This post is supported by Penta Security.
You have likely heard all about distributed denial-of-service attacks (DDoS), and know that they are a type of cyberattacks used to target Internet-connected computer systems. But how exactly does a DDoS attack disrupt operations, what are the types of DDoS attacks out there, and how can they be defended against? We take a closer look.
The quick primer
In a way, DDoS attacks are the distributed version of DoS, or denial-of-service attacks. The objectives of both are the same though, which is to disrupt the services of a website or online service. On its part, DDoS ups the ante by leveraging a large pool of PCs to vastly amplify the power and impact of the attack on the victim.
These computers used in a DDoS attack are typically compromised machines known as “zombies” that are remotely controlled by the attacker through a “botnet”. They serve the additional purpose of obfuscating the origins of the attacker, on top of stealing their processing capabilities and Internet bandwidth to facilitate the DDoS.
With as many as thousands of machines potentially participating within the botnet, the distributed nature of a DDoS is what makes it exceptionally difficult to address at its root. It also means that the apparent antagonist is often another victim; attacks typically peter out before the owners of the hijacked machines could be informed.
Understanding the attacks
Though the objectives are the same, there are literally dozens of types of DDoS attacks. While it would be a pointless endeavor to attempt covering every one of them, they can generally be categorized into three broad types of attacks.
Resource exhaustion types of DDoS typically exploit how communication protocols work, deliberately sending erroneous or out-of-order data packets to consume the server resources of the destination website or associated networking equipment – employing a mere fraction of computational and network resources to do so. As an increasingly large proportion of resource is rapidly consumed, legitimate users visiting the same site will experience dramatic slow-downs or an interruption in their access.
This is the most basic, but the hardest to mitigate without external assistance. Though volumetric attacks have the same goal of starving legitimate users of access, a volumetric attack does so by saturating the bandwidth with repeated loading of the web site orchestrated through a botnet. The aggressive loading means that just a thousand (zombie) home machines with a broadband connection, for instance, could easily overload a web site that is not designed to handle a load numbering in the tens of thousands of users.
- Application layer attacks
This is a sophisticated category of attack that typically leverage weaknesses in how web sites are programmed to consume server resources with a relatively small number of requests. Specific pages of your e-commerce site could be targeted, either by repeatedly loading them – though not as frequently as in a volumetric attack, or injecting data in a way that crashes the entire site. They can be very hard to detect, though once identified, can be fixed by a skilled developer.
Defending against DDoS
Fortunately, the amount of resource required to mount a serious and sustained DDoS attack does mean that the chances of it happening to smaller organizations is lower. Yet SMEs with their fewer resources that can be allocated to cybersecurity are also disproportionately impacted by such attacks when they do occur.
Aside from hiring network experts and deploying sophisticated (and expensive) infrastructure to mitigate and preempt such attacks, the easiest way for SMEs to protect themselves would be to leverage the use of a website security service to transparently intercept and filter out most types of DDoS attacks.
There are many such services out there, with some offering additional capabilities on top of DDoS protection. For example, Penta Security’s Cloudbric service takes care of over 20 types of DDoS attacks, and also incorporates a web application firewall (WAF) to block various non-DDoS types of web attacks through analysis of the network traffic. Moreover, the current status of the site is visualized through an interactive dashboard fed with real-time data, giving organizations a simplified interface to monitor the site. You can read more about protecting your website with Cloudbric here.
In a nutshell, it doesn’t cost you an arm and a leg to implement proper DDoS and security protection for your organization.