Building a defense against DDoS attacks
One Against All
Cyberattacks come in many forms, such as secret spying on company networks, sabotage, and disruptive actions. In a disruptive action, denial of service (DoS), the attacker attempts to overload a server with requests until it stops working. This attack is easier said than done, because servers usually have more power in reserve than a single client can call up. The obvious idea is to attack the same server with many clients. The resulting attack is called a distributed denial of service (DDoS). The attacker rounds up a huge number of computers in the form of a botnet.
You are not powerless against DDoS attacks, but it is important to introduce appropriate measures up front, because during such an attack, the Internet line is flattened by the flood of client requests and the server farm no longer responds. The simplest, albeit most expensive, measure is to upgrade your infrastructure with more servers and more bandwidth. If your budget allows for this approach, you need read no further. For everyone else, this article describes various ways of efficiently protecting your infrastructure. The aim is not to provide protection against huge attacks that hit at terabit per second rates, but simply to make your servers more robust. The box "CDN" describes why CDNs and DDoS are often mentioned together.
CDN
Many providers mention DDoS and content delivery networks (CDNs) in the same context. A CDN distributes its servers across as many data centers as possible around the world. The aim is to locate the data closer to the customer so the content is delivered locally and not sent halfway around the world. This method saves provider bandwidth and makes the services more responsive for the customer.
As a positive side effect, the CDN provides protection against DDoS attacks because the attacker has to deal with many instances of the same service. If the attacker manages
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Distributed denial of service attacks from and against the cloud
In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, allowing attackers to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it. -
Denial of Service in the Cloud
In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, which allows them to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it.
- Why You Need DDoS Protection
- A Massive Rise of Linux XorDdos Malware Has Been Reported
-
DDoS protection in the cloud
OpenFlow and other software-defined networking controllers can discover and combat DDoS attacks, even from within your own network.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
