DDoS attacks set records. How to quickly and cheaply protect your business?



    Introduction


    According to Akamai and Arbor Networks, in the first quarter of 2016, a record was recorded for the number of powerful DDoS attacks - 19, each with a capacity exceeding 100 Gb / s. On average, the activity of DDoS attacks has grown slightly less than twice, if we compare the indicators year to year, and the peak attack power has almost reached 600 Gb / s.

    Industry analysts say that the situation is getting worse and no positive dynamics can be expected. Today, free or low-cost online services are spreading more and more, which make it easy and quick to organize a DDoS attack. Widely known LizardStresser from the hacker group Lizard Squad. More than a dozen botnets were built on its basis. Despite the fact that hackers increase their power, most of the Internet resources “fall” from the simplest attack,
    not exceeding power and 1 Gbit / s.

    Attack methods are known. Hackers use the features of network protocols. With the help of foreign servers, an attack is organized on the victim, which clogs the communication channel and takes him offline. The most popular method is DNS amplification, which accounts for almost 1/5 of all attacks. They are followed by NTP, CHARGEN, and SSDP amplification. More than half of the attacks at the same time combine all of these methods, leaving the victim almost no chance to repel the attack. The only positive dynamics is the time of attacks - on average it decreased by 1/3 compared with the 2015th year. These record numbers, both in quantity and in power, are increasingly troubling business owners who depend on Internet resources.

    That is why analytical is gaining popularity.DDoS protection .

    How to organize protection against DDoS attacks


    Not every business, especially a small one, can afford to organize high-quality DDoS protection within its own infrastructure. These are costs, both direct and indirect (for the search for qualified personnel). That is why business is increasingly turning to providers of protection against DDoS attacks and outsourcing this function.

    For example, our company RUVDS offers customers analytical protection against DDoS attacks at a price for which you can’t even interview a potential employee.

    Types of Attacks


    Here is a list of potential attack types and their classification.

    Channel Overflow:


    • DNS amplification and flood
    • NTP amplification and flood
    • ICMP flood and fragmented ICMP flood
    • Ping flood
    • UDP flood and flood using a botnet, fragmented UDP flood
    • VoIP flood
    • Flood Media
    • Broadcast attack ICMP ECHO packets and UDP packets


    Attacks on network protocol vulnerabilities:


    • TOS Field Modified Attacks
    • ACK / PUSH ACK flood
    • RST / FIN flood
    • SYN and SYN-ACK flood
    • TCP null / IP null attack
    • Attack with fake TCP sessions, including with multiple ACKs
    • Sender address spoofing attack
    • Attack by redirecting traffic of highly loaded services
    • Ping death


    Application level attacks:


    • HTTP flood, single requests, single sessions
    • Application Failure Attack
    • Fragmented HTTP attack
    • Sessional attack. Slow Attack
    • Zero Day DDoS Attacks


    As you can see, there are many threats, and the list itself is not final. However, 99% of attacks that occur every day fall under this classification, which means that they can be repelled.

    What is this protection against such attacks?


    The provider places the IP address that the client has selected as the protected one in a special network analyzer. During the attack, the traffic going to the client is compared with the known attack patterns. As a result, the client already gets clean, filtered traffic, so that the users of the resource do not even know that an attack was launched.

    To organize such a service, a geo-distributed network of filtering nodes is created in the first place so that for each attack it is possible to select the closest node and minimize the delay in transmitting traffic to the end client. The capacity of such a network exceeds 1500 Gbit / s.

    First, hardware protection comes into the fight - the analysis of the signature, statistics and behavior is performed, compliance with the requirements of the protocols used by the traffic is checked (the essence of the level of protection is L2, L3, L4).

    After that, finer analytical work begins at the L5-L7 levels. The system performs intelligent filtering, analyzes attacks on HTTP, HTTPS, behavioral and correlation analysis.

    Taking into account the list of attacks themselves, these three stages of protection turn into intolerable tasks for the ordinary owner of the Internet resource.

    What to do?


    There is a way out of this situation - a transition to the cloud. Since the main business of the cloud infrastructure provider is information, he has already taken care of its protection, starting from reliable communications and antiviruses, ending with DDoS protection for himself and his clients. This is what allows the provider to provide protection services at the lowest price, because he, on the one hand, has already invested in its organization and is trying to recoup costs, on the other hand, he knows that if the price is not competitive, he will lose the client in his main business - renting virtual servers . That is, here we see a complete coincidence of the interests of the client and the provider. So in this case, this is the most profitable and correct method of protecting your Internet resource from most types of attacks.

    Judge for yourself, for only 400 rubles a month you can sleep peacefully and forget about hackers. Isn't that great?

    Also popular now: