• Chat Now
  • Request Info Apply Now
Live Chat Now
Available
Give us a call

Send us a text

855.890.3001

855.890.3001

What is a DDoS Attack?

By Steve Smith

The information presented here is true and accurate as of the date of publication. DeVry’s programmatic offerings and their accreditations are subject to change. Please refer to the current academic catalog for details.

March 21, 2024

9 min read

As the interconnective abilities of technology advances, more and more Internet of Things (IoT) devices remote workers may continue to present a target-rich environment for cybercriminals. One of the biggest threats to cyber security, especially to organizations with expansive networks, is the DDoS attack. What is a DDoS attack? In this discussion, we will examine this cyber security threat, describing how a DDoS attack works, how network administrators can detect them and mitigate their effects, and the steps that can be taken to prevent them.

What Does DDoS Mean?

DDoS is an acronym for Distributed Denial of Service. A DDoS attack is a cybercrime where attackers flood a server with an overwhelming volume of fake internet traffic to hinder an organization’s systems or operations the point where the network’s legitimate users are prevented from accessing their online services or websites.

How DDoS Attacks Work

We can explore “what is a DDoS attack” further by explaining how these cyberattacks work. A DDoS attack is a large-scale action in which botnets are used to enlist numerous connected devices to flood its target with inauthentic requests and exploit cyber security vulnerabilities. The term botnet refers to a collection of computers that are interconnected to perform a specific task. While botnets are typically employed to perform helpful, legitimate tasks, their ability to control your computer enables them to be quite dangerous when deployed for malicious purposes. In a malicious attack, the botnet is infected with malware and controlled by an attacking party referred to as the bot-herder.

So what does DDoS mean for cyber security and functionality? These botnet disruptions will render a target’s system inaccessible or useless to legitimate users. The DDoS attack’s ability to scale up makes it much more far-reaching and potentially damaging than the simpler Denial-of-Service (DoS) attack, which uses a single internet connection to do its dirty work. Potentially causing multiple service disruptions, DDoS attacks can last for hours or days. It’s also possible that cybercriminals can infiltrate the target audience’s database and access sensitive information during the attack, potentially adding damage or theft of data to the disruption.

Types of DDoS Attacks

Common types of DDoS attacks target varying components of a network connection, and include application-layer attacks, protocol attacks and volumetric attacks:
 

  • Application layer attacks: This attack targets the connection layer where web pages are generated on the server and delivered in response to HTTP requests. The attack’s goal is to exhaust the target’s resources to create a denial of service. Because it can be difficult to distinguish between malicious and legitimate traffic, this type of attack is particularly challenging to defend against.

  • Protocol attacks: Using weaknesses in the target’s protocol stack, these attacks cause a service disruption by over-consuming the resources of the target’s servers or network equipment.  One example of a protocol attack is a SYN Flood, which exploits the TCP handshake, or the sequence of communications by which two computers establish a network connection. The attacker sends a large number of TCP initial connection request packets to the target with spoofed, or fake, IP addresses, to which the target machine responds, then waits for the final step in the handshake, which never occurs. In the process, the target’s resources are exhausted.

  • Volumetric attacks: This category of attack is designed to create congestion by gobbling up all the available bandwidth between the target organization and the wider internet. Using DNS amplification or other means of generating a massive amount of traffic, such as requests from a botnet, an overwhelming volume of data is sent to the target.

Detecting and Mitigating DDoS Attacks

Identifying a DDoS attack and differentiating its symptoms from normal fluctuations in an organization’s network status can be challenging. Through the use of carefully executed detection and mitigation methods, organizations can identify DDoS attacks and take steps to minimize their damage.

Early detection methods

Using traffic analysis tools, organizations and their information security professionals can spot the telltale signs of DDoS attacks. Early detection is crucial. Symptoms may include:
 

  • Slow performance speeds

  • Unusual media content

  • Excessive spam

  • Unviewable websites
     

In order to detect attacks consistently and reliably, DDoS detection systems must scan a massive amount of data to establish a baseline of what is accepted as normal traffic, and what is an anomaly. This has been traditionally accomplished through the use of single-server systems, but the accuracy and scalability of DDoS detection is being improved through the use of cloud-based systems using big data technologies.

 

Mitigation strategies

The 4 stages of mitigating a DDoS attack using a cloud-based DDoS protection provider include:
 

  • Detection: The ability to distinguish an attack from a high volume of normal traffic is crucial in DDoS attack detection and mitigation. IP reputation, common attack patterns and previous data are all factors that assist in proper detection.

  • Response: Responding to an incoming threat, the protection network responds by intelligently dropping malicious bot traffic, then absorbing the rest of the traffic. Using web application firewalls (WAF) page rules, the network is able to mitigate attacks and their disruption.

  • Routing: With the ability to re-route traffic, a DDoS management solution will break up the remaining traffic into chunks and thereby prevent the traffic congestion that can cause a denial of service.

  • Adaptation: By adapting to attack patterns, repeating offending IP blocks or particular attacks coming from certain geographical areas, a good DDoS mitigation solution can harden itself against future attacks.
     

If an attack is suspected or present, companies can employ some of the following strategies throughout the above steps to mitigate the impact of a DDoS attack through:
 

Risk Assessment

Thorough risk assessments are an important step toward safeguarding a system against a DDoS attack and enable organizations and their IT security professionals to develop and maintain an awareness of their cyber security strengths and weaknesses. By understanding their most vulnerable hardware and software assets and framework, they can implement strategies to reduce the damages and disruptions.
 

