What is DDoS and how is it mitigated?

What is DDoS – And How Is It Mitigated?

Remember the good old days when the most serious computer security problems facing businesses were which anti-virus program to use, how often to change passwords, and whether Linux was really safer than Windows?

Today those are minor questions, on the same order of importance as whether to have one or two sugars in your morning coffee. Those whose livelihood depends on the reliability and uptime of their websites and servers have much bigger concerns to deal with – and the biggest of all is the continuing threat of DDoS attacks.

A comprehensive, proactive plan to prevent and mitigate DDoS attacks on data centers and servers is crucial for any company or organization operating online.

What is DDoS?

DDoS stands for Distributed Denial of Service. It is a comprehensive and malicious attempt to disrupting Internet connections between a host or server, and those trying to access it.

A simple Denial of Service attack is relatively easy to repel because it only originates from a limited number of sources. A Distributed Denial of Service, however, utilizes techniques (such as the use of botnets) to generate enormous floods of incoming traffic from hundreds, thousands or even hundreds of thousands of computers simultaneously. This level of Internet traffic is designed to overwhelm the machines that serve content or other resources to users, and is almost impossible to fight without the use of specialized approaches and tools.

The majority of DDoS attacks are “volumetric” in nature, with the sheer volume of connections meant to use up all of a server’s available bandwidth and force it to go offline. Other methods are designed more specifically to use up a machine’s resources (“protocol” attacks) or to target specific applications running on the server (“application layer” or “layer 7” attacks) with apparently legitimate requests for data. The latter are the most difficult to mitigate.

DDoS attacks against businesses and organizations are increasingly frequent, increasingly powerful and increasingly costly. Surveys have shown that as many as half of all companies are targeted each year, website or server downtime during a DDoS typically lasts from 6-24 hours, and the average business loses about $40,000 per hour during an attack (not including hidden costs such as those due to lost customer confidence).

Any company that’s online and doesn’t have a full DDoS prevention and mitigation program in place is eventually going to pay the price.

How Is DDoS Mitigated?

Part of the battle against DDoS attacks involves prevention. That’s done through a combination of “blocking all of the doors” through which hackers and other bad guys commonly launch their forays (this includes measures like hardening firewalls and load balancers, blocking unused ports and implementing packet restrictions), robust monitoring software that also blocks problem IPs, and having an excess of bandwidth plus distributing traffic across as many machines or data centers as possible in order to withstand volumetric blasts.

Some attacks, though, can’t be prevented. The bigger issue is stopping them from taking down your servers and denying service to your customers once they’re underway. But how is DDoS mitigated?

The most effective method is to engage the services of a third-party service to “scrub” traffic, only allowing legitimate requests to make it all the way to the company’s servers or infrastructure. At the first sign of an attack, all traffic headed for the target machine(s) is rerouted directly to the DDoS mitigation service, which operates on the cloud. Through comprehensive analysis, green-lighted traffic is sent to its destination with no noticeable lag time, malicious traffic is blocked completely, and suspicious traffic is checked further until it can be categorized. With this method, data centers and servers remain fully active and are able to serve legitimate clients, while the brunt of the attack is sent off into the cloud where it won’t cause trouble.

The same techniques can be implemented in-house with extra hardware, software and bandwidth, but the costs are prohibitive for most companies. In-house DDoS prevention, coupled with third-party DDoS mitigation, is the approach that makes sense for the majority of potential targets – which includes just about anyone doing business online.

About Sharktech

Sharktech is a private company founded in 2003 by CEO and DDoS Protection Pioneer Tim Timrawi. The company has more than 25 employees throughout its headquarters in Las Vegas, Nevada, and data center facilities in Los Angeles, CA, Denver, CO, Chicago, IL, and Amsterdam, Netherlands.