DDoS protection prevents websites, servers or entire network infrastructures from being overloaded by willful attacks or even total failure. The dimensions of this most modern form of “organized” cybercrime regularly exceed previous events in their intensity.
The simplest servers for operating a conventional website are usually designed to process around 40 simultaneous users and their clicks (so-called requests). Therefore almost every owner of a website knows the phenomenon of a temporary inaccessibility of his website, which temporarily denies its services with an above-average number of users.
The load and the associated inaccessibility of the website is usually caused by very natural processes such as
- Marketing measures,
- a link to very popular websites,
- or the citation of the website by (online) media with a large number of visitors.
Booking more powerful or more scalable systems can help in such cases, because one cannot expect that as the popularity of one’s own website increases, IT systems in the basic equipment area will still do their job.
This article, on the other hand, deals with willful, i.e. intentionally brought about, overload attacks that originate from distributed end devices, so-called DDoS attacks (Distributed Denial of Service), as a result of which the servers and, in some cases, entire network infrastructures are supposed to refuse their services.
The basic principle behind these attacks is basically quite simple: criminal groups infect thousands of Internet-enabled end devices (PCs, notebooks, tablets, smartphones, TVs, etc.) with remote-controlled Trojans over a longer period of time and thus bundle the effectiveness of so-called botnets (Bots from English: robot, “robot”), against which individual servers and many data centers can no longer compete if all devices are aimed specifically at a resource.
Now one could easily think:
- Who should be interested in taking (m) a company and (m) a website offline?
- Who already has such programming knowledge that they can use it specifically against (m) a company and (m) a website?
- And if that were the case, there would certainly be effective governmental and / or criminal protection against these attacks, or not?
- One cannot believe how complex the groups of perpetrators and motivations behind these attacks are.
- You don’t need any programming skills to take a website offline anonymously for a long time.
- The state is completely powerless against this most modern form of “organized” Internet crime.
Who is actually leading these DDoS attacks?
The motivational directions or perpetrator types include, for example, script kiddies, i.e. reckless, often juvenile perpetrators who exchange tips and tricks in forums and initially only want to try out DDoS attacks with ready-made programs (tools). Most common, however, is professional hacktivism with complex attack scenarios to attract attention and point out political goals.
Criminal-minded groups of perpetrators also regularly use various sophisticated DDoS attacks as a convenient source of income to extort protection money using anonymous payment methods. In addition, competing market participants, disgruntled employees and dissatisfied customers book “DDoS attacks as a service” anonymously on the Internet, where you can order the “shutdown” of a website of your choice for as little as 50 euros (!).
Although DDoS attacks are punishable by law, the perpetrators cannot be identified apart from individual cases in which “rookie mistakes” are committed. The state is almost powerless because the DDoS scenarios can be commissioned anonymously in Germany, but the concerted network attacks are usually carried out remotely from abroad.
Professional providers of DDoS protection solutions work with filtering out the IP addresses involved in DDoS attacks, but even if one were to use thousands of illegitimate IP addresses that were involved in a DDoS attack for investigation purposes, one would get the highest end devices secretly infected with malware, the users of which cannot be accused of negligent or deliberate “action” in the criminal sense.
The situation is therefore not comparable to the situation in which customizable IP addresses are involved in illegal copyright infringements, such as when downloading games, CDs, DVDs, etc.
What can an attack like this do to my company?
DDoS attacks are increasingly making headlines around the world – even at well-known companies – and their impact time and again exceeds the damage incidents that have occurred in the past.
Any internet-dependent entrepreneurship that generates sales via the website or has to maintain binding processes (e.g. streaming, online games, bookings, etc.) is at high risk – if only because of the above-mentioned direction of motivation “blackmail”.
In addition, any internet-based activity in which one is forced to position oneself “politically”. The latter therefore also includes public law as well as association and administrative activities. DDoS protection is therefore comparable to a kind of insurance policy: it is best not to need one at all, but all the better if you have one in an emergency.
