Protecting Your Company from a DDoS Attack
The term DDoS has been used a lot in the news this past year, mostly due to the rise of hackers using the DDoS attack as a form of protest. Most people do not know what a DDoS really is though, and even if they know what it stands for, they truly have no idea how it works. For any business or individual who runs a business online, not knowing the damage a DDoS attack can do may be detrimental to the website.
What is a DDoS attack?
A DDoS attack, sometimes called a DoS attack, stands for distributed denial-of-service attack, which simply means that the attack is attempting to take a machine or network offline and unavailable for the users that it is intended for. These types of attacks can be carried out for any reason, from political to just someone trying to get revenge on a company they despise. While there is not a consistent motive that the perpetrators of the attack follow, they all have one common goal. That goal is to hurt the site/company so that it can no longer operate properly.
In terms of legality, all DDoS attacks that are perpetrated are in violation of the IAB (Internet Architecture Board) Internet proper use policy. Though the IAB does not carry any legal power, most industrialized nations have laws against a DDoS attack and carry stiff penalties for the attackers, including jail time. They also violate virtually every ISP’s (Internet Service Provider) acceptable use policy, which solidifies the stance that a DDoS attack is not acceptable in any sense.
How it Happens
So these attacks will take a website or a network of computers offline, but how do the attackers carry out the attack in the first place?
There are many different methods that are used in a DDoS attack, but the most popular method that is used quite frequently is where a system is overloaded with artificial traffic or hits, usually through the use of bots. What this does to a system is that it overloads the bandwidth and system resources so that the server or network can no longer handle the workload that is being requested. Often, the server will continually reset or freeze up due to the large demand being placed upon it.
In addition to this common attack, there are many other ways that an attack can be carried out. Some of these methods include an ICMP flood, UDP flood, UDP attack, HTTP get attacks, SYN flood, a Teardrop attack, low rate DDoS and application level floods. There are many other methods that attackers use, but they are generally rare and very unique to the situation. All these attacks have one thing in common, even though they are different in name. They all trick the web servers or networks with fake requests or traffic and aim to take down a specific target.
Even though a DDoS attack can take down a large site temporarily, the attack usually stops after a few hours, and the worst ones stop after a few days. Usually, they do not have a long term effect on the business, other then the financial losses that might have been suffered. There are such attacks known as a permanent DDoS, but they are rare. In those cases, the attack was so large and overwhelming that the system that was being attack suffered damage beyond repair. This usually only happens in extreme cases, where hackers gain access to sensitive core files of the system and corrupt them.
Any company that does a large amount of business online should be wary of a DDoS attack and how it will affect their business, since an attack can come at any time. Many newer businesses that are online have no clue about a DDoS attack until they are a victim. If they would have educated themselves a bit better about their Internet business, they would realize that they could have had a DDoS protection policy in place and possibly prevented an attack. But how does a company actually protect themselves against an attack when the attack can be very unique and come at any time?
DDoS protection is somewhat of a science that companies have mastered over the years in order to protect their clients. Again, it is not 100% full-proof, as each attack can be unique. But with the information that has been gathered over the years, companies have a much better handle on how to deal with an attack and take care of it before it even hits the website.
The first way a company starts to implement the protection is through identification of a group of IP addresses that they deem to be threatening based on past data. When companies can identify a group of IP ranges that are more likely to cause harm, they can place them either on a blacklist or a list that requires further verification the traffic is legit, such as a CAPTCHA. This security measures make sure that anyone that tries to access the site from a questionable IP will be required to prove they are human, thus preventing bot attacks from flooding a site with fake traffic.
Also, companies will set up a monitoring system as well on the site to monitor the amount of requests and packets that are being requested to the site. When packets start to climb to a dangerous or threatening level, the protection company will then know that a possible attack is underway. Knowing this ahead of time will allow them to properly prepare the system to handle this upcoming attack.
One of the leaders in the DDoS protection industry is LiquidWeb.com, which is also a reputable web hosting company as well. They incorporate the strategies that were described above and much, much more. One of their main features that websites love is the fact that they can filter out the traffic when an attack is in process, which means a company can still allow legitimate traffic through while filtering the suspicious traffic away. With this service in place, customers will never have to worry about downtime on the site and the company can save themselves from the embarrassment of having a site down for days at a time.
Another unique feature about the LiquidWeb protection is that if a customer hosts their site at LiquidWeb and then incorporates the DDoS protection, then the protection can begin instantly. If a customer has to go through a 3rd party for service and an attack is taking place, many times a customer will have to wait a few days due to DNS changes resolving that will need to take place. With LiquidWeb, no changes to the DNS needs to be changed, thus making the protection so much more valuable.
Whatever protection a customer ultimately decides to use is up to them, as some sort of DDoS protection is better then not having any in place. Having a proper plan in place is the only way a company can truly protect themselves from losing business and possibly tarnishing their brand, causing irreparable damage in the future.