DDoS, or Distributed Denial of Service attack is a threat that companies with an online presence have been increasingly facing over the past few years. According to a report released by Akamai last month, the number of such attacks have increased by over 54% compared just to the first quarter of this year. To give you a perspective on this growth, Akamai had late last year reported that they had seen a 200% growth compared to 2011.
Before delving on the topic of web security, it is important to understand how DDoS attacks work. As the name suggests, the objective of these attacks is to deny the availability of the website to its users. This is done by sending out hundreds of thousands of website access requests to the target server in a short period of time. Because of the volume of requests the server has to respond to, it either slows down that it becomes technically unavailable or the server ultimately crashes. DDoS attacks are extremely simple to execute considering that all that it takes to launch one is for a large team of attackers to collaborate and hit the server at a predetermined point of time.
Given the rising menace of DDoS, how can businesses make their websites DDoS proof? Here are some means to achieve that.
Distributed Load Sharing Technology
This is a networking method that enables the same website to be hosted across various servers from multiple locations. Each time a user request comes to the server, the data is retrieved from the server that is geographically close to the user and offered from there. However, in case of a DDoS attack, this request is immediately routed to an alternate server that is still healthy and active. This prevents legitimiate users from being denied access to the website even when it is under attack. While this is a viable option for small DDoS attacks, it does not help when there is a sustained attack that results in all the load sharing servers to fail. Consequently, this technology is now considered a “best practice” although cannot mitigate the attack by itself.
DDoS Traffic Filtering And Removal
One of the most effective ways to mitigate DDoS attacks is by constantly monitoring the incoming traffic for possible botnets and refusing access to these requests. By implementing technology that can effectively distinguish between a legitimate user request and a malicious visit, the server can be kept essentially available to genuine users. There are various technologies available to ensure this process although the more popular ones are offered by services like Arbor Networks. These technologies need not be purchased separately and can instead be availed as part of the business internet plans that your service provider offers.
Content Delivery Networks
One of the most popular ways to not only mitigate DDoS attacks, but also serve visitors better during peak traffic loads is to route your website traffic through a Content Delivery Network (CDN). What CDNs basically do is they periodically read through the content from your website and serve a cached version of this to the visitor. Consequently, visitors to your website do not access content directly from your website server but rather the cached content from the CDN. A sustained DDoS attack would hence be hitting on the CDN’s server instead of yours and is hence less prone to succeed. There is however a caveat here. Most CDNs charge customers based on the volume of traffic they receive. Hence, a prolonged DDoS attack can cripple you financially if not virtually by denying service to customers. So one best practice is to integrate your site with both a traffic filtering mechanism while routing traffic through a CDN. This ensures that your website can sustain a sustained attack.
While these are extremely tested ways to protect your server, they are still not fool-proof. That’s because no security cover is big enough for the largest attacks. However, every business needs to ensure that they are better protected than their competition at any given time. This will ensure that they are not the first to fall in case of a holistic attack. And in a PR-driven world, being the first one to fall under such attacks is not only a security issue but also a marketing nightmare.