Distributed denial of service (DDoS) is a common attack description with many variations. Most of them are used to breach data security to steal or corrupt content. However, DDoS should not be used for this type of attack as it is a very primitive method. Its main purpose is to slow down or completely disable a particular service.
DDoS attacks are commonly used against gaming, gambling, government and military public sites, universities, financial institutions and large retail stores. In each situation, the reason for the attack may be different:
• in gambling or gaming, an attack may affect the user's experience, leading to a customer being acquired by a competitor,
• a foreign country may attack government online services for propaganda reasons or to deny citizens the basic activities they used to do online.
There are many ways to protect against DDoS. The most popular of these are local cloud-based cleaning centers and eliminating the attack as close as possible to the source location (keeping in mind that the side effect of a breach is slowing down intermediate stations). In most cases, however, such protection is almost impossible, given that:
• the attack can be generated from many locations,
• we have little control over networks managed by a random service provider,
• many attacks are spoofed to hide the real source of danger.
By analyzing the various approaches to protecting against DDoS attacks, it is easy to identify the advantages and disadvantages of each. It is therefore important to understand the type of service being protected as well as the type of breaches that can be used specifically against it.
Three types of protection
Below is a brief description of the three approaches, including the advantages and disadvantages of each:
DDoS Cleanup Centers are a common attack protection solution offered by enterprise service providers. This method is great at mitigating high-volume attacks (volumetric DDoS) and can stop attacks before they reach the client. This protects both the service and the infrastructure. Although cleaning is done as close as possible to the source, it is based on asymmetric protection, which means that it sees traffic coming from the client to the service. This significantly reduces visibility and can result in less accurate mitigation filters. This approach is optimal for mitigating DDoS attacks related to network transport, known as Layer 3 to Layer 4 DDoS attacks, such as SYN flood and UDP amplification.
The local DDoS protection solution is installed last, usually in symmetric mode which means it sees traffic in both directions, thus providing additional capabilities such as stateful protection. This allows it to limit attacks to the application level.
In most cases, it is not recommended to use local security on your own, as major DDoS attacks can overflow the incoming links from the service provider to the data center. It is used as a last resort for breaches that have managed to bypass the protection of the service provider.
The last way is a cloud DDoS protection service. Typically, a cloud offering goes beyond simple DDoS protection, often a complete cyber and content delivery offering, focusing primarily on protecting and delivering online services. Most of them operate as a distributed service based on cloud data centers around the world, which can be very useful for attack mitigation. A threat that has been generated from multiple locations will be spread across multiple sites thanks to cloud protection. Each of them will manage a small part of it, which may not even qualify as a DDoS attack at all.
From this it can be concluded that for each type of service and each client, the DDoS defense solution must be tailored to specific conditions.
A10 Networks is a leader in DDoS protection solutions based on a unique approach to mitigation with machine learning, ultra-low latency, and auto-scaling mitigation. The A10 Thunder® Threat Protection System (TPS) is used by a wide range of gaming, gaming, government, military, universities, financial institutions and retailers.
To learn more about the solution, contact Tomasz Domalewski, who is responsible for A10 at Bakotech.