It’s an average Tuesday afternoon, when suddenly you begin receiving phone calls from your customers asking why they cannot access your website. You try to check it yourself, and receive error messages indicating that the page is not available, or that the server is busy. Nothing else appears to be amiss — your server is up and running like normal — but you just can’t seem to access the network.
Congratulations, you’ve most likely just fallen victim to a denial of service attack.
Understanding DDoS Attacks
The premise behind denial of service attacks is actually quite simple: Hackers, usually using unattended public servers, or hacked servers belonging to other enterprises, create massive amounts of Internet traffic aimed toward a specific company’s server. The marked increase in traffic — the average attack sends fewer than 100 gigabits per second, although [tp lang=”en” only=”y”]the largest attack in history sent 400 gigabits per second to a corporate server[/tp][tp not_in=”en”]the largest attack in history sent 400 gigabits per second to a corporate server[/tp] — essentially causes “server overload” and effectively blocks access for all legitimate traffic on that server.
There are two major types of attacks. A denial of service attack usually involves just one server attacking another service. A DDoS, or distributed denial of service attack, stems from several servers that may be located around the world. In some cases, the attacks may appear to be coming from inside the network or from a particular server belonging to a competitor, but they usually do not stem from that location and are difficult to trace. Another issue? Many times, businesses that fall victim to these attacks aren’t the actual targets, but just happen to be sharing a server with another business that’s being attacked. Since the excess traffic is attacking the entire server, and cannot differentiate between traffic for one company or another, many victims are simply innocent bystanders.
And despite the actual target and the source of the attack, the outcome is the same: A business that is hit with a DDoS attack will experience downtime, which can lead to lost sales, dissatisfied customers, and a whole lot of headaches trying to stem the attack .
Yes, You Are Vulnerable
As a small business, you might be thinking, “Oh, this won’t happen to us. We’re too small to attack. No one cares.” And truth be told, the most common targets tend to be large banks, credit card processing companies, and big-name hosting companies (hosting provider GoDaddy went down from a DDoS attack a few years ago, for example). However, thinking you’re protected by your small size is dangerous approach, because again, it’s not always about you. The attack could be on someone else sharing your server. One of your clients could also be the target as well. If you offer a vital service to a larger company, for instance, hackers may determine that taking you offline can do harm to the more substantial target.
Protecting Yourself
Some experts argue that there really isn’t much that a business can do to protect itself against a large DoS or DDoS attack. However, you can take steps to prevent becoming an innocent victim or experiencing devastating downtime.
Contract with a colocation provider that provides protection. For example, [tp lang=”en” only=”y”]Scalematrix in San Diego has the ability to identify, contain, and defeat a DDoS attack within minutes[/tp][tp not_in=”en”]Scalematrix in San Diego has the ability to identify, contain, and defeat a DDoS attack within minutes[/tp], often before the server owner even notices an issue.
Work closely with your ISP. When you have contacts at your ISP and a plan in place for dealing with a denial of service attack, you can mitigate the problem quickly without scrambling to decide what to do.
Identify the bottlenecks in your network. Misconfiguring your equipment so that it is unable to handle a sharp increase in traffic makes a successful attack even more likely. Look for places that could be negatively affected by a sudden increase in traffic, and take steps to open them up.
Avoid shared servers. If your livelihood depends on a server that’s capable of handling traffic 24/7, shared hosting may not be your best option. A private, secure server is more expensive and requires additional maintenance, but it does offer peace of mind and protection against most attacks aimed at other businesses.
Many businesses will experience some type of denial of service attack at some point, but if you deal with the attack quickly, the damage will be minimal. The most important thing is to accept that the risk is real and that you are vulnerable, and the take steps to reduce the potential for a negative outcome.