StormWall Edu

Although customers of Internet service providers (ISPs) purchase communication channels with a precisely defined bandwidth, they are often not charged for the entire port capacity, but only for the bandwidth actually consumed. For ISP providers, this method is known as burstable billing. Moreover, this actually consumed bandwidth is usually taken into account not according to the highest of the indicators recorded during traffic measurements, but by subtracting 5% of the maximum - according to the largest of 95% of the remaining values. This method is called the 95th percentile.

Providers of Anti-DDoS services often offer to connect protection using the asymmetric scheme: only incoming traffic is filtered — the one that goes to the protected resources, and outgoing traffic is not considered at all. In a number of other situations, they use a symmetrical scheme when not only incoming, but also outgoing traffic or service information about it is analyzed.

Mistakes in the organization of protection against the risks associated with DDoS attacks almost always lead to a reduction in the resilience of their Internet resources to these risks, and it is impossible to compensate for them solely by connecting anti-DDoS services, even when they are most advanced. The situation is often aggravated by the fact that the combination of several flaws increases their overall negative impact. In this article, we will analyze some of these flaws we encountered while building protection against DDoS risks at a rather large client managing several hundred websites.

It often happens that customers of DDoS protection services believe that just by connecting to these services they are fully protected. Unfortunately, it is not quite right: DDoS protection is not magic or a superpower, and in order for it to work effectively, the services themselves must have sufficient immunity against DDoS risks.

In this article we will discuss how to achieve security of websites and server components of browsers, mobile applications and services that interact with HTTP/HTTPS-based protocols via APIs.

We provide a brief guide that will help to improve the effectiveness of protecting networks and autonomous systems from DDoS attacks. It lists the aspects that should be taken into account.

Although DDoS attacks are mainly carried out with bots, the initiators and coordinators of the attacks are humans. The nature of the attacks, their intensity and duration largely depend on their motivation and behaviors. In this article, we explain why hackers launch DDoS attacks and offer a few recommendations on how to stay safe.

As you know, quality is very rarely cheap. The protection StormWall offers is no exception: we invest thoughtfully to achieve high quality of our DDoS protection service while keeping fair prices - far from the highest on the market. Thanks to the chosen strategy, we offer a very favorable price-quality ratio.

It is very important to clearly define what signs can be used to identify legitimate requests so that the anti-DDoS provider can accurately identify the beginning of an attack on the application and defend against illegitimate requests. Application developers and their customers should have an idea of how a DDoS defender thinks and acts, and ensure up front that it can detect and disable bots.

Owners of Internet resources, trying to protect them from DDoS attacks, often make mistakes that undo their efforts and investments in protection. Perhaps, most dangerous in this case is that organizations that bought a DDoS protection are under the illusion that they are automatically on the safe side.