The capacity or bandwidth of web servers is limited. In other words, they resolve a certain number of simultaneous requests or connections. Once the maximun capacity has been reached, the server performance slows down and may crash. Usually, when something like this happens it is because the web server has fallen victim to a Denial of Service (DoS) attack or to a Distributed Denial of Service (DDoS) attack.

What is the difference between DoS and DDoS attacks?

In both cases, the hacker tries to saturate the server´s bandwidth to interrumpt the service. 

Although these attacks are very similar, there are slight differences between them:

  • Denial of Service (DoS) attacks: The origin of these attacks is centralized. That is, the requests come from the same machine or IP. As mentioned before, the goal is to launch as many requests as possible to saturate the server and force it to reject new requests. If the administrator is able to identify the IP or the machine where the requests come from, he may block it. 
  • Denial of Distributed Service (DDoS) attacks: Unlike the previous case, these attacks have multiple origins. In other words, the requests come from different computers or IP addresses (which may be geographically separated). This is possible due to the so-called botnets. Botnets allow hackers to launch large numbers of simultaneous requests and, therefore, design more aggressive attacks. The varied origin of these attacks makes it really difficult to detect and contain them.

Why are these attacks carried out and to whom do they affect?

The ability to create a botnet, makes these attacks significantly more dangerous. If these attacks are already cheap, difficult to detect and highly effective, botnets simplify them even more.  

Any company might be a victim of this type of attack. In fact, we have seen in the past few months how business giants, with large budgets dedicated to cybersecurity, have fallen victim to DDoS attacks. 

A company may believe that it has hit on the key and its website is receiving thousands of visits from people interested in its product or service when, in reality, it is being targeted.

In most cases, attackers use a variety of techniques and tools to hide their identity, which makes it more difficult to identify them.

The problem is not only that customers can´t access the website, but that employees can´t access critical resources for business continuity.

Is it possible to prevent DDoS attacks? 

In general, DDoS attacks exploit the vulnerabilities of applications. Until recently, it was possible to protect applications with security solutions such as CASBs, WAFs, etc. but given the complexity and sophistication of current attacks, these solutions are no longer effective.

Currently, the only valid approach that offers 100% effectiveness is known as zero trust or what is the same: web isolation. Only by eliminating the attack surface can we be really protected.

Follow us on Twitter y LinkedIn to stay up on the latest updates and remember that you can also subscribe to our blog!.