StormWall Edu

The ongoing digital transformation of various businesses has not only significantly increased the load on networks and data centers, but also increased the interest of attackers in DDoS attacks at the network level. Modern DDoS attacks are already approaching 1 Tbit/s in scale.

Discover how the rise of smart home technology has also made it a prime target for DDoS attacks and learn how to safeguard your devices from being exploited by botnets.

Hackers regularly attack e-commerce websites. Explore how you can prevent this from happening to your online store and protect it from DDoS attacks.

How to detect the onset of a DDoS attack to avoid significant losses? How to set up DDoS attack monitoring? Check out our detailed instructions.

A DDoS attack is carried out simultaneously from a vast number of devices that attackers have taken control over, gaining the ability to send commands to generate floods of bogus requests. An attack of this kind can cause a denial of service to systems owned by a large enterprise or to an entire network.

Although customers of Internet service providers (ISPs) purchase communication channels with a precisely defined bandwidth, they are often not charged for the entire port capacity, but only for the bandwidth actually consumed. For ISP providers, this method is known as burstable billing. Moreover, this actually consumed bandwidth is usually taken into account not according to the highest of the indicators recorded during traffic measurements, but by subtracting 5% of the maximum - according to the largest of 95% of the remaining values. This method is called the 95th percentile.

Providers of Anti-DDoS services often offer to connect protection using the asymmetric scheme: only incoming traffic is filtered — the one that goes to the protected resources, and outgoing traffic is not considered at all. In a number of other situations, they use a symmetrical scheme when not only incoming, but also outgoing traffic or service information about it is analyzed.

Mistakes in the organization of protection against the risks associated with DDoS attacks almost always lead to a reduction in the resilience of their Internet resources to these risks, and it is impossible to compensate for them solely by connecting anti-DDoS services, even when they are most advanced. The situation is often aggravated by the fact that the combination of several flaws increases their overall negative impact. In this article, we will analyze some of these flaws we encountered while building protection against DDoS risks at a rather large client managing several hundred websites.

It often happens that customers of DDoS protection services believe that just by connecting to these services they are fully protected. Unfortunately, it is not quite right: DDoS protection is not magic or a superpower, and in order for it to work effectively, the services themselves must have sufficient immunity against DDoS risks.

In this article we will discuss how to achieve security of websites and server components of browsers, mobile applications and services that interact with HTTP/HTTPS-based protocols via APIs.