Know the types and layers of DDoS attacks and how to fight them
DDoS stands for Distributed Denial of Service, a malicious attempt to disrupt and suspend internet and network services. A well planned and executed attack of this kind could bring a network to its knees, destroy critical data or prevent a network being used until a fix is found. Most DDoS attacks are carried out remotely and aim to cause as much disruption to the target destination as possible. That target destination could be a home computer, a business server or a high profile Government or Military target. With DDoS attacks on the rise, it is important to understand the many layers and types of attack that are currently in the wild.
Unlike DoS (Denial of Service) attacks, which flood a target by using one computer and one network connection, DDoS attacks work by using a number of compromised systems (usually by infecting them first with a Trojan virus) to target a single system. DDoS attacks by their very nature are hard to predict or trace.
DDoS categories - types of DDoS attack
Application Layer Attacks - If you are using Apache, Windows or OpenBSD, your servers could be at risk from an application layer DDoS attack. The goal of most DDoS attacks of this kind is to bombard the server with seemingly innocuous requests that will eventually crash the server and prevent legitimate users from accessing a website, remote network or online service. The impact on a business can be huge. Just a few minutes downtime could damage company revenue and reputation significantly.
Volume Based Attacks - These DDoS attacks include ICMP floods, UDP floods and other means of flooding a network with spoofed packets. Because the network is expecting packets of this nature, it allows them to be accepted onto the network. The goal of the attack is to saturate the network's bandwidth thus preventing legitimate traffic and data from getting through.
Protocol Attacks - The objective of a protocol DDoS attack is to eat up server resources and to stop hardware, software or users from communicating with that server by utilizing known vulnerabilities of network protocols. Ping of Death, SYN floods and Smurf DDoS are all common examples of protocol attacks.
The number of DDoS attacks is growing. What can you do to fight them?
As technology becomes more advanced, malicious attack methods are following suit. The only way to truly stay one step ahead of hackers using DDoS and DoS attacks is to utilise a high performance perimeter defence system. By using a system that analyses incoming data at every layer, you can mitigate risk and keep your online resources and internal network working perfectly without the threat of suspension or interruption. The ROI of investing in perimeter security far outweighs the initial cost and implementation of such a defence system.
Identifying a DDoS attack early will give you the best chance of taking evasive action. Get to know the typical profile and pattern of your inbound traffic. Most firewalls allow you to build profiles around allowed inbound traffic and to block the traffic that is not permitted on your network. Look out for sharp spikes in traffic or unexpected surges when surges don't tend to happen. It is also recommended to move your data to a dedicated server and properly configure your OS and webserver modules.
You may also want to configure your routers in order to add another level of security and detection. Here are some suggestions:
- Set a traffic limit on your router to prevent your server or network being overwhelmed
- Set filters on your router so that malicious packets are detected and dropped
- Configure your router to drop malformed or spoofed packets
- Set up VPNs and other trusted network connections and trust only data sent between these entities
The good news is that there is a wealth of defence technology available that is designed to detect and prevent these attacks from achieving their disruptive objective. Incloudibly have developed a proprietary traffic analysis and packet inspection system that will protect your application and services from all types of DDoS attacks. We offer both off-site (remote) and on-site (DDoS protected dedicated servers hosted within our network) DDoS protection packages for you to choose which solution best meets your requirements. In most cases all we need to know to get you protected is your domain name (or names) and IP address of your server. Should you need more information, please feel free to contact our support service which is available 24/7.