Traffic Differentiation

Once a DDoS attack is suspected, one of the first responses should be a process called traffic differentiation, where the organization takes steps to determine the quality or source of the abnormal traffic. Rather than shutting off all traffic coming into the system, an effective mitigation strategy would be to scatter the traffic among a network of distributed servers to make it more manageable.
 

Rate Limiting

Rate limiting is another mitigation strategy that limits the number of requests a server can accept within a specific amount of time. While this isn’t enough on its own to fight back against a sophisticated attack, it can be a component of a multi-faceted response.
 

Firewalls

Firewalls are an essential tool in cyber security, and WAFs can reduce the impact of application-layer attacks. The WAF sits between the internet and a company’s servers and is used to create a set of rules that filter requests. The firewall’s rules can be customized based on patterns of suspicious activity the DDoS has displayed.
 

Black Hole Routing

In a mitigation strategy called black hole routing, an organization or its internet service provider creates a route that herds traffic into a “black hole,” thereby dropping it from the network. This is one of the more extreme remedies, as it also nullifies legitimate traffic.

DDoS Attack Prevention

The most effective way to defend against DDoS attacks is by developing a robust denial-of-service defense strategy that considers every aspect of detection, prevention and mitigation of this type of cyberattack. It’s important to obtain buy-in from all relevant stakeholders and incorporate a strong communication element that will inform and educate employees and computer network users as to the DDoS threat potential. A DDoS attack response team should be organized with assigned roles, so that each team member understands what they need to do if a DDoS attack occurs. 

At the heart of this strategy should be a commitment to risk analysis to understand what areas of an organization need threat protection. Regular network security assessments and vulnerability scans can identify security gaps and help to assess potential threats. DDoS protection software or technologies should be updated regularly to be sure they are working correctly and optimally.

Prepare to Pursue a Career as a Cyber Defender

If you have a passion for the cyber security side of the tech industry, we can help you take the first step toward becoming a cyber defender. Our online Undergraduate Certificate in Cyber Security program can help you acquire the fundamental skills to safeguard businesses and their sensitive information from cyberattacks.

Coursework in this 100% online program explores topics that include strategies to safeguard networks and systems, ethical hacking, information assurance policies and small enterprise networks, and may also help you prepare to pursue industry-relevant certifications like CompTIA A+, CompTIA Cloud+ and CompTIA Security+.

You can earn your Undergraduate Certificate in Cyber Security from DeVry in as little as 1 year and 2 months with an accelerated schedule or 1 year and 6 months with a normal schedule.1

1Normal schedule does not include breaks and assumes 2 semesters of year-round, full-time enrollment in 7-13 credit hours a semester per 12 month period. Accelerated schedule does not include breaks and assumes 3 semesters of year-round, full-time enrollment in 7-13 credit hours a semester per 12 month period.
 

The certificate program stacks into our Associate Degree in Cybersecurity and Networking, and our Bachelor’s Degree in Cybersecurity and Networking and our Bachelor’s Degree in Information Technology and Networking with a Specialization in Cyber Security.2 These stackable degree programs allow you to pursue your higher education goals while earning incremental credentials that can help you enter the workforce and apply what you’ve learned sooner.

 

DeVry University’s Cyber Security curriculum is acknowledged and verified as an approved provider by the National Initiative for Cybersecurity Careers and Studies (NICCS). DeVry is also a CompTIA Authorized Academic Partner.

 

DeVry offers a Future Cyber Defenders Scholars Program to help students enrolled in one of our cyber security programs who are preparing to pursue a career in tech. This program gives you access to trainings, events and conferences hosted by industry leaders, an opportunity to participate on DeVry’s National Cyber League competition team and join our chapter of CompTIA, and provides career support like job search resources and help finding internships, apprenticeships and more.

 

Get More Info

1Normal schedule does not include breaks and assumes 2 semesters of year-round, full-time enrollment in 7-13 credit hours a semester per 12 month period. Accelerated schedule does not include breaks and assumes 3 semesters of year-round, full-time enrollment in 7-13 credit hours a semester per 12 month period.

2At the time of application to the next credential level, an evaluation of qualifying transfer credit will occur and the most beneficial outcome will be applied. Future programmatic changes could impact the application of credits to a future program. Refer to the academic catalog for details.

8-Week Class Sessions

Classes Start January 6, 2025
Request Info

Filter Blog Post Category

Related Posts
Request Info Apply Now Call
Classes Start Every 8 Weeks
DeVry University

In New York, DeVry University operates as DeVry College of New York. DeVry University is accredited by The Higher Learning Commission (HLC), www.hlcommission.org. The University’s Keller Graduate School of Management is included in this accreditation. DeVry is certified to operate by the State Council of Higher Education for Virginia. Arlington Campus: 1400 Crystal Dr., Ste. 120, Arlington, VA 22202. DeVry University is authorized for operation as a postsecondary educational institution by the Tennessee Higher Education Commission, www.tn.gov/thec. Lisle Campus: 4225 Naperville Rd, Suite 400, Lisle, IL 60532. Unresolved complaints may be reported to the Illinois Board of Higher Education through the online complaint system https://complaints.ibhe.org/. View DeVry University’s complaint process https://www.devry.edu/compliance/student-complaint-procedure.html Program availability varies by location. In site-based programs, students will be required to take a substantial amount of coursework online to complete their program. Do Not Sell or Share My Personal Information.


© DeVry Educational Development Corp. All rights reserved.