In this subject we will cover the below topics:
What is DDoS actually?
What are the effects of DDoS?
What solutions available to block DDoS?
What is the best approach to be protected?
What DDoS actually is?
Distributed Denial of Service
“DDoS” is a group of systems/networks either infected with some Viruses/Trojans
or being used by someone to target a specific victim and causing a denial of
service for it by overwhelming and consuming network bandwidth or system
resources. We called it distributed because the source of the attack may come
from anywhere in the world – even your PC if infected- and mainly for a botnet
where thousands of attacking hosts ready to start DDoS.
This can last for an undefined time,
so some attacks can last for a couple of minutes while others can last for days.
Another important factor
distinguish the DDoS attacks is the size of it, whenever the attack size is
large, the bad effects of it will be more and more as we will explain in the coming
sections below.
What are the effects of DDoS?
The effects of DDoS attacks actually differ in terms of
the victim type and the size of this attack, we can list them in the points
below:
- Lose productivity and stop services, for example e-commerce site, online shopping, etc.
- Lose sensitive information, for example, banking online systems.
- Reduce the reputation for the target of the attack, especially if it is a big brand.
- Loss of business customers for ISPs hosting them.
- Large attacks can affect internet service in a country as a whole in case of large volumetric DDoS attacks.
What solutions available to block DDoS?
Due to the bad effects of DDoS attacks on the business, personals, and companies, multiple DDoS mitigation solutions developed and became a must for business continuity and stability. Mainly the attack size and attack types/complexity were the leaders for the different vendors to develop their DDoS Detection and Mitigation Solutions.
We can divide the types of DDoS Detection and Mitigation solutions into two main types:
- In-House Solution
This solution is depending on building a solution within the network by having both DDoS Detection device and DDoS Mitigation device. As its name indicate, the Detection device will be responsible about monitoring the network behavior and detect any malicious traffic that may harm the network, the detection normally done by receiving the Flow info like (Netflow,Jflow) from the boarder routers of the ISPs, and notifying the related systems as NOC.
On the other hand, the Mitigation device will clean and remedy the DDoS attacks, by filtering out the bad traffic and let legitimate traffic to pass towards the destination.
The most known vendors in this field are Arbor (NETCOUT), A10, F5, Radware, Flowmon,Coreor
2.Cloud Solution
This solution is actually depending on sending the DDoS attack traffic away from the network and steer it to cloud mitigation center called scrubbing center that will handle this attack and send only the clean traffic back towards the destination. This is usually done through BGP communities with these cloud mitigation centers.
The best in this field are Voxility, Imperva, Akamai, Cloudflare, NETCOUT, Radware
What is the best approach to be protected?
Well, I know that DDoS attack is a bad thing; so I am deploying a solution within my network to protect myself and detect any malicious traffic, so I am using In-House solution. But you know this is not enough!!! Recently I am receiving huge attacks that are detected and mitigated through the In-House DDoS solution, BUT at the same time the traffic still coming through my upstream links, and eventually this is causing the links to be fully utilized, and consequently causing a big delay. So What to do?
This situation makes it a must to get help from the cloud mitigation solution and directing the DDoS attack away from my network, by this the attack will be cleaned by the cloud solution and will receive only trusted traffic on my upstream providers.
So the secret key is to have a Hybrid solution, which is deploying both In-house and Cloud DDoS Detection and Mitigation solution, by which the controllable attacks will be handled by the In-House part, while the huge and volumetric attacks will be handled by the cloud mitigation part
0 Comments