You’re about to buy concert tickets, book your next holiday, or even just check the latest cybersecurity news, but the website crashes. You try refreshing the page, but it doesn’t seem to work. You even try using a different device but still nothing. There is a possibility that the website has just been attacked, probably by a DoS or DDoS attack. So, what are DoS and DDoS attacks?
DoS and DDoS attacks are some of the most disruptive attacks because they can shut down websites or take services offline. Let’s look at what these attacks are, what they do, and how to protect ourselves.
What is the difference between a DoS and DDoS attack?
DoS stands for “Denial of Service”. You can compare a DoS attack to an online traffic jam. The hacker will flood the server with fake requests which can cause the server to crash if the attack exceeds the server’s available resources.
DDoS stands for “Distributed Denial of Service”. A DDoS attack is similar to a DoS attack, but the hacker floods the server using multiple compromised devices. Each compromised device is called a “bot”, and multiple bots together are known as a “botnet”.
Hackers use Dos and DDoS attacks for various reasons, but they will always be disruptive to the target.
Types of attacks
Let’s look at the different types of DDoS attacks:
- Volume-based attacks: This attack will flood the target with an insane volume of traffic and use up all the available bandwidth.
- Protocol attacks: This attack will target the network layers which will include the servers, firewalls, and load balancers.
- Application layer attacks: This attack will target specific applications. The traffic will often look legitimate which makes it harder to detect if it is malicious.
One of the most famous DDoS attacks occurred in 2018 against GitHub where the attack reached 1.35 terabits per second. This was a big wake up call for companies to realize that they need to increase their security to be able to defend against these attacks.
How can you protect yourself against DoS and DDoS attacks
While these attacks are generally aimed at businesses and websites, knowing how they work is important as part of your overall cybersecurity awareness. Here are a few tips you can use for protection from these attacks:
- Use web application firewalls. This is also called a WAF for short. It helps to block malicious traffic on your website.
- Use anti-DDoS software. Some cybersecurity providers will have tools designed to protect against DDoS attacks. The tools are usually available directly from the vendor or from a reseller.
- Monitor and update. If you’re running or supporting a website, make sure that you update the software regularly, and monitor any unusual spikes in the traffic.
The best protection against cyberattacks is using a layered approach. That way, if one fails, there will be another trying to mitigate the attack. Be secure!
