DDoS protection essentials: keeping your network safe
Keeping your network safe is an essential, if challenging, task.
While you might have a few security measures and a disaster recovery plan in place, you shouldn’t neglect DDoS protection. As DDoS attacks become larger and more powerful, due in part to growing numbers of poorly secured online devices, your web applications need to be protected from sudden traffic influxes.
It’s much more difficult to stop a DDoS attack than to prevent one. To make sure you’re prepared to protect your web apps, let’s take a look at some common DDoS attacks, their effects on your systems, and how you can prevent them.
Exploring DDoS attacks
So what is a DDoS attack? At its most basic, Distributed Denial of Service means that your server or application is overwhelmed by traffic, rendering it very slow or, in severe cases, completely unusable.
When a user attempts to access your web app, for example, that user’s device sends a request to your application. The application will then send a response.
DDoS attacks occur when so many requests come in at once that the application is not capable of handling them all. While your application grinds away at all of the inauthentic requests, your legitimate users cannot access it.
Technology is complex, especially once it is online, so there are myriad types of DDoS attacks that could happen to your web app. According to the Open Systems Interconnection (OSI) model, computer systems have seven layers of network communications, and any of these could be susceptible to attack.
However, we’re focusing on attacks targeting Layers 3, 4, and 7 for now :
Layer 3
This is the network layer. It puts data into packets and is responsible for routing those packets between multiple devices and networks. There are a few common attacks that target Layer 3.
● ICMP flooding. This is one of the most common Layer 3 attacks, and it works against the receiving network by overwhelming it with ICMP echo requests. Normally, the echo requests are used to determine whether the receiving network can be reached. In this attack, they are used to tie up network resources and prevent legitimate traffic access.
● IP fragmentation. Packets are not always routed as whole entities. Instead, they may be sent between destinations in smaller pieces. IP fragmentation attacks disrupt the target with large numbers of packet fragments, which causes reassembly failure, allows the fragments to evade the firewall, and rapidly consumes processing resources.
Layer 4
Layer 4, under OSI, is the transport layer. It manages message transmission, ensuring accurate and complete data communication.
Segments that become data packets in Layer 3 are created by Layer 4. This layer adds sequence information to segments to ensure accurate reassembly after transmission, regulates transmission speed, and checks for errors.
The most common type of Layer 4 attack is the SYN flood, which opens connections (in extravagantly large numbers) to the target but never closes them. Because none of the connections are closed, there comes a point at which the server or application cannot open any more connections, blocking legitimate traffic that tries to access it.
Layer 7
Layer 7, or the application layer, is the direct connection between the user and an application.
This means that a user who tries to log in to an application is interacting with Layer 7, and by the same token, a Layer 7 DDoS attack tends to target end user protocols and fillable forms. Two common Layer 7 attacks are:
● HTTP get: This type of attack requests files. Requesting a large enough volume of files, images, and other data can very quickly slow down or stop processes.
● HTTP post: When you fill out a form on a website, you are providing data to the website owner. When bots fill out a form during a HTTP Post attack, they are overwhelming servers with processing demands.
The servers eventually run out of capacity to process more information. CAPTCHAs are one way to limit this kind of attack, but given that they tend to also limit your customers’ interest in your application, a more comprehensive (and less intrusive) method of DDoS protection is preferable.
The importance of DDoS protection
DDoS attacks may not seem like a big problem. Typically, they don’t last very long, and they don’t generally steal or erase your data. However, they can be surprisingly expensive and often create a lot of problems for targeted organizations.
Even if a DDoS attack only lasts an hour or two, the time that your web app is down is time that you aren’t making sales and generating revenue. That is also time in which your customers can become frustrated and angry.
Especially if your application contains customer information, inaccessibility can be detrimental to your reputation and customer satisfaction. Additionally, internal operations can be affected. Downtime for your application could very well mean downtime for employees if they can’t access data needed to do their jobs.
As IoT devices become more prevalent, DDoS attacks become larger. Many IoT devices are poorly secured. Users do not change default usernames and passwords much of the time, and they tend to neglect other security measures for those devices like access management and activity monitoring.
As a result, DDoS attacks have been breaking records for length of downtime and number of bots used in the attack.
You can’t control how other people secure their IoT devices or how many bots come for your web app.
However, you can implement DDoS protection, which provides a defence against even the most tenacious bots. With adequate protection, sudden traffic increases don’t have to take down your application, allowing your legitimate traffic access even during an active attack.
DDoS protection can make the difference between a functional, if a little slower than usual, experience for customers and a completely unacceptable one. At best, it’s inadvisable to risk the losses in revenue or reputation. At worst, your organisation may not survive a successful attack.
Protecting against DDoS attacks
These attacks are not things to take lightly, but in most cases, they can be prevented. DDoS protection solutions are highly effective preventative measures, and they are generally the only way to truly avoid DDoS attacks in the long-term.
The best DDoS protection solution for your organisation should have:
● Attack notifications that ensure you know immediately after an attack is detected.
● Automated monitoring of your network and application.
● Analytics to help identify attack correlation and activity patterns.
● Capacity management to limit the impact an attack has on your legitimate traffic.
● Integration with platforms you’re already using.
Although this is not a comprehensive list, make sure you’re looking out for these qualities in any DDoS protection solution you find. To effectively prevent and mitigate attacks, it’s important to have solutions that can act at any layer, especially 3, 4, and 7, the most common sites of a DDoS attack.
Don’t let DDoS attacks take your network down. With effective protection solutions, you can prevent most DDoS attacks from occurring. Those that do occur can be quickly mitigated, and the right solution may be able to keep your legitimate traffic from noticing a problem at all.
If nothing else, you can put your audience through fewer CAPTCHA hoops, and that’s a definite win.
Continue reading…