X
Število kibernetskih napadov se je v zadnjem letu podvojilo. Vas zanima, kako se jim lahko izognete? Postanite del naše skupnosti.
In the last year, the number of cyberattacks doubled compared to the year before. Do you want to repel potential threats? Join our community.
  • Skip to primary navigation
  • Skip to main content
  • Skip to footer
Carbonsec – Cybersecurity Consultancy Services Company

Carbonsec - Cybersecurity Consultancy Services Company

Cybersecurity services for businesses to be hackerproof, because it sucks to waste unnecessary time dealing with cyber criminals instead of focusing on business.

  • Services
    • Password security test
    • Penetration test
    • Red Teaming
    • DDoS test
    • ICS Security
    • Cybersecurity Consulting
    • Secure Static Code Review
  • Solutions
    • Pentera Automated Penetration Testing Solution
    • SecurityScorecard Risk Rating and Supply Chain Security
    • Simulated phishing attacks
    • Free Tools
    • Breach and Attack Simulation (BAS)
  • Training
    • Security Awareness Training
    • Security for Developers
    • Purple Team Coaching
  • News
    • News
    • Blog
  • Resources
  • Company
    • About Us
    • Core Team
    • Careers
    • Partners
  • Contact
  • SLO
  • Email
  • Facebook
  • LinkedIn

DDoS test

Test the effectiveness of implemented DDoS defences and the resilience of the network to flooding attacks.

Check the exposure to denial-of-service attack vectors with a DDoS test.

A DDoS attack is typically carried out by routing bulk traffic to a service in order to saturate bandwidth. Data is sent from multiple devices around the globe. The difference between DoS and DDoS attacks is in the dispersion of servers. While DoS attacks are carried out from a single server and might be less “dangerous”, DDoS attacks route a stream of data or requests from many servers to a single device. As a result, saturation and service failure occurs more quickly.

The goal of a DDoS attack is to crash online services and disrupt the business. Hackers use a variety of methods to achieve this goal:

  • volumetric attacks saturating the entire bandwidth to a single organisation or service,
  • application-level attacks where requests are sent to a single application; and
  • protocol-level attacks where the target is overloaded with requests and replies which remain unanswered. 

Volumetric attacks are the most difficult to contain, as in extreme cases targets are flooded from multiple devices with seemingly legitimate packet data units. Regardless of the form of attack, a successful DDoS attack can have severe financial and operational consequences, often affecting ordinary users.

Therefore, connectivity providers often offer their customers DDoS protection which includes filtering and scrubbing traffic and redirecting suspicious traffic to larger, regional filtering (or scrubbing) centres. If properly installed and managed, such a service can effectively protect users from DDoS attacks.

How do we do a DDoS test?

When conducting DDoS tests, testers should act as if the attack was carried out by real hackers but under controlled circumstances. The pre-test stage of the project includes coordination with the client and a thorough analysis of all parameters and risk factors.

DDos service

DDoS tests are typically carried out at night. Why? With a DDoS test, we want to check if flooding can disable a service; however, we don’t want to harm our client’s business. Therefore, we run the test when the network is the least burdened, and the chances that users will be affected by the test are low. For the same reason, the traffic is being increased under controlled circumstances, and we do not exceed the agreed bandwidth.

A DDoS test can effectively check not only the resilience of the network but also the efficiency of the implemented DDoS protection. Unless an actual attack on the system occurs, the effectiveness of the protection is only a theoretical assumption. To achieve the best long-term results and improve the settings for filtering malicious traffic, we recommend that the service provider participates in all or some phases of DDoS testing. 

Key steps of a user-oriented DDoS test:

  • define the scope of testing (number of devices),
  • set the test date,
  • define the types of planned DDoS tests,
  • test with dedicated tools,
  • present the report and discuss recommendations to address security deficiencies,
  • discuss the optimisation of security settings for traffic filtering (scrubbing),
  • run a DDoS validation test to verify that the system is working properly after implementing the improvements.

Our service includes the same set of tests that hackers use in actual attacks:

  • Volumetric DDoS attack

This attack aims to saturate a significant part of the agreed bandwidth. In such attacks, the burden is evenly distributed among dispersed DOS resources (e.g. IoT). The test also verifies the adequacy of the filtering settings if implemented by your connectivity service provider.

  • DDoS attack at application or protocol level 

These tests aim to exhaust the core of the available resources of a service, device or system. We want to test the resilience to DDoS attacks that exploit weaknesses in protocols or applications in tested systems.

How do you benefit from a DDoS test?

The most important information you get from a DDoS test is an accurate indication of whether your system is resistant to a DDoS attack or not. Without the test, you can only make predictions based on assumptions about the network architecture and the implemented security mechanisms to prevent denial of service.

Furthermore, the DDoS test answers the following questions:

  • Is your DDoS protection working properly?
  • Are your servers, web servers and applications resilient to the increased number of requests?
  • How responsive are your servers and applications to increased traffic?
  • What scenarios can an attacker use to achieve a service failure?
Is your environment DDoS-proof?
Ask us to check it out.

The Insights from the Carbonsec Blog …

Artificial intellingence versus human

Cyberwar dictates automated penetration testing

Should you run a penetration test or Red Teaming exercise?

One Thousand Pentesters In a Box – Dream or Reality?

Let’s work together

Get in touch with us and send some basic info about your project.

Get Quote

Footer

ABOUT

Cybersecurity services for businesses to be hackerproof, because it sucks to waste time dealing with cyber criminals instead of focusing on business.

  • Email
  • Facebook
  • LinkedIn

CONTACT

CARBONSEC Ltd.
Hacquetova ulica 8
1000 Ljubljana
Slovenia

info@carbonsec.com

QUICK LINKS

  • Join our community.
  • Blog
  • Terms & Conditions
  • Privacy Policy
  • Cookies

SERVICES

  • DDoS test
  • Penetration test
  • Red Teaming
  • ICS Security
  • Cybersecurity Consulting
  • Secure Static Code Review
  • Training

Copyright © 2023 Carbonsec · Created by mod.si

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT