UDP flood

Teardrop Attack

What is an ICMP Flood Attack?

What Is a Ping Flood?

IP fragmentation attack

SYN/ACK flood

RST/FIN flood

Slowloris or session attacks

HTTP flood

Recursive HTTP GET flood

VoIP flood

NTP flood

DNS Amplification

IP Null Attack

SYN flood, or SYN attack

SIP malformed attack

SNMP reflection attack

CharGEN flood

MS SQL reflection DDoS attack

Memcached DDoS attack

<p>A class of attacks involving an intermediary acting for its own benefit: after inserting itself between two parties exchanging data, a third participant receives unauthorized access to their traffic with the ability to do virtually anything with it. The intermediary makes effort to hide itself in order not to evoke any legitimate parties&rsquo; suspicions of breaching the privacy and integrity of their traffic.</p>

MITM attack (Man in the Middle, "man in the middle", mediator attack) - what is it and how it works? Learn in StormWall Knowledge Base.

MITM (Man in the Middle) Attack Definition | StormWall

MITM (man-in-the-middle) attack

<p>Data center (DPC) is a multi-level storage for network and server equipment. Choosing a data center is based on the following points: reputation, reliability, location, etc.</p>

Data center is a special structure that houses network and server equipment. Data centers are divided into several tiers.

Data Center (Definition) | StormWall

<p>A&nbsp;<strong>data center</strong>&nbsp;is a special structure that houses network and server equipment.</p>

<h2>Contents:</h2>

<div class="anchor"><a href="#what-for">What is a data center and what is it for?</a></div>

<div class="anchor"><a href="#levels">Tiers of data centers</a></div>

<div class="anchor"><a href="#choosing">What should be considered when choosing?</a></div>

<h2 id="what-for">What is a data center and what is it for?</h2>

<p>What is the most important product in the world? Information. And usually, the information is stored somewhere on the Internet in the form of data. And for this data to always remain safe, data centers were invented.</p>

<p>Inside the data center, there are many stands with servers and network equipment where communication channels are connected. Placement in the data center can be purchased either as individual units or as whole stands.</p>

<p>The remote hands service is also very often offered by data centers. Remote hands is a service in which the client can entrust the execution of any tasks to the specialists of the data center.</p>

<p>With so much emphasis on proper storage, security, and handling of data, a business needs to find the right place to do it all. Good data management is what makes data centers an important asset for any company, large or small. But how to choose the right data center and what subjects should you pay special attention to?</p>

<h2 id="levels">Tiers of data centers</h2>

<p>Data centers are divided into several tiers. These tiers are determined by many different parameters, these include redundant power supply, uptime guarantee, quality of the cooling system, and more. In simple terms, the tier of a data center is the level of service in that data center. There are 4 levels.</p>

<ul>
	<li>Tier 1.
	<p>To be qualified as a Tier 1 data center, a data center must meet the following requirements:</p>

	<ul>
		<li>No more than 28.8 hours of downtime annually. This is the highest downtime among data centers of all tiers.</li>
		<li>Lack of redundancy. At this level, the data center has no redundancy in any area of ​​operation. There are no guarantees in the process of power and cooling.</li>
		<li>99.671% of uptime annually. This is the least uptime a data center of any tier can offer.</li>
	</ul>

	<p>If you are a small business, then a Tier I data center will be the ideal solution for you, as you are most likely looking for a cost-effective solution. These centers do not have many of the features found in larger centers, however, they may include a generator or a backup cooling system.</p>
	</li>
	<li>Tier 2.
	<p>To be called a Tier 2 data center, a data center must meet the following requirements:</p>

	<ul>
		<li>No more than 22 hours of downtime per year. There is a fairly large leap in the downtime between the second and third levels. Availability of redundancy is one of the main reasons.</li>
		<li>99.741% of uptime per year.</li>
		<li>Partial cooling and multiple power redundancy. The data center of the second level does not have redundancy in all areas of activity. Only two aspects are reserved - power and cooling. The redundancy in these areas is only partial. But still, no part of the system is fault-tolerant.</li>
	</ul>

