Safeguarding Against DDoS Attacks

DDoS Attacks: Situation Overview

Over the last decade, Distributed Denial of Service (DDoS) attacks have continued to proliferate, becoming one of the primary threat types facing virtually every industry and business area that is exposed to the public Internet. Therefore, DDoS protection must be at the core of a successful security strategy.

DDoS attacks attempt to bring down and infiltrate Web sites by flooding the site’s origin server with bogus requests, often from multiple locations and networks. If allowed to proceed unchecked, this DDoS attack traffic can produce results ranging from slow page loads to a complete blockage of legitimate site traffic.

These types of attacks can originate from a variety of sources, including ‘hacktivists,’ for-profit hackers, state-sponsored hacking groups, and others. In many cases, DDoS attacks leverage the force multiplication advantage of ‘botnets,’ essentially armies of computers that are penetrated and recruited to generate attack traffic unbeknownst to their own user or administrator.

DDoS Mitigation

Given the growing number and scale of DDoS attacks, planning for DDoS attack detection and mitigation is a critical IT function. Since it’s virtually impossible to build out sufficient infrastructure to scale in response to a large DDoS attack, solutions like Akamai’s Kona Site Defender are increasingly being deployed by owners of Web properties across virtually every industry. Cloud-based solutions like Kona Site Defender offer built-in scalability and global reach to defend against most common types of DDoS attacks, as well as attacks against web applications (SQL Injections, Cross Site Scripts, etc.) and direct-to-origin attacks.

How Kona Site Defender Blocks DDoS Attacks

Kona Site Defender mitigates DDoS attacks by absorbing DDoS traffic targeted at the application layer, deflecting all DDoS traffic targeted at the network layer such as SYN Floods or UDP Floods, and authenticating valid traffic at the network edge. This built-in protection is “always on”, and only Port 80 (HTTP) or Port 443 (HTTPS) traffic is allowed. Bursting fees can be capped so users are protected from DDoS traffic running up service fees, and flexible caching maximizes offload from origin.

For added protection, many organizations add a defense layer that protects the Domain Name Server from being overloaded and compromised by Denial of Service attacks, such as Akamai’s Fast DNS solution. Both of these solutions leverage the power of the Akamai Intelligent Platform™, which consists of more than 170,000 servers deployed across over 1,300 networks in more than 102 countries.

Akamai’s Global Scale Helps Combat DDoS Attack Traffic

The worldwide distribution and massive scale of the Akamai Intelligent Platform™ enables Web sites to stay available without re-routing traffic or impacting performance. Akamai handles 5.5Tbps of traffic daily on average and has handled peak traffic flows of over 8Tbps. And DDoS mitigation capabilities are implemented natively in path so protection is provided only one network hop from the point of request—NOT at the customer origin.

Learn more about DDoS protection.


Leave a Reply

Your email address will not be published. Required fields are marked *