Hello,
It really depends on the services you are providing. If you have an API, you would want to protect that service from attack. Following the TCP/IP model, the application layer can become a large target (Zero-Day attacks, attacks on certain ports for services such as Apache). Keep in mind that DOS and DDOS attacks are 2 separate things. If the DDOS attack is large, you will see an impact in performance. One example involved Spamhaus that received a 300 Gigabit DDOS attack. Even with mitigation services, network routers were having trouble handling that much traffic. I suggest finding a good mitigation service to shield you from these attacks.
Some Mitigation Service Providers:
.
https://cloudflare.com/ .
http://www.prolexic.com/services-dos-and-ddos-mitigation.html .
http://www.incapsula.com/ddos/ddos-mitigation-servicesEven hosting providers are implementing these services. I would personally look into Cloudflare.
Best,
Cameron Halter
https://ibtcard.com