	<p>Tier II data centers are often targeted at SMB customers. There are more guarantees of efficiency than those at Tier I data center. Such data centers can also serve more customers.</p>
	</li>
	<li>Tier 3.
	<p>To be called a Tier III data center, a data center must meet the following requirements:</p>

	<ul>
		<li>Fault tolerance N + 1 (amount required for operation plus reserve). The data center can carry out scheduled maintenance without disruption. Unplanned maintenance and emergencies can cause problems affecting the system. Problems can potentially affect customer service.</li>
		<li>72 hours of power outage protection. This provider must have at least three days of exclusivity. This power cannot be connected to any external source.</li>
		<li>No more than 1.6 hours of downtime annually. This downtime is for maintenance and serious emergencies.</li>
		<li>99.982% of uptime annually. This is the minimum uptime a data center can offer at this level. The reserve helps even in case of an emergency.</li>
	</ul>

	<p>Companies using Tier III data centers are often growing companies or businesses that exceed the midsize business of SMEs.</p>
	</li>
	<li>Tier 4.
	<p>To be called a Tier IV data center, a data center must meet the following requirements:</p>

	<ul>
		<li>No points of failure. Tier IV data centers have redundancy for each process and data protection stream. No simple glitch or error will ever put the system down.</li>
		<li>99.995% uptime per year. This is the level with the highest guaranteed uptime. It must be maintained for the center to maintain its rating.</li>
		<li>Infrastructure 2N + 1 (twice what is required for operation, plus a reserve). 2N + 1 is another way of saying &quot;enough&quot;.</li>
		<li>The maximum downtime rate is no more than 26.3 minutes per year. Data centers must allow some downtime to optimize mechanical operations; however, this annual downtime does not affect customer service.</li>
		<li>96-hour power outage protection. To meet the requirements of its tier, the infrastructure of the fourth level must have at least 96 hours of autonomous power supply. This power does not have to be connected to any external source and is completely the property of the data center. Some centers may have more.</li>
	</ul>

	<p>Tier IV is considered an enterprise-grade service. Companies that do not have an international presence and consistently high Internet traffic usually do not require such a high level of service. Tier IV data centers, usually, have a site about twice as large as the tier III data centers.</p>
	</li>
</ul>

<h2 id="choosing">What should be considered when choosing?</h2>

<p>Here are some of the most important aspects to consider when choosing a data center:</p>

<ul>
	<li>Location is one of the most important factors when choosing a data center. While you could save money if the center was further away, you risk losing some of the benefits.</li>
	<li>Reliability - Having a backup power supply is essential for a good data center.</li>
	<li>Security - Since all corporate data and applications are stored in it, a breach can be disastrous.</li>
	<li>The bandwidth of network services - all data centers have a capacity limit. Factors such as network reliability, speed, and even security can give you an idea of ​​how strong a network is.</li>
	<li>Flexibility and Scalability - If your business faces many changing requirements as it transitions to different projects, you just need to find a data center that can meet your needs.</li>
	<li>Failure backups - a good data center know all points of failure and ways to mitigate risks.</li>
	<li>Reputation - as with any purchase. First, find out what reputation the data center has.</li>
</ul>

Data center

<p>Colocation is a service in which the client&#39;s network equipment is located in a third-party data center.</p>

Everything about the Colocation service, what it is for, how it works and how to choose a good provider.

What is Colocation? | StormWall

<p>Colocation is a service in which the client&#39;s network equipment is located in a third-party data center.</p>

<h2>Contents:</h2>

<div class="anchor"><a href="#what-is-this">What is it?</a></div>

<div class="anchor"><a href="#who-need-it">Why and who needs it?</a></div>

<div class="anchor"><a href="#choosing">How to choose a provider?</a></div>

<h2 id="what-is-this">What is it?</h2>

<p>Recently, cloud hosting draws more and more press attention. One can easily suggest that everything will be in the cloud soon. The prospect of lower costs and high elasticity is attracting a lot of companies. But is it really the best choice?</p>

<p>Statistically, a lot of organizations still do not want to move everything into the cloud, especially small and medium-sized businesses. In fact, most companies continue to locate their servers on their own sites. While this can be convenient, self-hosting is usually very expensive and quite risky. Every year more and more companies understand that something needs to be done about it. This is where colocation comes in.</p>

<p>Colocation is the placement of private servers and network equipment in a third-party data center. Instead of placing and maintaining servers in part of the organization&#39;s own infrastructure, it is possible to place equipment by renting space in a special data center.</p>

<p><img alt="Colocation 1" height="664" src="https://content2.stormwall.network/or/articles/picture-colocation-1-1644576940943.png" width="1200" /></p>

<h2 id="who-need-it">Why and who needs it?</h2>

<p>Colocation has many advantages, such as:</p>

<ul>
	<li><strong>Great for businesses looking for complete control over their equipment.</strong>&nbsp;Companies can maintain their equipment in the same way as if they were installing it at their own sites.</li>
	<li><strong>This is a shared object.</strong>&nbsp;In colocation, the costs of electricity, cooling, communications and data center space are shared among tenants. This is significantly cheaper than building your own data center.</li>
	<li><strong>It removes the limitations of existing data centers.</strong>&nbsp;Instead of building a new data center, enterprises can simply use space in a commercial data center.</li>
	<li><strong>Can provide higher bandwidth.</strong>&nbsp;Placing equipment in such centers gives companies access to higher levels of bandwidth than conventional server hosting at a much lower cost.</li>
	<li><strong>It is more reliable.</strong>&nbsp;Data centers designed for colocation are more reliable. They provide better protection against power outages with multiple data backups and provide network capabilities with lower latency.</li>
	<li><strong>It is safer.</strong>&nbsp;Such centers apply more stringent measures to protect data, such as video surveillance monitoring, hired security, fire detection and extinguishing systems.</li>
</ul>

<p>The conclusion suggests itself: colocation is one of the most convenient ways to host servers. It can be suitable for any company, regardless of its size.</p>

<h2 id="choosing">How to choose a provider?</h2>

<p><img alt="Colocation 2" height="676" src="https://content2.stormwall.network/or/articles/picture-colocation-2-1644576962686.png" width="1200" /></p>

<p>In order to choose a good service provider, you should keep in mind the following factors, be sure to clarify them before signing the contract:</p>

<h3>- Power</h3>

<p>Electricity is what most people pay attention to when choosing a data center. Unfortunately, this question requires little more than just finding the supplier that will supply you with the most electricity.</p>

<p>Energy can be included in server hosting rates in several ways. For example, if you have a large enough company with a large number of servers, you can only pay for the amount of power consumed plus a surcharge.</p>

<h3>- Uptime</h3>

<p>After electricity, uptime is the next factor people don&#39;t hesitate to ask about. However, there are ways to provide you with a number that looks better than it actually is.</p>

<p>For example, some vendors will have scheduled downtime at regular intervals. Since this is scheduled, this does not count as a shutdown, even if you cannot access your data and applications. The best data centers will have 100% uptime specified in all contracts.</p>

<h3>- Environment</h3>

<p>Server racks require a very specific environment to operate. They generate a huge amount of heat that must be removed and constantly replaced with cold air to keep the machines from overheating. And then there is the threat of power outages, floods, fires. Even something as small as a mouse can be disastrous if it chews through the wrong cables.</p>

<p>Building a data center is not an easy task. Ask your supplier how they plan to avoid the pitfalls and what they are doing to keep your business from being hit by a disaster of any magnitude.</p>

<h3>- Support</h3>

<p>You might want to focus only on the hard numbers, but while support is more difficult to qualify, it can be critical to your data center experience. This is where the big savings can come from &ndash; the right colocation hosting services will provide you with things like having electricians on site, and the like.</p>

<p>The point of going to the data center is so that you don&#39;t have to do everything yourself. Focusing on support ensures that you get the level of attention and knowledge you need that you can&#39;t get anywhere else.</p>

<p>It is also worth mentioning Remote Hands &ndash; this is a service in which the client gets the opportunity to entrust any tasks to the data center specialists. It may be included in the colocation price, or it may not be included and is sold by the hour.</p>

Colocation

<p><img alt="What is a WAF?" height="630" src="https://content2.stormwall.pro/or/articles/picture-waf-1_w950.jpg" width="1200" /></p>

<p>Web application firewall is designed to protect your web application from various types of attacks. WAF can be called &ldquo;reverse-proxy&rdquo; as it protects server&rsquo;s data passing clients through itself before providing access to the resource.</p>

Web Application Firewall (WAF) — meaning, explaining, how WAF prevents DDoS attacks?

What is a Web Application Firewall (WAF)? | StormWall

<p>Web application firewall (WAF) is a traffic filtration tool that works on application layer and is used to protect web applications.</p>

<h2>Contents:</h2>

<div class="what-is-it"><a href="#what-is-it">Meaning and definition of WAF</a></div>

<div class="how-it-works"><a href="#how-it-works">How it works</a></div>

<div class="waf-vs-ids-ips"><a href="#waf-vs-ids-ips">WAF vs. IDS/IPS</a></div>

<div class="waf-can-do"><a href="#waf-can-do">What attacks does WAF protect against?</a></div>

<h2 id="what-is-it">Meaning and definition of WAF</h2>

<p>WAF helps to protect web applications by filtering and tracking traffic between web applications and the Internet. WAF works on the 7th (Application) layer of the <a href="https://en.wikipedia.org/wiki/OSI_model">OSI model</a>. That means that it is not intended to protect from all types of attacks. This method of attack mitigation is usually a part of a set of tools which together form an integral defense.</p>

<p>WAF is usually placed before web applications, working as a kind of shield between the application and the Internet. When <a href="https://stormwall.network/knowledge-base/termin/proxy-server">proxy</a> protects client&rsquo;s data, WAF can be called &ldquo;reverse-proxy&rdquo; as it protects server&rsquo;s data passing clients through itself before providing access to the resource.</p>

<p><img alt="What is a WAF?" height="630" src="https://content2.stormwall.pro/or/articles/picture-waf-1_w950.jpg" width="1200" /></p>

<h2 id="how-it-works">How it works</h2>

<p>WAF works on a set of rules. These rules are aimed to protect against vulnerabilities in the application by filtering malicious traffic. It is valued in particular for the speed and simplicity with which these rules can be changed, allowing for a faster response to changing attack vectors.</p>

<p>As it was already said before, WAF works on the application layer, which means that it deals with data stream, not network stream after it was received by the host. As a result, it is usually applied after decryption so it has full access to the content of the request and response.</p>

<h2 id="waf-vs-ids-ips">Web Application Firewall vs. IDS/IPS</h2>

<p>WAF tends to focus on signatures that are unique to web applications more, rather than IDS/IPS. It is also more likely to check things like JSON or XML format validation. WAF will pay attention to things that are not right, instead of looking for what is wrong.</p>

<p><img alt="Web Application Firewall meaning and definition" height="630" src="https://content2.stormwall.network/or/articles/picture-waf-2_w950.jpg" width="1200" /></p>

<p>Unlike WAF, IDS/IPS (intrusion detection/protection systems) work on network layer. While decryption is possible in some configurations, it is not expected in the same way as in the case of WAF, and if it is absent, then IDS/IPS can simply miss the attack on the web application. IDS/IPS can analyze all network layers, which allows it to look for things like IP fragmentation attacks which WAF cannot detect. Also, because IDS / IPS can monitor all traffic, it is not limited to just web application protocols and has a wider range of signatures. Thus, IDS/IPS may not have the same detailed set of web application signatures as WAF.</p>

<p>These are two intersecting technologies: in the event of an attack, both IDS / IPS and WAF will react to some traffic. For some only WAF or IDS / IPS. But there is also a chance that the attack will just fly past both of them.</p>

<h2 id="waf-can-do">What attacks does WAF protect against?</h2>

<p>As one can already understand, WAF is a very useful tool that protects against many types of attacks. Among them are such as:</p>

