What technique can best help reduce the severity of a distributed denial-of-service (DDoS) attack?

Filtering traffic at the firewall is an effective technique to reduce the severity of a distributed denial-of-service (DDoS) attack. This method allows organizations to analyze incoming traffic and filter out malicious requests before they reach the intended server. By setting up rules and configurations in the firewall, you can identify and block traffic that appears suspicious or is known to be part of a DDoS attack. This proactive measure helps maintain service availability and protects the underlying infrastructure from being overwhelmed by malicious traffic.

Other options may not effectively address the core issue of a DDoS attack. Changing your ISP might shift the problem temporarily or possibly improve connectivity, but it does not provide an actual defense against DDoS attacks that can target any network. Installing a different web server like Apache instead of Microsoft IIS won’t inherently protect against DDoS attacks, as both could be vulnerable to similar types of attacks. Lastly, placing the database and web server on separate systems can enhance performance and security overall, but it does not specifically mitigate the impact of a DDoS attack. Hence, filtering traffic at the firewall stands out as the most practical defensive strategy in this scenario.