Knowledge base

D H I S T

DNS (Domain Name System)

A system that keeps the information about Internet domains, with its key function being to provide the IP address of a node or other resource upon receiving its full domain name. The system consists of multiple servers and has a distributed hierarchical architecture. In order to minimize DNS hacking attack risks and ensure the integrity and authenticity of data kept by DNS, its servers use built-in protection and security features, such as DNSSEC, TSIG, DANE, and others.

HSTS (HTTP Strict Transport Security)

A mechanism that forces a web client and server to establish an HTTPS-based secure connection at once, without first using the unprotected HTTP protocol. The approach helps to minimize the risk of attacks aimed at wiretapping or tampering with a web connection.

SSL (Secure Sockets Layer)

A protocol for cryptographically secure data exchange using popular Internet protocols, such as HTTP, FTP, TELNET, etc. SSL certificates are used to verify that a public key belongs to its actual owner. The authentication of keys used for data exchange using the protocol is based on asymmetric cryptography. The traffic itself, meanwhile, is protected from unauthorized access using symmetric encryption. The message integrity is verified using message authentication codes (MACs).

TCP (Transmission Control Protocol)

A transport layer protocol in the OSI model, one of the main protocols of the Internet protocol suite. It was initially developed to control data transmission and ensure its reliability. Currently, many types of DDoS attacks are known that exploit various TCP features and vulnerabilities.

SSDP (Simple Service Discovery Protocol)

A network protocol used in small-sized networks, such as residential ones, for advertising and discovery of network services, primarily the ones supported by the Universal Plug-and-Play (UPnP) architecture. Features of SSDP are used in DDoS attacks belonging to the SSDP amplification type.

HTTP (HyperText Transfer Protocol)

The World Wide Web protocol used for data communication between web servers and clients. Initially, the protocol did not have web traffic encryption, although later it has been implemented in the HTTPS extension.

HTTPS (HyperText Transfer Protocol Secure)

An extension of HTTP allowing to secure web traffic using cryptography algorithms based on the SSL and TLS protocols.

ICMP (Internet Control Message Protocol)

A TCP/IP stack protocol used for notifying about exception conditions that can occur in the Internet. Some of the protocol options are used for “internal” purposes only, without involving the transfer of any meaningful data.

IP tunneling

Creating a virtual channel for data exchange between two Internet-connected networks by way of encapsulating traffic inside the IP protocol: the packets that need to be sent from one network to another are transferred as data inside conventional IP packets. To protect the traffic sent inside an IP tunnel from unauthorized access, various cryptographic protocols are used.