<ul>
	<li><a href="https://en.wikipedia.org/wiki/SQL_injection">SQL injection</a>&nbsp;is one of the most common types of attacks on websites and programs. that work with databases. Its essence lies in the injection of arbitrary SQL code into a query, which can give an attacker access to view and edit the database.</li>
	<li><a href="https://en.wikipedia.org/wiki/Cross-site_scripting">Cross site scripting (XSS)</a>&nbsp;is also a very common type of attack. Its essence lies in the injection of malicious code by the attacker. With its help, an attacker can gain access to the user&#39;s personal data, and in general, almost everything that JavaScript becomes available to him.</li>
	<li><a href="https://en.wikipedia.org/wiki/File_inclusion_vulnerability">Local and Remote File Injection (LFI/RFI)</a>&nbsp;- The use of local and remote files for their own purposes.
	<ul>
		<li>Local File Inclusion (LFI) - Allows an attacker to execute a local file on the server. With its help, a remote user can access arbitrary files on the server, including those containing confidential information.</li>
		<li>Remote File Inclusion (RFI) - Allows an attacker to execute a remote file on the server. RFI occurs when incoming data in the site&#39;s code is not properly validated.</li>
	</ul>
	</li>
	<li><u>RCE (remote code execution)</u>&nbsp;is the highest threat class A1 according to the OWASP classification. When using RCE, the attacker remotely executes code on the compromised computer, server, etc.</li>
	<li><u>PHP injection</u>&nbsp;is a way to hack PHP-powered sites, which consists in executing third-party code on the server. If this attack is successful, an attacker will be able to execute any PHP command.</li>
	<li><u>Automated actions</u>&nbsp;- guessing of logins, passwords, promotional codes. Online stores can automatically add items to the cart to reduce availability.</li>
	<li><a href="https://stormwall.network/knowledge-base/termin/bot">Bots</a>.&nbsp;They search and scan for vulnerabilities in web applications, extract data, etc. Bots generate roughly 20% of bad traffic on the internet.</li>
	<li><a href="https://en.wikipedia.org/wiki/Brute-force_attack">Brute-force attacks</a>&nbsp;- guessing of a password and user session identifier, various DoS attacks.</li>
</ul>

<p>Of course, this list is incomplete, WAF will be able to protect you from a much broader range of types of attacks.</p>

<div class="line"><a href="https://stormwall.network/waf">To the web application protection service using WAF</a>.</div>

<p>An attack against a system aiming to cause it to stop providing a service &ndash; a flood of bogus requests made to the system causes its overload, making it unable to handle requests from legitimate users.&nbsp;</p>

DoS is an attack against a system aiming to cause it to stop providing a service. Learn more in the StormWall's knowledge base.

DoS (Denial of Service) Definition | StormWall

<p>An attack against a system aiming to cause it to stop providing a service &ndash; a flood of bogus requests made to the system causes its overload, making it unable to handle requests from legitimate users. Being cheap to implement and efficient, DoS attacks are often used for unfair competition and other illegal purposes.</p>

DoS (Denial of Service)

<p>A distributed DoS attack carried out simultaneously from a vast number of devices that attackers have taken control over, gaining the ability to send commands to generate floods of bogus requests. An attack of this kind can cause a denial of service to systems owned by a large enterprise or to an entire network.</p>

There are 4 steps for Anti-DDoS Protection. First of all, provide as little information as possible to the attacker

What is DDoS | Anti-DDoS Protection and Mitigation Solutions

<p>A distributed DoS attack carried out simultaneously from a vast number of devices that attackers have taken control over, gaining the ability to send commands to generate floods of bogus requests. An attack of this kind can cause a denial of service to systems owned by a large enterprise or to an entire network.</p>

<h2>Contents::</h2>

<div class="anchor"><a href="#operation-principle">How it works</a></div>

<div class="anchor"><a href="#target">Who is most vulnerable to a DDoS attack?</a></div>

<div class="anchor"><a href="#types">DDoS attack classification</a></div>

<div class="anchor"><a href="#practice">DDoS protection methods</a></div>

<h2 id="operation-principle">How it works</h2>

<p>The purpose of a DDoS attack is to achieve denial of service for devices connected to the Internet: network equipment and infrastructure, various Internet services, websites and web applications, IoT infrastructure.</p>

<p>The vast majority of attacks develop in the following sequence:</p>

<ol>
	<li>Collecting data about the victim and further analysis in order to identify obvious and potential vulnerabilities, the choice of the attack method;</li>
	<li>Preparing for an attack by deploying malicious code on computers and Internet-connected devices that have been intercepted;</li>
	<li>Generating a stream of malicious requests from multiple devices controlled by the attacker;</li>
	<li>Analysis of the effectiveness of the attack: if the objectives of the attack were not achieved, the attacker can conduct a more thorough analysis of the data and perform a second search for the methods of attack (go to step 1).</li>
</ol>

