Anti-DDoS protection, WAF, Load Balancing FAQ
What is a DDoS attack?
A DDoS attack (Distributed Denial of Service) aims to make a server, service or infrastructure unavailable. This type of attack consists in overwhelming the target or its surrounding infrastructure with a high number of requests sent at the same time from multiple points on the internet. This renders the service unstable, and sometimes unavailable.
As the volume of data that exists on the internet grows exponentially, DDoS attacks are becoming increasingly common. Spread of new technologies and tools availability allow even nontechnical people to create a DDoS attack and decrease the realisation cost. For as little as couple of tens of dollars one may effectively disrupt operations of even the largest institution in any part of the world.
Effectiveness of modern anti-DDoS solutions uses mostly machine learning techniques. Intelligent algorithms analyse network traffic between users and web applications in detail. Following the analysis, typical dynamic characteristics of network traffic are defined, allowing detection of all anomalies, at the same minimising false alarm risk. Intelligent algorithms are also used to analyse user generated requests. Machine learning algorithm helps stay one stay ahead of cyber criminals and detect even those attack techniques, which haven’t been used yet (so-called 0-day vulnerability).
Anti-DDoS solution provides reliable protection against distributed denial-of-service attacks for both network and application layer. We use advanced algorithms in order to constantly monitor suspicious activity and identify potential threats. With the use of AI (Artificial Intelligence), system can detect attacking methods that have not been identified yet.
Protection activation takes usually just a few minutes and is based on altering DNS records. Once activated, all HTTP/HTTPS traffic flows through a filtering layer, which enables real-time data packets analysis and separation of non-legitimate requests from others. This protects your website by only allowing legitimate traffic through.
The filtering infrastructure is located in the EU, which allows companies to meet GDRP requirements.
Protection against most common DDoS attacks
- TCP SYN+ACK TCP FIN
- TCP RESET TCP ACK
- TCP Fragment
- UDP Flood
- Reflected ICMP & UDP ICMP Flood
- Local File Inclusions HTTP GET Flood HTTP POST Flood
- HTTPS Attacks SQL Injection
What is Web Application Firewall (WAF)?
DDoS attacks are often paired with more harmful attacks that result in data breaches of PII (personally identifiable information) or financial information. Application layer attack is the most common type these days.
WAF inspects incoming HTTP/HTTPS requests and server’s response to these requests. In this way, the firewall effectively protects web-based applications against such attacks as SQL Injection, XXS (Cross-Site Scripting), as well as against zero-day exploit.
Same as anti-DDoS, WAF uses machine learning for better threat detection and faster response. Machine learning algorithms are step ahead of hackers and can detect all types of attacks, even those not known before.
Internet of Things (IoT) and DDos
Other points of vulnerability have been opened up by the Internet of Things (IoT). IoT covers online equipment and services we use every day. Unfortunately, along with our comfort come many risks. Smart devices introduced on the market are user friendly, well designed, have interesting functionalities, yet they are still poorly protected. The users aren’t aware of the risks they carry, either. Experts predict that attacks targeting such devices are going to increase. Hacked domestic devices can be a source of valuable data for cyber criminals (account numbers, online banking passwords). In order to guarantee high level of our data security, we need to protect it and systematically update our software.
Important aspects of Anti DDoS solutions
- Web traffic
- Anti-DDoS protection
- Packets-per-second (PPS)
- Number of domains protected
- Reputation analysis
- Data breach protection
- Block by IP address or country code
- Algorithm based threat detection
- Layer 3 and 4 protection
- Layer 7 protection (OSI model)
- SSL support
- Latest SSL version
- SSL vulnerabilities protection
- SSL renegotiation protection
- Malformed request protection
- SYN flood protection
- Let’s Encrypt SSL
- Custom key
- CDN/File caching
- Cache purge
Web application firewall (WAF):
- XSS (Cross Site Scripting) prevention
- SQL Injection prevention
- WordPress/Joomla protection
- WAF custom rules
- Traffic shaping
- Protection against specific attacks
- Multiple user access
Analytics and Settings:
- Stats and charts
- Attack notifications
- Custom error pages (5xx errors / Captcha / Blocking page)
- Load balancing
- Log access
- Dashboard customization
- Dedicated account manager
- Dedicated security engineer
- Response time”