Network Vs Application DDoS Attacks
Web Hosting Blog
Denial of service attacks, otherwise known as DDoS attacks are standard methods used by cyber criminals to prevent businesses from providing services to their customers.
But did you know that there are different types of DDoS attacks? In this blog we are going to take a deeper look into two types of attack: Network and application layer.
Network layer DDoS attacks
A Network layer Distributed Denial-of-Service (DDoS) is a kind of cyber-attack where a cyber-criminal overwhelms a service or network or its surrounding infrastructure with a flood of traffic, resulting in a denial of service to additional users – hence the name.
Think of a DDoS attack as a traffic jam: with an expected level of cars clogging up the motorway preventing regular car traffic from arriving at its destination. But in this case, the unexpected internet traffic stops your customers from visiting your site.
They use networks of machines connected to the internet, including computers and devices, which have been infected with malware, allowing them to be controlled remotely. These are more commonly known as bots; a group of these bots is called a botnet.
After establishing a botnet, the attacker can send remote instructions to each bot.
During an attack, each bot in the botnet will send requests to an IP address, which causes the server or network to be overwhelmed, so your regular traffic is denied service.
As each bot is a legitimate internet device, separating bot traffic from your regular traffic can take time and effort.
How to prevent a Network DDoS attack?
The easiest way to help protect yourself is to ensure all your server security is updated. Not only will this protect you against DDoS attacks it will also protect you against any server vulnerabilities.
It’s also essential that you have a good understanding of your site’s traffic. That way, when unusual activity occurs, you can identify the symptoms of a DDoS attack.
If you have the resources, you can also scale up your bandwidth. The more bandwidth you have, the harder it is to overwhelm the network.
You could also opt for a load-balanced solution. Whilst this wouldn’t stop an attack from occurring, it would help mitigate downtime as a result.
You should also check with your hosting provider to ensure they have DDoS mitigation solutions in place to protect the data centre.
How application layer attacks work
Application layer (Layer 7 of the OSI model (link to Blog about the OSI Model)) DDoS attacks don’t target the network. Instead, they strike the application running the service your customers are attempting to access. The goal of these attacks is to consume the resources of a specific service like the server, server applications and other back-end resources – slowing it or stopping it altogether.
Unlike network attacks which can be large-scale, these DDoS attacks are usually low-to-mid volume since they have to conform to the protocol used by the application. This means it has to perform protocol handshakes and protocol/application compliance. These DDoS attacks will mainly be launched using discrete methods, usually Internet of Things (IoT) devices, and cannot be spoofed.
This can be particularly dangerous because now cyber criminals have access to millions of vulnerable IoT devices, which means they can launch complex DDoS attacks at scales never seen before.
Application attacks can also be used for SQL injection, where malicious code is injected into the database to access and manipulate data that was not intended to be displayed, such as customer and private company details.
How to prevent an application layer attack?
Application-layer DDoS attacks are trickier to identify and mitigate than network-layer DDoS attacks.
Common methods include using CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) tests to separate bots from humans.
Also, using a Web Application Firewall (WAF) is a great way to protect against more sophisticated application attacks. WAFs use various signatures to distinguish between regular requests and those sent from bots. Plus, it can be installed on-premises or through a third-party cloud security service provider.
Comodo cWatch Web offers Web Application Firewall (WAF) and advanced DDoS Protection. Provisioned over a secure Content Delivery Network (CDN). It’s a fully managed solution from a 24/7 staffed Cyber Security Operation Center (CSOC) of certified security analysts and is powered by a Security Information and Event Management (SIEM) that leverages data from over 85 million endpoints to detect and mitigate threats before they occur.
Finally….
There are a wide range of anti-DDoS hardware and/or software on the market that you can use to prevent an attack from happening. Take a look at the products available at CWCS.
Ultimately preventing a DDoS attack is much easier and cheaper than dealing with one that has caught you off guard so it’s worth investing in these extra precautions to ensure you don’t fall foul of this particular type of attack. Ensure you’re adopting best practices regarding your server security and doing what’s right for your business, it’s website and infrastructure. Make sure you have a clear plan to follow if the worst does happen.
Contact CWCS Managed Hosting today for more information on how we can help you to avoid DDoS attacks.