Causes of DDoS attacks
- DDoS for the purpose of blackmail, and obtaining money from the victim. When an attacker deliberately chooses a certain business, for example, a medium-sized online store, or a local company, the site of which accounts for a large share of orders, and actually disables the site, promising to stop the attack after paying a reward.
- DDoS to eliminate a competitor.
This may be a short-term DDoS, designed to steal some of the visitors. Very often this is practiced in online games. When a new server with the game opens, some competitors, whose opening is scheduled a few days later, can order an attack on such a server so that some part of the players simply doesn't want to play there, due to incessant disconnects and lags.
Also, short-term DDoS can be for the duration of some event. Theoretically, a flower delivery service can "kill" a competitor's website before Valentine's Day.
- DDoS for political purposes. These are already much larger volumes, designed to "drop" this or that government site/service.
In all these cases, ddos protection can help. Only you need to do this before the incident, and not during.
In short, protection against DDoS attacks aims to cut off excess traffic sent through one channel or another. The simplest DDoS protection tools filter traffic even before it reaches the server for processing. Moreover, simple hostings, the first to receive traffic from the sites located on them, can also be vulnerable.
There are several basic methods to protect against suspicious traffic:
- Application of firewalls with dynamic packet inspection;
- Installation of flood screens;
- Limiting the number of SYNs per second;
- Working with Timeout, KeepAliveTimeout parameters, Options directive in web server settings.
If we talk not about DDoS, but about hacking, then the era of "login-password" authorization is long gone, now it has been replaced by a zero trust model.
Zero Trust Model Principles
1. Constant monitoring and verification
Continuous monitoring means that authenticated users can navigate your business's digital channels, but are never left unattended.
2. The principle of least privilege
This principle provides access to the least amount of IT resources that users need to complete their tasks.
3. Device access control
Connecting a user from another device will obviously raise questions from the security system.
4. Multi-Factor Authentication (MFA)
MFA requires more than one proof to validate a user. For example, to gain access, it is not enough to enter a password - all users require a second step to log in, such as an SMS text code, or a Google Authenticator login.
At the moment - this is Most Have
Microsegmentation refers to the practice of dividing security perimeters into zones that restrict access to sections of your network. Imagine a liner that received a hole in the 12th compartment, which was insulated in time, thanks to which the ship remained afloat.