Blog
FAQ: What are DDoS attacks?
February 10th, 2015
What is a DDoS attack?
Distributed Denial of Service (DDoS) attacks are a form of cyberattack that aims to disrupt access to a service (such as a website) in order to extort the owner or to serve as a distraction whilst another attack occurs. DDoS attacks are usually driven by a botnet (a network of infected machines) which overwhelm the service and prevent access to legitimate users.
DDoS attacks usually attempt to overwhelm services using one of two methods. Either by sending a massive number of connection attempts or by using up all available bandwidth. Any business or organisation can be a target for this type of attack. In some cases, DDoS attacks can even be directed at individuals, although this is rare.
What’s the difference between a DoS attack and a DDoS attack?
The difference between these two attacks is that a DoS attack typically comes from one machine which is utilising a single connection, whereas a DDoS attack uses multiple machines and multiple connections.
What are the types of DDoS attack?
1. Bandwidth flooding
Also known as a volumetric attack, this attack involves saturating a server’s bandwidth with bogus packets to the point that legitimate users can no longer communicate with the server.
2. Resource flooding
This attack involves sending an overwhelming number of resource request to the server or gateway devices such as a firewall; causing CPU usage to peak. Since the CPU is being used for menial requests, genuine requests either fail to get through or are processed incredibly slowly.
3. Application-level flooding
This attack targets the software which runs on the server with the aim to flood it with so many requests that the software crashes, taking the server offline.
How can I stop DDoS attacks?
The number one question is how do we protect ourselves from these attacks or at least mitigate our risks?
Well, there are devices that companies can purchase that claim to prevent DDoS attacks such as SMB\E firewalls but these won’t help you if you are a victim of large-scale attacks.
So firstly you need to review your attack surface and mitigate risks. For example, say you run an e-commerce site, it’s probably not advisable to run it from your premises. You may find an attack on this site not only knocks out your e-commerce site but also other critical business services, such as email, remote workers and access to cloud services.
Depending on your environment, you may wish to host critical services and servers in a provider’s cloud infrastructure. Another option is to look at co-location (rented space in a data centre). Most cloud providers are going to have access to bandwidth far greater than anyone else – do check this though! Cloud hosting platforms are great for being able to scale out quickly in terms of system resources and network connections when you see high demand. Increasing numbers of web servers and balancing traffic between them may also help you in a TCP connection attack.
Volumetric attacks on bandwidth are a lot more brutal so how do we defend ourselves against these? Again you can use cloud providers for your online sites so they can deal with the volume. However even they will struggle with the scale of the attacks seen by Sony and Microsoft.
So what else can we do? Well, you can buy services from third parties who will route the attack via them and take the initial impact whilst trying to counteract the hackers, or you could have geographically separated infrastructure that sees a mirror site of your current environment which can ease the strain in an attack.
There’s a fair chance that you may never experience a DDoS attack on your IT systems. However, you should take the time to understand what the risks are and how/if you will mitigate them.
How AI is protecting businesses from cyber-threats
We are currently in the middle of another industrial revolution. This so called Fourth Industrial Revolution (4IR) has the potential for change on a massive scale. The first industrial revolution brought us mechanisation and steam power. The second introduced production lines and electricity. The third added computerisation and robotics. And now the fourth promises interconnected […]
Why your business needs two Internet connections
Your business’ Internet connection now means so much more than just being able to browse websites. So many programs, services and features rely on an Internet connection that if yours went down, you would feel an instantaneous impact. Businesses constantly use the Internet to communicate with their clients, collaborate with colleagues and access cloud-based systems […]
SIEM Solutions Guide: What is SIEM and why is it an essential investment for all businesses?
That’s no simple task with the increasingly complex IT environments and constantly evolving cyber-security landscape. With new threats appearing every day, IT Managers need to build an effective stack of cyber-security tools to help them keep their infrastructure as secure as possible. In this article, we will explore the role of SIEM solutions within that […]