The direct and indirect damage can hardly be specifically named in the case of a continuous attack. Abstract here are:
- Lost sales,
- Reputational damage,
- Personnel costs incurred by employees unable to work during the attacks
- to mention the loss of trust due to the migration of security-sensitive regular customers.
These worrying effects are currently causing a considerable exodus of corporate IT towards data centers that can offer efficient DDoS protection for the servers.
What should you watch out for when changing the data center?
Anyone who still has their IT systems housed in the server room of their own company is first of all well advised to even outsource IT to a professionally managed data center. This is
- more contemporary,
- More efficient and not to be forgotten
- considerably more secure for company data, which must be available in 24-hour operation all year round.
But only the minority of the more than 50,000 German data centers observes the data traffic in the personnel-intensive multi-shift operation around the clock and, in the event of anomalies, could already carry out initial defensive measures with the help of firewall settings, which, however, are only a suitable first antidote in the case of amateur DDoS attacks .
For professionally carried out attacks, however, most data centers often do not have the necessary defense technology and the personnel know-how to permanently recognize and filter out the periodically recurring DDoS attacks, which are ingeniously changeable in their complexity (in IT language also “mitigate” or ” reduce to zero ”).
What does DDoS protection cost me?
The acquisition costs of defense technology from the world market leaders to combat these attacks alone are in the high six-figure range. Well-known companies such as eBay, PayPal or Deutsche Börse use the expensive, innovative defense technology in their data centers for good reasons.
Most data center operators shy away from this investment and are content with makeshift solutions, which are often not in the interests of the customers, who of course always want to be available: The most common, but not officially communicated, method is to use the attacked server to protect others in the event of an attack To take customers and the entire data center completely offline again and again for the duration of the recurring attacks.
This is often communicated to end users and the owners of the website as (urgent) maintenance work or in some other way. In very few cases it is admitted that a DDoS attack is behind the inaccessibility of a website.
In addition, even the best defense technology is of little use if the data center itself does not have the necessary external connection: botnets that have a bundled impact of, for example, 30 Gbit, logically paralyze any data center with an external connection of 10 Gbit, imaginable as with the clogging of Pipelines.
In this case, not individual customers or their servers are affected, but rather entire data centers with hundreds or thousands of hosting customers – but especially every company that still operates the company’s IT in its own server room.
So it is hardly surprising that almost all companies that are in a continuous improvement process sooner or later have IT outsourcing on their agenda, as the advantages are obvious:
- (Personnel) cost reduction,
- IT security
- Sabotage and compromise protection,
- Scalability of IT systems in the growth process,
- Supplied expertise from IT specialists and last but not least:
- efficient DDoS protection.
Act before you take harm!
Entrepreneurs should therefore not be afraid to have their data center operator explain to them exactly
- whether DDoS attacks can be warded off,
- how big the external connection of the data center is so that even very large volume attacks can be fended off and
- Which manufacturer technology is used to protect the data center.
Since this is extremely security-relevant, it is best to have it given to you in writing, ie to guarantee it in a contract, so that you do not fall for the marketing measures that data centers use, which are quite common on this topic. The largest global companies only rely on well-known manufacturers whose hardware applications are synchronized worldwide or exchange information about the complexity and methodology of DDoS attacks.
The advantage is that the IP patterns and sophisticated scenarios of DDoS attacks, which are already known to a single device, are exchanged among all other devices and are thus automatically recognized and blocked out as unwanted data traffic at the next target.
Occasionally, future-optimized data centers are also affording this sophisticated technology. In such cases it is no longer expensive for the individual customer if it is consistently passed on to all customers of a data center.
There are already the first data centers that basically equip their purchase servers and the fully equipped rental servers with automated basic DDoS protection without charging additional monthly costs.
The operators of data centers often experience the seemingly absurd situation that hosting and colocation customers only come to them after (!) A damaging event. In view of their high-risk Internet addiction, however, they would have belonged in the care of a modern data center for years.
The monthly flat rates would have been negligible compared to the damage in very many cases. But as is so often the case, something always has to happen before something happens …