Denial of service (DoS) attacks are any attacks that attempt to make your Internet-based services inaccessible when you need them. An attacker who manages to knock your email server offline, for example, has executed a Denial of Service on your email.
Types of DoS Attacks
There are generally two types of DoS attacks we need to be prepared for: volume-based and logic-based.
- Volume-based Attacks. This type of DoS is the one most are familiar with. In a volume-based attack, the attacker simply attempts to flood a service or connection with so much traffic that communications either become unusably slow, or the service crashes altogether.
- Logic-Based Attacks. In a logic-based attack, the attacker attempts to exploit a flaw in a service to take it offline. For example, if an attacker finds a vulnerability in an unpatched web server, and uses that vulnerability to degrade the performance of the server, that would be a logic-based attack. It didn't take a lot of resources; it only took a "logic" flaw to degrade service.
You may have also heard of a "Distributed Denial of Service" attack - or DDoS. A DDoS attack is usually a volume-based attack that uses a network of computers to attack a single source. The attacks are most often conducted using machines that don’t belong to the attacker (previously compromised) and can be both highly effective and highly challenging to stop.
Preventing Denial of Service
DoS prevention is not an easy task, but there are a few things you can do to prepare:
- Trust the experts in DoS mitigation. Many providers in the marketplace will handle DoS for you. They do this (usually) by acting as a middle-man between your users and your network, blocking attacks on their own networks before the attackers can ever reach your network. While we don't specifically endorse only one vendor, the Coalition team of engineers entrusts Cloudflare with this task.
- Patch your servers. In logic-based attacks, the attackers are looking for flaws and known-exploits in your software in an attempt to take them offline. One of the best ways to prevent this kind of DoS attack is to always run updated software. While this seems like an easy thing to do, it's simple advice that most don't follow. This can often be more complicated in large environments, but it's nonetheless important.
- Use Application-Layer Firewalls. Application-layer firewalls work to prevent logic-based attacks by intercepting and testing all connections to your servers before they get to your servers. Think of this as a lock and key - if the traffic (key) doesn't fit the lock (your server), it won't get in. Once again, there are many vendors in this space, but one of the best and most affordable solutions on the market is Cloudflare.
- Know your network. While it may sound simple, knowing how your network (and cloud services) work within your organization is very important. When an attack happens, you need to be able to react quickly, potentially rerouting traffic using your DoS mitigation company - and that will require an understanding of your network.
Denial of Service attacks can be tricky to defend against. We recommend using third-parties for DoS prevention whenever possible, as they have the tools and techniques required. As with all things in cybersecurity, this is not a 100% guarantee. However, using these services is a fantastic way to reduce your risk to a manageable level in most cases.
For more information on this topic, please reach out to us; We’re here to help!