What is DoS and DDoS attack protection?

What Is DDoS Attack Protection?

Unfortunately, the term “DDoS attack” has become quite familiar to those who operate company or organization websites – and even those who read or watch the news. DDoS (Distributed Denial of Service) blasts have become so common that around half of all firms surveyed by IT research companies say they’ve been a target over the last year. And even though news stories focus on the large financial institutions, payment providers and media outlets who often suffer through extended DDoS issues, everyone with a website is a potential target, from colleges to small businesses.

That’s why the term – and the necessity of putting effective DDoS attack protection in place – has become so familiar to those responsible for their company’s IT operations. It’s also a major concern for the executives who could be facing costs of anywhere from $5,000 to $500,000 for every hour that a DDoS against their data centers or web servers is underway.

What is DDoS Attack Protection?

“DDoS attack protection” is a two-pronged strategy, used to fight large-scale traffic blasts which would otherwise disrupt a website’s ability to serve legitimate users. The two important components are DDoS prevention and DDoS mitigation; prevention involves “hardening” a server installation or data center against the most common methods of infiltration and monitoring for signs of an attack, while mitigation describes ways to divert malicious traffic so it cannot bog down or completely stop website and server operation.

Neither method can independently protect against a DDoS. Steps to prevent problems are crucial, of course, and can stop some attacks before they begin. Once it’s “too late,” though, the clock starts ticking on website downtime and the costs of bringing the situation under control mount rapidly.

Key Steps in DDoS Attack Protection

There are many different levels of sophistication in DDoS attacks. Some are relatively small and “simple” floods of malicious traffic which may be able to be blunted by measures like the proper use of firewalls, load balancing and a maintaining a large surplus of bandwidth. Others target vulnerable protocols or ports like ICMP or UDP port 53 (used for DNS queries) which can often be blocked or closed without affecting server operations. Dedicated software can monitor the nature and volume of traffic to allow automatic or manual blocking of questionable queries or requests.

All are important steps in DDoS attack protection from the standpoint of prevention, but most won’t help in the event of large brute-force attacks or more dangerous pinpoint strikes against applications. That’s where the second level of protection comes in: DDoS attack mitigation. An enormous flood of malicious traffic can take down a server in minutes or even seconds, so an effective plan to handle all of that traffic is the key to keeping websites functioning in the midst of a DDoS. That plan involves diverting and “scrubbing” the traffic.

There are hardware solutions which can be installed in data centers which can handle the task, at least some of the time. Unfortunately they’re extremely expensive to purchase and operate, and they still won’t be able to deal with many of today’s high-volume attacks which eat up all available bandwidth in a flash.

The preferable solution is to use an off-site DDoS cloud mitigation service which is able to field the enormous flood of traffic often used to conduct an attack. When a DDoS is detected, all traffic is diverted away from the data center and into the cloud, where the mitigation service analyzes and categorizes each request originally destined for the server. Malicious traffic is refused and never gets near its target, while only legitimate traffic is allowed access. With this method of DDoS attack protection, websites remain online and servers remain active while the negative effects of the DDoS are thwarted.

DDoS attack prevention isn’t something which should be an afterthought, simply left in the hands of an ISP or IT staff which promises to be able to handle all issues. It’s up to management and ownership to ensure that an effective plan encompassing both prevention and mitigation is in place, and is sufficient to prevent the enormous financial losses a DDoS can quickly cause.

About Sharktech

Sharktech is a private company founded in 2003 by CEO and DDoS Protection Pioneer Tim Timrawi. The company has more than 25 employees throughout its headquarters in Las Vegas, Nevada, and data center facilities in Los Angeles, CA, Denver, CO, Chicago, IL, and Amsterdam, Netherlands.