In the field of computing, a "denial-of-service" attack (DoS attack) is an attack on a computer network where the attacker tries to block a system or network resource inaccessible to its intended users interrupting or causing disruption to services provided by a host(it can be a traditional server or a VPS or whatever service you are using) linked to the network. DoS attacks are typically achieved by flooding the target device or resource with unnecessary requests to overwhelm systems and stop certain genuine requests to be processed.
In the event of a DDoS attack, which is a distributed denial of service ( DDoS attack ) the traffic flooding the victim comes from multiple sources. This is why it's impossible to stop an attack by blocking one source.
Distributed Denial of Service or DDoS attack is similar to a crowd of people blocking the entrance of an establishment which makes it difficult for legitimate customers to gain entry which can disrupt trade.
Common target areas for DDoS attacks are:
- prominent Web servers with a high profile like banks as well as credit card payment gateways
- Online shopping websites
- Online casinos
- Any company or organization that relies on online services
DDOS Attack Classification
In the process of determining mitigation methods to defend against these attacks It is helpful to classify them into infrastructure layer (Layers 3, 4,) as well as Application layer (Layer 6, 7) attacks.
# | Layer | Application | Description |
---|---|---|---|
1 | Physical | Bits | Media, signal, and binary transmission |
2 | Datalinks | Frames | Physical addressing |
3 | Network | Packets | Path determination and logical addressing |
4 | Transport | Segments | End-to-end connections and reliability |
5 | Session | Data | Interhost communication |
6 | Presentation | Data | Data representation and encryption |
7 | Application | Data | Network process to application |
Infrastructure Layer Attacks
Attacks on Layer 3 or 4 are generally categorized as attacks on the infrastructure layer. They are the most popular kind of DDoS attack, which includes vectors such as the synchronized (SYN) floods as well as other reflection attacks such as User Datagram Packet (UDP) floods. These attacks typically are massive in size and are designed to overwhelm the network or application servers. However, they are also attacks with distinct signs and are simpler to spot.
Application Layer Attacks
Attacks on Layer 6 or 7 are usually referred to as attacks on the Application layer. Although these attacks are not as frequent, they tend to be more complex. They are usually small in terms of volume when compared to Infrastructure layer attacks , but tend to concentrate on specific costly parts of the application which makes it unusable for actual users. For example, flooding of HTTP requests to login pages, and an expensive Search API or Wordpress flooding with XML-RPC (also called Wordpress Pingback attacks).
DDoS Protection Techniques
Reduce Attack Surface Area
One of the most effective ways to reduce DDoS attacks , is to limit the amount of surface area that could be targeted, thereby making it harder for attackers to attack while letting you construct security in one place. We need to make sure that we don't expose our applications or resources to protocols, ports or applications that don't expect any kind of communication. This means reducing the potential attacks and allowing us to concentrate our efforts to mitigate. In some instances it is possible to achieve this by placing your computing servers in the shadow of Content Distribution Networks (CDNs) or Load Balancers and limiting the direct Internet traffic to specific areas of your infrastructure such as databases servers. In other situations you could make use of firewalls as well as access control Lists (ACLs) to limit the amount of traffic you can send to your applications.
The Plan to Scale
Two of the most important considerations in combating large-scale massive DDoS attacks is capacity for bandwidth (or the capacity to transit) capacity and the capacity of servers to handle and reduce attacks.
Capacity for transit
When architecting your applications, ensure your hosting provider has redundant Internet connectivity to allow the handling of large amounts of traffic. Since the ultimate objective of DDoS attacks is to affect the availability of your resources/applications, you should locate them, not only close to your end users but also to huge Internet exchanges, which will provide your users an easy access to your app even when there's a lot of traffic. In addition, web applications could take it a step further by utilizing Content Distribution Networks (CDNs) and smart DNS resolution services which add an extra layers of infrastructure providing content and solving DNS queries from places that are usually close to the end users.
Server capacity
Most DDoS attacks are volumetric attacks which take lots of resources. It's crucial to be able to quickly expand or reduce the resources you use for computation. This can be accomplished by running your application on more powerful computation resources or by using those that have options like greater expansive networking interfaces as well as improved networking which can handle larger volume. Furthermore, it's typical to utilize load balancers to continuously check and transfer loads between resources in order to avoid overloading one resource.
Be aware of What is considered normal as well as unusual traffic
If we notice an increase of traffic that are affecting the host, the fundamental principle is to take on the maximum amount of traffic our host is able to handle without impacting availability. This is known as rate limit. Advanced protection methods could take it a step further and selectively accept genuine traffic, by analyzing the individual packets. In order to do this, you must be aware of the qualities of good traffic that your recipient typically receives and be able to evaluate each packet to this standard.
Firewalls are deployed for sophisticated application attacks
A great practice is to utilize the Web Application Firewall (WAF) against attacks, like SQL injection and cross-site forgery which attempt to exploit a weakness in your application. Furthermore, because of the specific character of the attacks you will be able to quickly make custom mitigations to unauthorized requests, which may exhibit characteristics that disguise themselves as legitimate traffic or having unreliable IP addresses, unexpected locations or even unexpected locations. Sometimes, it can help in preventing attacks when they occur. receive expert assistance to analyze patterns of traffic and design custom security measures.
Reactie plaatsen
Reacties