What is the danger of DDoS attacks on networks and how to ensure effective protection against them

The Coronavirus crisis led to sharp increase in demand for all kinds of Internet services for consumers and a massive transition to remote work in the corporate sector. On the other side it also led to significant growth in the number and intensity of DDoS attacks. Ramil Khantimirov, CEO and co-founder of StormWall, talks about the risks of one of their varieties - DDoS attacks on networks and how to protect against them.

1. What is a DDoS attack? What is the danger for the network?

DDoS attack is a distributed (carried out simultaneously from a large number of devices) attack which purpose is to cause a denial of service for the victim resource, i.e. a situation when the attacked Internet resource is unable to provide service for legitimate requests.

There are many types of DDoS attacks. Their objects are physical computers, software and virtual servers, websites and Internet services, network devices and even entire networks. If the target of the attack is an edge device of the network, for example a router that connects the network to the Internet, then this device stops passing traffic through itself, so external users cannot access services within the network, and internal users will not be able to access external resources.

2. What networks and organizations can become a victim of a DDoS attack?

It is necessary to clarify that we will consider the so-called autonomous system (AS) as a "real" network. Its main feature is that its Internet connection is based on the dynamic routing protocol BGP (Border Gateway Protocol). Usually, such networks are possessed by Internet providers, hosters, as well as large organizations - government, financial, educational, etc. They are the ones who become the most frequent victims of DDoS attacks on networks.

3. What can be the damage to the business?

The damage to business from a DDoS attack can be expressed in lost profits, penalties, termination of contracts with clients, legal costs, as well as numerous negative messages in the media and social networks, a decrease in reputation, difficulties in attracting new customers, etc. Thus, the damage will be both direct financial and indirect reputational.

Very often, within the network (for example, in a data center or on the site of a hosting provider) there are IT resources not only of its owner or operator, but also of his clients, and these can be subnets, servers, virtual machines, websites, online stores and much more. As a result of a successful DDoS attack, not only the owner, but also his clients will certainly suffer - their servers and sites will stop responding to requests. Accordingly, they will also suffer damage.

4. How big is the risk of becoming a victim of DDoS attack for organizations in the USA, and why?

The United States is one of the world leaders in the number of DDoS attacks. This can be explained by the fact that there are much more autonomous systems and networks owned by companies in the United States than in other countries. While in Europe, for example, most organizations prefer to lease IP addresses from their providers, in the United States, many enterprises have their own IP addresses, so the risks of attacks on networks in the United States are higher. In addition, highly qualified specialists are needed to organize network security. I can assume that organizations in the United States are facing a lack of such competencies, which increases the risks of DDoS attacks.

5. How to set up an effective protection against DDoS attacks?

To effectively protect against DDoS attacks, you need to use specialized solutions or services. But an anti-DDoS solution or service alone will not save you - a number of measures will be required.

For example, you need to make sure that the Edge routers are performing well, otherwise they will not be able to operate under increased load after the start of a DDoS attack. You will also need to check if there are cheap home-oriented routers or old slow devices at the edge of the network. It will also be necessary to check a number of other conditions.

To provide effective protection against DDoS attacks in general, you need to think like an attacker, determine what methods and tools for an attack he could use, try to identify vulnerabilities, and then not only eliminate them, but also thoroughly test the protection of your network against attacks or at least to conduct stress tests.

6. Is there a large budget needed to connect professional security solutions?

Fortunately not. Cloud solutions are not very expensive due to the fact that the service of protection against DDoS attacks is in great demand. Effective infrastructures for filtering traffic have already been created, the full capacity of which is required only during periods of attacks. Also the costs of further operation and modernization of the infrastructure, as well as technical support are distributed between many customers. DDoS protection service is, in fact, an insurance against the risks associated with them. Its cost varies from several hundred to several thousand dollars, depending on the volume of legitimate traffic.

7. How to know that the solution is effective? Is it possible to track how many attacks were repelled?

A lot of modern cloud solutions allow you to track statistics of the attacks and protection against them on a web portal, as well as monitor the counteraction to the attacks in real time. To check if these statistics really reflect the real picture of what is happening, a series of stress tests should be carried out. They can be ordered from specialized companies that provide such services, or you can contact independent experts.

8. What solutions do you offer and what are their advantages?

StormWall offers a wide range of service solutions to protect against DDoS attacks. For example, our portfolio includes the Network protection service with BGP connection. Among the advantages of our solution are fair price (the fee is charged only for legitimate traffic and does not depend on the number of attacks, the number of protected IP addresses, AS numbers, etc.), flexible pricing policy, high-quality expert support 24x7 and fast response time (on average, only 5-7 minutes), a free DDoS sensor, protection of DNS servers (many other solutions do not provide effective protection of clients' DNS servers), full IP operation in an attack (our clients will be able to continue to work quite successfully with various Internet services and after the start of the attack).

9. How to choose a company to buy DDoS protection from? What should one pay attention to?

In general, you should remember that protection against DDoS attacks is a very serious matter, and therefore the provider must be chosen with the utmost care.

First of all, you need to find out how long and professionally the company has been dealing with DDoS protection and whether it specializes in these services. It is very useful to study the reviews of the company on the Internet. A huge advantage of a security provider is a list of reference clients. If there are organizations that you know among them, it is advisable to talk with their representatives and find out their opinions and feedback about the provider.

It is also worth learning how the provider's technical support is organized. It should work 24/7, respond promptly to your requests and, of course, to attacks whenever they begin. It is advisable that various channels for contacting the support service are provided - not only by mail or ticket system, but also by phone or via chat, this will help to quickly resolve urgent issues.

Before purchasing, we recommend that you test the service for a certain period and check on practice how the protection works and how quickly the support responds. If it is not possible to organize full-fledged stress testing, then simple test attacks, which you can organize yourself using the free tools available, are also suitable.

Another important nuance is costs. You need to find out whether there are any additional payments for the volume of an attack or the number of attacks. Never agree on such payments, since it does not depend on you who, how and to what extent will attack you.

10. How will the intensity of DDoS attacks change in the foreseeable future?

As various studies and forecasts show, the number of DDoS attacks is growing and, most likely, their number will keep increasing in the future. As the economy digitalizes, IT systems and services will become increasingly important for business and society, and therefore the consequences of disruptions in them will become more dramatic. And the point is not only that in the event of a network failure, people will not be able, for instance, to access the Internet, but also that acquiring systems will stop working, so it will not be possible to pay with a card in a store or order home delivery of food or medicines. Moreover, a lot of people will not be able to work normally in order to make money.

Not only services are becoming critically important, but also access to the Internet itself. Since one of the main targets of DDoS attacks on networks is Internet service providers, it is logical to expect an increase in the number, intensity and complexity of these attacks. Therefore, it is very important to think in advance how you will be protected from them, and to connect the services of protection against DDoS attacks. This will save a lot of money and protect valuable assets that may be affected by attacks from risks.

This artile does not necessarily reflect the opinions of the editors or the management of EconoTimes