A distributed denial-of-service (DDOS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.
To make it simple, let’s say we have one server which is acting as our web and mail server. We know that each time we browse a page on the server the webserver on it will process the request and display the page on your browser. In order to do this, there should be enough resources on the server such as CPU, memory, hard disk and network bandwidth.
Consider the scenario that your web server is running out of memory. If a visitor tries to browse a page on a site hosted on your web server, he will not be able to load the page because the server has reached its resource capacity and is unable to service the request.
Now, let’s see how DDoS attacks take place. An attacker sends data packets to the server in large volumes from different computers. This consumes all resources on the server and when users try to access pages on a website, they see a denial of service message. In other words, they cannot get the required response from the server.
In order to execute this attack, the attacker has to direct a huge amount of traffic to the server. This is not possible from a single computer alone as the bandwidth on the computer may be much lower than the bandwidth available to the web server itself. So, the attacker finds malware or virus infected computers and illegally installs software on each computer which sends web traffic to the web server. There will be thousands of infected computers and the users on these computers are completely unaware of the issue unless caught by antivirus software. They may experience some slowness on their network or notice web pages loading slower than usual.
DDoS attacks are blocked using higher end firewall solutions which are installed at the data centre where your server is hosted. Not all hosting providers provides this facility though so make sure you request this as part of your infrastructure solution. Without this, in the event of a DDoS attack, the hosting provider may switch your server off as this utilises the capacity of the bandwidth available for traffic coming into the data centre.
Security tools and an actively managed firewall are capable of scanning the patterns of data packets directed to the server and identify if these are legitimate server requests or an attack. If it is an attack, the firewall rules are set to automatically block the source so that no further requests can be made by the source of the attack. DDoS attacks can affect any server accessible via the internet not just web servers, but mail servers and fileservers as well.
If you haven’t done so already, speak with your IT Partner or IT department and ensure that the correct measures have been put in place to protect your infrastructure and avoid loss of business and unnecessary downtime.
If you need further advice on how to safeguard your network, find out more about our IT Infrastructure services.