Understanding the different types of DDoS attacks
If you’ve been reading up on internet security, you may be aware that DDoS attacks are one of the major headaches of the modern internet. You may not, however, be aware of the fact that there are different types of DDoS attacks and that you need somewhat different approaches to dealing with them.
DDoS Attack Types
Ultimately, there are only two types of DDoS attacks. These are infrastructure-level DDoS attacks and application-level DDoS attacks. The former takes place at layers three and four of the OSI seven-layer model. The latter takes place at layers six and seven of the OSI seven-layer model.
Infrastructure-level DDoS attacks require little skill to implement. They can be devastating while they last but they generally only last a relatively short time. This is because they are very easy to detect and their unsophisticated approach means that they are generally very easy to remedy.
Application-level DDoS attacks do require skill to implement. They are relatively stealthy because they typically only target the highest-value parts of a website such as the login page or the payment page. This makes them harder to detect and harder to remedy.
DDoS Attack Prevention
The nature of DDoS attacks means that it’s virtually impossible to prevent them from happening at all. It is, however, very possible to minimize, if not eliminate their impact. You do this by managing your infrastructure to absorb the attack while you work on identifying the specific attack vector being used and dealing with it.
Your first line of defense against DDoS attacks is as much bandwidth as you can afford. Your second line of defense is a web applications firewall. Your best option is usually to invest in a website vulnerability scanner that will have both a WAF and an anti-malware scanner.
You want to use your firewall (and your other network-traffic-filtering options) to keep out undesirable traffic, while still letting in the traffic you actually want. Of course, it can take a bit of trial and error to get this right and it’s never guaranteed to be perfect but it should be a strong defense.
Your last line of defense against DDoS attacks is to deploy your network infrastructure astutely. For example, you could look at solutions such as smart DNS resolution services, content distribution networks, and load balancers. All of these can help to keep your traffic moving as quickly as possible so that your users experience little to no impact during a DDoS attack and you can take remedial action quickly, quietly, and discreetly behind the scenes.
Identifying a DDoS attack
As previously mentioned, one of the most frustrating features of DDoS attacks is that they are virtually impossible to prevent. This means that you need to be really on the ball to identify them when they are in progress and to take action before they become critical. With that in mind, here is a quick guide to some of the key signs of a DDoS attack.
1. Your traffic shoots up for no obvious reason
Make sure that you have effective internal processes for communicating any actions taken internally which might lead to a sudden spike in traffic to your website. For example, if your sales team wants to run a flash promotion, they need to let you know first.
2. You receive multiple requests from the same IP address in a short period
While this is a classic sign of a DDoS attack, there is a nuance you need to appreciate. There are plenty of legitimate uses for internet bots that make super-fast, repeated requests in a short period. For example, web search engines use them to crawl sites to provide internet results. You, therefore, need to make sure to whitelist the “good” bots or you could end up causing yourself a lot of trouble.
3. Your server responds with a 503 due to service outages
Set up your server to email an administrator if it experiences a 503 error. These are not unique to DDoS attacks (although DDOS attacks are a common reason for them) but they do need to be investigated.
4. Your ping requests time out
If you’re running a business website, you should be using a ping-testing service to keep track of your website’s responsiveness. As with the server 503 error, this is not necessarily a sign of a DDoS attack, but it is a sign of a problem that needs to be investigated.
Employees complain of slow connectivity
This only applies if your website and your internal network use the same connection and again it is not necessarily a sign of a DDoS attack but it does need to be investigated.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
Removal
Security stack layer 1
Malware Detect & Removal
Our malware detection scanning, preventive methods and removal enables you to take a proactive approach to protect the business and brand reputation from malware attacks and infections.
- Unsuspecting websites get infected with malicious code.
- Continuous website monitoring to detect any incidents.
- Identify and remediate the cause to hardening your websites.
Comodo cWatch Web can identify malware, provide the tools and methods to remove it, and help to prevent future malware attacks at the edge before it hits the network, included as a paid member.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Response
Security stack layer 5
Cyber Security Operations Center
Our exclusive C.S.O.C. is staffed with certified security analysts to monitor, assess and defend websites, applications, databases, data centers, servers, networks, desktops and other endpoints.
- 24 / 7 / 365 security monitoring using state-of-the-art tech.
- Engage clients of complex threats to resolve the issue.
- Real-time web traffic monitoring and proactive incident fixes.
C.S.O.C. checks for threats, identifies and analysis then performs the necessary actions to resolve the issue while offloading costs of in-house experts by using stack layer 3 to handle the heavy lifting.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Intelligence
Security stack layer 3
Security Information • Event Management
S.I.E.M. collects logs and events the network traffic and web assets, security devices, operating systems, applications, databases, and reviews the vulnerabilities using artificial intelligence to process.
- Reduces billions of events into prioritized threats real-time.
- Identifies changes in network behavior with activity baselines.
- Flows data searches in real-time streaming or historical mode.
S.I.E.M. senses and tracks significant threats to links to all online supporting data and context for easier investigation. While anomaly detection to identify changes associated with the network safety.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Prevention
Security stack layer 4
Web Application Firewall
W.A.F. by Comodo eliminates application vulnerabilities to protect websites and web applications against advanced attacks including Denial-of-Service (DDoS), SQL Injection and Cross-Site Scripting.
- Destroys malicious requests and thwart hack attempts.
- Protection to account registration forms and login pages.
- Malicious bots and brute force attacks are block and patched.
Combined with malware scanning, vulnerability scanning and automatic virtual patching and hardening engines provides robust security is fully managed for Comodo cWatch Web customers.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Performance
Security stack layer 2
Add a network of globally distributed servers designed to boost the speed for websites and web applications by transferring content to your user based on their proximity to the nearest CDN web server.
- Proven to increase search engine rankings and site scores.
- 29 worldwide CDN node locations to reach your users.
- Save your bandwidth by leveraging CDN browser caching.
CDN serves your users your website content with virtually unlimited capacity. Giving you the freedom to focus less on site maintenance, more on scaling the uptime of your traffic and target audience.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Compliance
Security stack layer 6
Payment Card Industry • Data Security Standard
PCI • DSS ensures that your customers' cardholder info is kept secure from security breaches through a meticulous scan of your network and applications to identify and fix security vulnerabilities.
- Simple and automated way to stay compliant with PCI • DSS.
- Pass the requirements for the 12 points PCI • DSS standard.
- Schedule on-demand PCI scans to report quarterly results.
Establishes and implements a firewall, hardens your environment, disables unnecessary services & configures system parameters to prevent misuse, ensures system audit components are protected.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
© 2024 Comodo Security Solutions, Inc