What is DDoS? Distributed denial of service attacks (DDoS) is part of a Denial of Service (DoS) service attack. A DDoS attack involves several online connected computers, collectively known as a botnet, which are used to overload fake traffic on a target website. Unlike other forms of cyberattacks, DDoS attacks are not trying to break your perimeter of security. They seek instead to make the website and servers inaccessible for legal users. Additionally, DDoS can be used as a smokescreen for other malicious activities and to take down security systems, breaching the protection perimeter of the target. A successful distributed denial of service attack is a highly visible occurrence that affects a whole base of online users. This makes it a common choice tool for hacktivists, cyber vandals, extortors and anyone else who seeks to make a point or support a cause. Many DDoS attacks last for days, weeks, and even months at a time, making them highly damaging to any organization online. DDoS attacks can, among other things, result in sales loss, erode customer confidence, compel companies to spend billions on insurance, and cause long-term reputational harm. DDoS attacks are divided into two categories: Application layer attacks: Threats to overwhelm a server by submitting a large number of requests involving resource-intensive handling and processing may be either DoS or DDoS. This category includes HTTP floods, sluggish attacks, and DNS query flood attacks among other attack vectors. Usually, the scale of application-layer attacks is calculated in requests per second (RPS), with no more than 50 to 100 RPS required to cripple most of the mid-sized websites. Network layer attacks: These are almost always DDoS assaults set up to clog the connecting “pipelines” to your network. Attack vectors in this group include UDP flooding, SYN flooding, NTP amplification and attacks on DNS amplification and more. Any of these can be used to block access to your servers while causing significant operational harm, such as suspension of accounts and large overage charges. DDoS attacks are almost always high-traffic events which are usually calculated in gigabits per second (Gbps) or packets per second (PPS). The largest network layer assaults will reach 200 Gbps; however, 20 to 40 Gbps would suffice to shut down most network infrastructures completely. Steps to prevent DDoS attacks: Buy more bandwidth Of all the ways to prevent DDoS attacks, the most basic step you can take to make your “DDoS” infrastructure resistant is to ensure you have sufficient bandwidth to handle traffic spikes that may be caused by malicious activity. In the past, DDoS attacks could be stopped by making sure you had more resources at your fingertips than any attacker was likely to have. But this is no longer practical given the rise of amplification attacks. Instead, buying more bandwidth now increases the bar that attackers must clear before they can initiate a successful DDoS attack, but buying more bandwidth by itself is not a solution for DDoS attacks. Build redundancy into your infrastructure Make sure you spread them around many data centers with a strong load balancing system to disperse traffic between them, to make it as hard as possible for an attacker to successfully launch a DDoS attack against your servers. Such data centers will be located in various countries or at least in different parts of the same country if possible. It is important to ensure that the data centers are connected to various networks and that there are no apparent network bottlenecks or single points of failure on these networks for this strategy to be truly successful. Configure your network hardware against DDoS attacks There are some simple changes to the configuration of the hardware that you can take to help avoid a DDoS attack. For example, configuring your firewall or router to drop incoming ICMP packets or blocking DNS responses from outside your network (by blocking UDP port 53) will help prevent some DNS and volumetric attacks based on ping. Protect your DNS servers Don’t forget that by DDoSing your DNS servers, a malicious actor will pull your webservers offline. That’s why the DNS servers must be redundant, and putting them behind load balancers in separate datacenters is a smart idea too. Also switching to a cloud-based DNS service that can deliver high bandwidth and several points of presence in data centers around the world might be a safer option. These programs are developed explicitly with a view of DDoS prevention.