adimas - Fotolia
A distributed denial of service, or DDoS, attack is a method to bring down a service by sending a flood of legitimate or illegitimate requests from multiple source devices. The goal is to overwhelm the target device so that it can no longer operate normally. Let's examine two: network layer and application layer DDoS attacks.
Network DDoS attacks attempt to overwhelm the target by overtaxing available bandwidth. Network DDoS protections formerly were implemented at the network edge -- typically, using next-gen firewalls and intrusion prevention systems. But, even with DDoS protections in place, a large-scale bot network can quickly overwhelm the edge.
Today, it's more common for enterprises to tap into the resources of a cloud security service engineered with a high-capacity network expansive enough to handle massive amounts of data in the event a DDoS attack occurs. Because the service can handle the bandwidth capacity without the threat of its resources succumbing to overutilization, it can successfully identify and scrub DDoS traffic while passing on legitimate traffic to your servers. This architecture moves the threat of a bottleneck closer to the source of the attack where it can be better handled without interruption.
How application layer attacks work
Application layer DDoS attacks, on the other hand, don't target network bandwidth. Instead, they strike the application (Layer 7 of the OSI model) running the service end users are trying to access. To that end, the server, server application and back-end resources are the main target. The goal of these attacks is to consume the resources of a specific service, thus slowing it or stopping it altogether.
Application layer DDoS attacks are trickier to identify and mitigate compared to a network layer DDoS attack. Common methods include the use of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) tests to validate bots from humans. Additionally, the use of a web application firewall (WAF) is a great way to protect against more sophisticated application DDoS attacks. The purpose of a WAF is to use various signatures to discern between normal human requests and those sent from bots. A WAF can be deployed either on premises or through a third-party cloud security service provider.
Dig Deeper on DDoS attack detection and prevention
Related Q&A from Andrew Froehlich
AIOps can take various tasks -- such as data collection and analysis -- off the plates of network teams. This can provide organizations with better ... Continue Reading
Software-defined WAN, DMVPN and IPsec tunnels each have a place among enterprises. Our network expert compares each one and explains where they can ... Continue Reading
In your organization's search for the best network automation platform for business operations, compare the pros and cons of proprietary and open ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.