<p>In case of a successful attack, the attacked resource will demonstrate a significant decrease in performance or will not be able to process legitimate requests from users and other services at all. Depending on what exactly the victim resource is, the consequences of a successful DDoS attack can be a sharp drop in performance or inaccessibility of the network, server, Internet service, website, application. As a result, the Internet resource &ldquo;freezes&rdquo;, legal users cannot access it at the right time, the network or server becomes temporarily &ldquo;cut off&rdquo; from the Internet, the Internet resource stops working correctly, etc.</p>

<p>Attackers may have different motivations. The most common occurrences are unfair competition, attempts at blackmail, conflicts of interest or beliefs, and social or political protest. Revenge attacks, a desire to &ldquo;practice&rdquo; the criminal hacking craft, and vanity are also common. However, in recent years, the desire of DDoS attackers to earn extra money has come to the fore. And if the order for an attack is generously paid, it can be quite intense, last for many hours, modified and repeated over and over again.</p>

<p><img alt="" src="https://content2.stormwall.pro/or/articles/picture-ddos-1_w950-1643811968288.jpg" /></p>

<p>The damage from a successful DDoS attack primarily lies in financial and reputational costs: lost profits, termination of contracts and loss of users, numerous complaints from customers, a wave of negativity in the media and social networks and, as a result, the decline in popularity of the Internet resource and its owner. Often, a DDoS attack is used as a cover for the main malicious impact in targeted attacks: while cybersecurity specialists focus on DDoS mitigation and system recovery, attackers strengthen the main attack vector - for example, hacking a service, stealing confidential data, or installing malicious codes.</p>

<h2 id="target">Who is most vulnerable to a DDoS attack?</h2>

<p>The most common targets for DDoS attacks are government, financial institutions, gaming services, and e-commerce companies. With the onset of the pandemic, attacks on educational resources, video conferencing services, online cinemas, media and entertainment sites have sharply increased.</p>

<p>One of the most intense and lengthy was the series of DDoS attacks in 2007 against government, financial, media and other resources in Estonia, which most likely became an expression of protest against the demolition of monuments to Soviet soldiers who liberated the republic.</p>

<p>Another major attack was carried out in 2013 against the international non-profit organization Spamhaus, which aims to fight spam. It can be assumed that the cybercriminals interested in spreading spam were clearly unhappy with her successful activities.</p>

<p>In 2014, one of the most powerful DDoS attacks in history was carried out - this time against the growing Occupy Central movement in Hong Kong, which advocated changing the country&#39;s voting system.</p>

<p>In 2015 and 2018, two more DDoS attacks took place against the world&#39;s largest Internet resource for joint development and hosting of IT projects GitHub.</p>

<h2 id="types">DDoS attack classification</h2>

<p>The most commonly used method of classifying attacks is by the OSI layer at which they occurred. Let&#39;s list the most common types of attacks:</p>

<ul>
	<li>Network layer (L3): DDoS attacks of this layer &ldquo;work&rdquo; over IP, DVMRP, ICMP, IGMP, PIM-SM, IPsec, IPX, RIP, DDP, OSPF, OSPF protocols. The targets of attacks are primarily network devices - switches (switches) and routers (routers).</li>
	<li>Transport layer (L4): the impact is made via the TCP and UDP protocols, as well as the DCCP, RUDP, SCTP, UDP Lite subprotocols. The targets of attacks of this level are usually servers and some Internet services, such as gaming.</li>
	<li>Application layer (L7): The attack is carried out at the application protocol layer. Most often, attackers use HTTP, HTTPS and DNS. Attacks of this level target both popular network services and various websites and web applications.</li>
</ul>

