Check the exposure to denial-of-service attack vectors with a DDoS test.
A DDoS attack is typically carried out by routing bulk traffic to a service in order to saturate bandwidth. Data is sent from multiple devices around the globe. The difference between DoS and DDoS attacks is in the dispersion of servers. While DoS attacks are carried out from a single server and might be less “dangerous”, DDoS attacks route a stream of data or requests from many servers to a single device. As a result, saturation and service failure occurs more quickly.
The goal of a DDoS attack is to crash online services and disrupt the business. Hackers use a variety of methods to achieve this goal:
- volumetric attacks saturating the entire bandwidth to a single organisation or service,
- application-level attacks where requests are sent to a single application; and
- protocol-level attacks where the target is overloaded with requests and replies which remain unanswered.
Volumetric attacks are the most difficult to contain, as in extreme cases targets are flooded from multiple devices with seemingly legitimate packet data units. Regardless of the form of attack, a successful DDoS attack can have severe financial and operational consequences, often affecting ordinary users.
Therefore, connectivity providers often offer their customers DDoS protection which includes filtering and scrubbing traffic and redirecting suspicious traffic to larger, regional filtering (or scrubbing) centres. If properly installed and managed, such a service can effectively protect users from DDoS attacks.
How do we do a DDoS test?
When conducting DDoS tests, testers should act as if the attack was carried out by real hackers but under controlled circumstances. The pre-test stage of the project includes coordination with the client and a thorough analysis of all parameters and risk factors.
DDoS tests are typically carried out at night. Why? With a DDoS test, we want to check if flooding can disable a service; however, we don’t want to harm our client’s business. Therefore, we run the test when the network is the least burdened, and the chances that users will be affected by the test are low. For the same reason, the traffic is being increased under controlled circumstances, and we do not exceed the agreed bandwidth.
A DDoS test can effectively check not only the resilience of the network but also the efficiency of the implemented DDoS protection. Unless an actual attack on the system occurs, the effectiveness of the protection is only a theoretical assumption. To achieve the best long-term results and improve the settings for filtering malicious traffic, we recommend that the service provider participates in all or some phases of DDoS testing.
Key steps of a user-oriented DDoS test:
- define the scope of testing (number of devices),
- set the test date,
- define the types of planned DDoS tests,
- test with dedicated tools,
- present the report and discuss recommendations to address security deficiencies,
- discuss the optimisation of security settings for traffic filtering (scrubbing),
- run a DDoS validation test to verify that the system is working properly after implementing the improvements.
Our service includes the same set of tests that hackers use in actual attacks:
- Volumetric DDoS attack
This attack aims to saturate a significant part of the agreed bandwidth. In such attacks, the burden is evenly distributed among dispersed DOS resources (e.g. IoT). The test also verifies the adequacy of the filtering settings if implemented by your connectivity service provider.
- DDoS attack at application or protocol level
These tests aim to exhaust the core of the available resources of a service, device or system. We want to test the resilience to DDoS attacks that exploit weaknesses in protocols or applications in tested systems.
How do you benefit from a DDoS test?
The most important information you get from a DDoS test is an accurate indication of whether your system is resistant to a DDoS attack or not. Without the test, you can only make predictions based on assumptions about the network architecture and the implemented security mechanisms to prevent denial of service.
Furthermore, the DDoS test answers the following questions:
- Is your DDoS protection working properly?
- Are your servers, web servers and applications resilient to the increased number of requests?
- How responsive are your servers and applications to increased traffic?
- What scenarios can an attacker use to achieve a service failure?