Recommendations
5.1 PHASED IMPLEMENTATION PLAN

Given the complexity and cost implications of implementing multiple solutions, rolling out the
DDoS protection strategy in phases is recommended. This phased approach will allow
Oakwood to start with the most critical areas, ensuring that they are protected immediately
while progressively enhancing the security of other components

Implementation Plan

Phase 1 (0–3 Months):

 Set up a cloud-based DDoS protection service (e.g., Akamai Prolexic or Cloudflare).

 Connect Oakwood’s DNS and start monitoring traffic.

Phase 2 (3–6 Months):

 Implement a Web Application Firewall (WAF) to protect the booking website.

 Configure and train staff to handle security protocols.

Phase 3 (6–12 Months):

 Upgrade existing firewalls or network gear.

 Implement traffic load balancing to prevent overloads during attacks.

5.2 FOCUS ON SCALABILITY AND FLEXIBILITY IN SERVICE SELECTION

Given the dynamic nature of online traffic and the potential for fluctuating attack volumes,
Oakwood Hotel Group should prioritise scalability and flexibility when selecting the cloud-
based DDoS protection solution. A service such as Akamai Prolexic or AWS Shield can
automatically scale based on traffic demands, providing robust protection during high-volume
attacks. This ensures the hotel’s systems remain operational without incurring unnecessary
costs during normal traffic.

Japneet kaur Page 9

5.3 REGULAR TESTING AND UPDATING OF DDOS PROTECTION SYSTEMS

Once the hybrid DDoS protection system is in place, regular testing and updates are essential
to ensure the systems function as intended. This includes simulating DDoS attacks to test the
efficacy of each defence layer and updating the threat intelligence feeds and machine learning
algorithms used by cloud-based protection services. Regular testing helps to identify potential
vulnerabilities and ensures that the protection systems remain effective against evolving cyber
threats.

5.4 BUDGET FOR LONG-TERM SECURITY AND RISK MANAGEMENT

While the hybrid DDoS protection strategy may have a higher initial cost, it is a long-term
investment in the hotel’s cybersecurity. Oakwood Hotel Group should allocate a portion of its
annual budget for ongoing maintenance, monitoring, and upgrading of the DDoS protection
systems. In addition, it is recommended that the hotel consider the potential financial impact of
a DDoS attack, including lost revenue, reputational damage, and recovery costs, to justify the
expense of comprehensive protection better. This proactive approach to budgeting will ensure
that the hotel remains protected and resilient to future DDoS threats.

5.5 HYBRID PROTECTION STRATEGY

After analysing the three DDoS protection methods, Oakwood Hotel Group is recommended to
implement a hybrid protection approach, combining the strengths of Cloud-Based
Protection, Web Application Firewalls (WAF), and Network-Level Protection.

Why Hybrid?

 Cloud-Based Protection: Provides scalability and quick protection against large-scale

attacks.

 WAF: Offers targeted protection for web applications, such as the hotel’s booking system.

Network-Level Protection: Ensures deep defence against volumetric attacks and provides
comprehensive internal control

Japneet kaur Page 10

6. Conclusion:
As the hospitality industry increasingly relies on digital platforms, Oakwood Hotel Group must
prioritise protecting its critical online systems against cyber threats like Distributed Denial of
Service (DDoS) attacks. Such attacks can disrupt essential services, impact customer trust,
and cause significant financial loss.

After carefully analysing various DDoS protection strategies, this report highlights that no
solution can fully safeguard the hotel’s infrastructure. A hybrid approach that combines cloud-
based protection, Web Application Firewalls, and network-level security offers the most
comprehensive and balanced defence.

By implementing the proposed phased rollout, Oakwood can address immediate vulnerabilities
while building a strong, scalable security framework for the future. In addition to adopting
technical solutions, regular testing, timely updates, and strategic budget planning will ensure
the hotel’s systems remain resilient in the face of evolving cyber threats.

Taking proactive steps now will safeguard Oakwood Hotel Group’s operational continuity and
reinforce its reputation for reliability and security in a competitive digital landscape.

7. References:
1. Akamai Technologies, 2024. 11 DDoS Myths That Will not Go Away. Available at:
https://www.akamai.com/resources/white-paper/11-ddos-myths-that-just-wont-go-
away

Japneet kaur Page 11

 2. DataDome, 2023. DDoS Mitigation Guide. Available at:
https://datadome.co/guides/ddos/mitigation/
3. Rana Abubakar, Abdulaziz Aldegheishem, Muhammad Faran Majeed, Amjad
Mehmood, Hafsa Maryam and Nabil Ali Alrajeh, 2020. A Study on DDoS Mitigation
Strategies. IEEE Xplore Digital Library. Available at:
https://ieeexplore.ieee.org/abstract/document/9097187

Japneet kaur Page 12