<p>Another common method of classification is by the method of exposure:</p>

<ul>
	<li>exploitation of protocol vulnerabilities: they allow to achieve denial of service by influencing the attacked resource with incorrect requests, as a result of which the victim &ldquo;goes into a stupor&rdquo;, trying to process them;</li>
	<li>traffic overflow with a powerful stream of requests, which the victim is unable to &quot;digest&quot;;</li>
	<li>impact on weaknesses in the architecture and logic of application operation, which can severely disrupt the performance of a software complex connected to the Internet, especially if it has a weak level of security.</li>
</ul>

<h2 id="practice">DDoS protection methods</h2>

<p><img alt="" src="https://content2.stormwall.pro/or/articles/picture-ddos-2_w950-1643812040005.jpg" /></p>

<p>Before taking on the use of means of protection against DDoS attacks, you should take care of increasing the degree of security of the Internet service - its ability to effectively repel attacks with a minimum waste of resources. Otherwise, in order to secure the Internet service from influences, you will have to spend a lot of effort and money. Shortly, to increase security you need:</p>

<ol>
	<li>provide as little information as possible to the attacker;</li>
	<li>provide as much information as possible to the DDoS defender;</li>
	<li>provide clear attack filtering capabilities;</li>
	<li>ensure the reliability of the service under attack.</li>
</ol>

<p>Possibilities of protection against DDoS attacks can and should be provided in an Internet resource even at the stage of designing its architecture: good design will increase the availability of the resource and reduce the cost of protecting it from attacks here:</p>

<p>As for the protection tools, they can be divided into local (on-premise), cloud and hybrid. On-premise solutions and anti-DDoS tools come in both software and hardware (specialized network devices) and can be installed by both customers themselves and their providers. The main users of local anti-DDoS solutions are large telecom operators (cloud and Internet providers) and data centers that can afford to have their own response service, are able to cope with powerful (hundreds of gigabits) attacks and offer anti-DDoS service to their customers.</p>

<p>Cloud solutions implement almost the same security functionality as on-premise solutions. In addition to packet protection, anti-DDoS cloud service providers often offer services to protect sites from attacks made by bots (attackers use the HTTP protocol in them), as well as technical support and support during a DDoS attack. Cloud solutions seem to be the best option for most companies.</p>

<p>A hybrid solution is a set of an on-premise solution and a subscription to an anti-DDoS cloud service that is automatically connected when an attack starts. A hybrid approach removes the attack volume limitations of on-premise solutions and takes advantage of both cloud and on-premise solutions. Hybrid solutions can be recommended for large enterprises with an emphasis on interacting with customers through online channels, as well as small service providers.</p>

<p>Depending on what kind of Internet resources need to be protected, anti-DDoS tools and services are chosen that have one or another range of protection functions:</p>

<ul>
	<li>protection against packet flooding based on filtering packets of the transport and network layer (L3 and L4) - this is enough to protect network devices;</li>
	<li>protection against both packet flooding and flooding at the application level (L3 - L7) - this is necessary, in particular, to ensure the operability of sites, since most attacks on them are carried out precisely at the L7 level;</li>
	<li>protection not only against flooding at the L3 - L7 level, but also against &ldquo;intelligent&rdquo; DDoS attacks using &ldquo;smart&rdquo; bots that attack those parts of web applications that are most resource-intensive when processing incoming requests, using the functions of the Web Application Firewall (WAF) - this is necessary to protect critical Internet resources.</li>
</ul>

<p><img alt="" src="https://content2.stormwall.pro/or/articles/picture-ddos-3_w950-1643812198402.jpg" /></p>

<p>The connection format distinguishes between symmetric and asymmetric DDoS protection. The first option implies installing the filter in a symmetric mode: both incoming and outgoing traffic of the protected server (or service information about this traffic) always passes through the filter. Asymmetric algorithms analyze only incoming traffic. In general, symmetrical protectors are more effective, but the cost of ownership is higher and the signal latency is higher. Asymmetric tools are often more complex, but because they do not analyze outbound traffic, some attacks are not fully filtered in asymmetric mode.</p>

<p>In addition, special care should be taken to ensure that DDoS protection is properly deployed: it is necessary to reduce to zero the number of vulnerabilities that an attacker could exploit.</p>

<p>And of course, you need to pay close attention to the choice of a protection provider, since the real quality of his services, as well as the level of his competence in anti-DDoS matters, can extend over a wide range.</p>