A website suddenly loads slowly or not at all, even though there is technically nothing wrong with it. Sometimes a DDoS attack is behind it, deliberately overwhelming the service. Let us explain what it is, how it works and how to protect against it.

What a DDoS attack is

A DDoS (Distributed Denial of Service) is an attack whose goal is to overwhelm a website or service with a huge number of requests so that it stops handling ordinary users. It is not a break-in, but an overwhelming that causes an outage or extreme slowdown.

The word distributed means the attack comes at once from many computers and devices, often from a compromised network of devices (a botnet). That is exactly why it is hard to defend against, the traffic looks like it is from many different users.

How an attack proceeds

  1. The attacker controls a large number of devices, often poorly secured IoT devices.
  2. They all send a huge number of requests to the target website at once.
  3. The server or connection gets overwhelmed and cannot keep up.
  4. Ordinary visitors cannot reach the website, an outage occurs.

Why DDoS happens

  • Extortion. The attacker demands a ransom to stop the attack.
  • Competitive fight or brand damage.
  • Revenge or activism.
  • A distraction. A DDoS draws attention while the attacker tries something else.

How to protect against DDoS

There is no hundred-percent protection, but the risk and impact can be significantly reduced:

  • CDN and protection services. A CDN also brings filtering of malicious traffic and can absorb a large part of the attack before your server. This is the most effective common protection.
  • Firewall and rules. A properly set up firewall filters out part of the attack and limits suspicious traffic.
  • Sufficient headroom and scaling. Infrastructure that handles a surge weathers smaller attacks without an outage.
  • Availability monitoring. So you know about a problem right away, not only from customers, website availability monitoring helps.
  • A backup connection and a plan. For critical operations a backup connection and a clear procedure for what to do during an attack are useful.

Who it is a risk for

A DDoS does not threaten only large companies. The target can be anyone: e-shops, operations dependent on online orders, gaming and community servers and smaller companies. For an e-shop an outage during an attack means a direct loss of sales, so protection pays off.

Conclusion

A DDoS attack does not involve breaking into the system, but overwhelming it, which causes an outage. The most effective protection is a combination of a CDN with filtering, a well-set firewall, monitoring and a prepared procedure. For websites and services that must not go down, it is an important part of security.

Want to protect your website or service from overwhelming and outages? Get in touch, we will design protection and monitoring to measure.