Blog Details

In the modern world of Internet connectivity, a growing number of threats continue to develop on a daily basis. Malware, spyware, viruses and other attacks have existed since before the creation of the Internet (the first virus struck in the 1970s on ARPANET, while the literary notion of a self-replicating virus dates back to the 1940s) (MapCon, 2017). Internet strikes are now designed to do more than bog down a computer system with advertisements or crash a hard drive. Present day Internet threats now pose threats to everything stored within your network, ranging from financial data to shutting down complete data servers. One such external attack is known as a Distributed Denial-of-Service attack, also known as a DDoS attack. Understanding how such an attack works and how to protect your enterprise network is vital in safeguarding both information and hardware within your company. 

What is a DDoS Attack?

There are many moving parts within your company's network. This can include your Internet connection, data servers, work stations and a host of other connected devices. A DDoS attack is when an attacking computer blocks or disrupts the ability for elements within your server to communicate. It may prevent your server from connecting to the Internet, or it may lock you out from connecting to the data server or even specific blades within the server. Ultimately, it is designed to disrupt and prevent access (Digital Attack Map, 2013). 

With a DDoS attack, the blocked device doesn't suddenly have a wall built up around it, preventing access. Instead, the attacking perpetrator floods the device with requests. The continual, overflow of requests prevents the device from responding to your actual requests. Essentially, it is like you standing in line to make a purchase, but no matter how long you stand in line, someone is allowed to cut in front of you. This is the basic idea of a DDoS attack. Continual, faulty requests are made so you no longer are able to push past the fake requests. The same kind of attack occurs with a DoS attack.

DoS and DDoS Attacks: Understanding the Difference

DoS (denial-of-service) and DDoS are similar, with one major exception. With a DoS attack, all of the fake commands come from a single destination. With a DDoS attack, the requests come from a large number of destinations. So, instead of a single computer sending in faulty requests to block off your connection with the desired device or service, multiple computers send the faulty requests (United States computer Emergency Readiness Team, 2013). 

The main reason a DDoS attack occurs over a DoS is because when a single machine running the DoS client program attacks your network, the IT cyber security department can identify the individual host and block it without much of an issue. The faulty requests can then be disregarded and connectivity with the previously blocked device on your network  occurs. However, with a DDoS attack, because your targeted server receives faulty commands from a host of different locations, it becomes far more difficult to block. A skilled hacker has the ability to continually replicate attack points, so as soon as one is identified and blocked, a new attack point takes its place. So while both DoS and DDoS attacks aim at the same end game, a DDoS is far more sophisticated and significantly more difficult to stop (Tech Worm, 2016). 

How Does a DDoS Attack Occur

The attack, as in the case with a DoS attack, begins with a single computer system, running the designed client program. With a DoS attack, the computer directly attacks your server. However, with the DDoS attack, the single computer system connects with a host of individual handlers. These are individual computers the single computer takes over. Sometimes the individual owns all of the computers, while other times the cyber criminal simply uses their Internet connection to identify potential computer hosts with little to now cyber security in place and uses new host computer as an attack point. 

Each of these attack points are directed towards your Internet connection and eventually your server. Skilled cyber attackers are able to harness varying IP addresses during the DDoS attack to send over one terabyte worth of data per second. This amount of data can cripple your entire network, locking you, all internal users and even external clients from key Internet connected elements. 

How to Know if Your Network Is Under Attack

The importance of a strong, comprehensive IT cyber security team cannot be overstated. Continually evolving, testing and implementing new security measures is your best line of defense. However, understanding early warning signs can help you rid the system of any DDoS attacks before it becomes far more troubling for your network. 

First, if your network runs slow for most all Internet based requests (such as saving files to the cloud or opening a website), it may indicate you're currently being infected with the flooding of external requests. Additionally, if you're not able to access specific websites or areas of a website, begin seeing more spam messages in your email, wireless devices are suddenly not able to connect to the Internet or entire devices or services are denied from an Internet connection, there is a good chance you are under a DDoS attack (ITPro Portal, 2014).  

Defending Against a DDoS Attack

The best way to defend against a DDoS attack is to know the warning signs. If you do believe you're under attack, contact your Internet Service Provider. There is a chance the ISP is under a similar attack. If the ISP isn't, it can still re-route your Internet traffic, which can buy you time to set up additional defensive measures to prevent additional DDoS attacks. 

Internal defensive measures are vital to preventing a DDoS attack and other external threats from affecting your company's network. On top of using a signature based firewall, you may want to consider a load balancer. A load balancer helps balance out traffic over several servers. When a sudden flooding of false requests hits the load balancer, it helps filter out the fake commands and, at the very least, prevents a complete lock out from your server. There are additional cloud based anti DDoS filters available for implementation. Your IT cyber security department needs to remain proactive when it comes to these kinds of threats. External Internet attacks strike both consumer computer systems and enterprise corporations. However a DDoS attack is something typically only directed at large companies due to the available financial gain and access to available information. Some DDoS attacks are also just directed at shutting down a company to cause turmoil within the company. Regardless, staying defensive and continually evolving your network security measures is the best way to prevent all Internet attacks (Trip Wire, 2016). 

Understanding what a DDoS attack is and how it works is your first step toward protection. Education is key in taking the necessary preventative measures to safeguard your network. With external threats continually evolving on a daily basis, it is up to your IT's Internet security team to stay on top of the latest attacks. Doing so reduces the chance of a DDoS or other virus attack striking within your enterprise network. 

Recommended For You

How a Man-In-The-Middle Cybersecurity Attack Works
Understanding how a man-in-the-middle cybersecurity attack works, its functionality and how to defend against such an attack is vital to safeguarding any enterprise network.
The Continued Growth of SaaS and the Cloud Has Complicated Cybersecurity
Both SaaS and the use of the Cloud can lead to substantial security flaws, which is why understanding how the two Internet technology complicate cybersecurity is essential for any size business utilizing these resources. 
The Impact of Internet of Things (IoT) on Cybersecurity

IoT (Internet of Things) devices may provide a backdoor into a corporate network for skilled hackers and cyber criminals. Understanding the impact of IoT on cybersecurity is critical for any enterprise.

Evaluation of the Verizon Data Breach Incident Report for 2017

BlueBolt takes a look at the 2017 Verizon Data Breach Report and provides insight into the numbers and a perspective on what is going on.

Welcome to the Dark Side: What The Dark Web Means to Your Business

Within an overlay networking corner there exists a different side of the World Wide Web. Something many have never accessed and still others have never heard of. It is the dark web. But what exactly is the dark web, and should business owners and network administrators worry about what takes place on the other side of the Internet?

Most Common Social Engineering Attacks and Why they Work

The basic principle of a social engineering attack is the ability to manipulate an individual into providing desired information. This information is typically confidential, such as a credit card number, routing information, login/password, or other data the requesting should not have access to.

The Best Ways to Prevent and Protect Against Phishing Attacks
In order to prevent a phishing attack, it is necessary to identify the security weaknesses and set into place different methods to prevent and protect against such phishing attacks.
Phishing Attacks - Why Employees Are the Weak Link in Cybersecurity
A phishing attack is one of the most common methods external malware, spyware or other threats access a network, and yet it also is one of the easiest to avoid. As a company's Internet security is only as strong as the weakest link, it is vital to understand why employees are the weak link in a company's cyber defenses.
DDoS Protection - How to Protect Your Business from DDoS Attacks

Distributed denial of service attacks can come from anywhere. As the best defensive mechanism is prevention, this blog post share several of the best ways you can protect your business from possible DDoS attacks.