When it comes to protection from DDoS attacks, there are four main ways to do so – take a look.
- Do It Yourself
This may be the easiest method, it is however the least effective. Usually some Python scripts will be written in an attempt to filter out the bad traffic, a business may also try to use their current firewalls for blocking traffic. The early 2000s were a time in which attacks were quite simple, this may have worked. Nowadays however, attacks are way to complex and large for this form of protection. Even under the load of a trivial attack, a firewall will quickly melt.
- On Premise Equipment Which is Specialized
Quite similar to the “Do It Yourself” method, an entry is handling all of the work to halt the attack, however, instead of relying on an existing firewall or scripts, they buy and launch dedicated DDoS appliances. This is hardware that is specialized and sits in the data room of a business in front of the regular routers and servers which are built specifically for detecting and filtering the traffic which is malicious. There are however some fundamental issues with these devices:
They are expensive CAPEX purchases that are likely to just sit there doing nothing until you are attacked. They also tend to be expensive to operate. A skilled network as well as security engineers are needed to worth the devices, no magic “mitigate DDoS button exists.
The operations team has to constantly update them in order to keep them up to date with the threats that are currently trending. DDoS tactics change almost on a daily basis. Your team has to be ready to consistently update the devices according to the latest threats.
They are unable to handle volumetric attacks. Most businesses are not likely to be equipped with enough bandwidth to take on the extremely large DDoS attacks that are happening nowadays. If the attack exceeds the network capacity, these devices are literally useless. This piece by Alternative Networks offers plenty of info.
- Internet Service Provider (ISP)
There are businesses that provide DDoS mitigation by using their ISP. These ISP’s have more bandwidth than any business would, this is helpful against the large volumetric attacks, there are however three main issues that these services also have:
They lack in core competency. Selling bandwidth is the business that ISP´s are in, the required capital and resources that are required to be one step ahead of the latest DDoS threats are not invested in. It can turn into a cost center for them, something they will have to provide, this is why they do it as cheaply as possible.
Single provider protection. Generally businesses today are multi-homed over two or even more network providers in order to remove failure from a single point from one provider. The best practice to maximize up time is having two providers. DDoS mitigation solutions that are ISP only protect their network links, not any other links that you may have, this means that you will require DDoS mitigation services from other providers, this doubles your cost.
No cloud protection provided, much like the same subject above, nowadays many web applications are split between cloud services such as GoGrid, Amazon. Rackspace etc and data centers owned by the business. ISP´s are not able to protect the traffic on these cloud services.
- Cloud Mitigation Provider
Now on the other hand, cloud mitigation providers specialize in providing DDoS mitigation directly from the cloud. What this means is that massive amounts of network bandwidth as well as DDoS mitigation capacities have been built out at various sites across the Internet which can take any kind of network traffic, whether you are using multiple ISP’s, your personal data center or a variety of cloud providers. They are able to sort the traffic for you, meaning that only “clean” traffic is sent to your data center.
The following benefits are provided via cloud mitigation providers:
Expertise — These providers generally have security and network engineers as well as researchers who are always on the lookout for that latest DDoS tactics to provide their customers with better protection.
Plenty of Bandwidth — These providers are backed with way more bandwidth than a business could ever have on its own to stop the largest volumetric attacks.
A Variety of DDoS Mitigation Hardware — DDoS attacks are very complex to say the least. More than one layer of filtering is needed in order to stay up to date on the latest threats. Cloud providers are able to fully take advantage of the various technologies, not one COTS (commercial off the shelf) but also their very own technologies are used to defend against attacks.
The logical choice a business can make for their DDoS protection needs is a cloud mitigation provider. Not only are they the most cost effective, they are also the scalable solution to stay up to date with the fast advances in DDoS techniques and attacker tools.