Denial-of-Service testing services
It doesn’t matter whether your organisation faces Denial-of-service (DoS) or Distributed-denial-of-service (DDoS) attacks on your systems – both are malicious, can be devastating and can result in loss of business and damage your reputation.
What is a Denial-of-service DoS attack?
A DoS attack is where a malicious actor – a hacker or hacking organisation – attacks your system by sending so many requests to it that it cannot service the requests from any legitimate user. The simplest DoS attack is probably having a robot endlessly try to login to the system until the login page is so busy sending back ‘login failed’ messages to the malicious actor that nobody else can login.
It’s like when thousands of people hit a booking site to buy tickets to the hottest event in town and the system goes down. In DoS, though those thousands of requests are coming from the one actor or computer and not resulting in any sold tickets.
What is a Distributed-denial-of-service attack?
A DDoS attack is simply a DoS attack where the malicious actor uses many devices at once to attack your system.
In these cases, the actor often uses malware to take control of other computers – sometimes thousands – and turns them into a botnet – a network of robots or bots. These computers aren’t always desktops or laptops. In many cases, insecure internet-of-things devices – like web enabled fridges, cameras, TVs and even mobile phones – can be members of the botnet.
The malicious actor uses the botnet to attack your system.
You would never look at your smart fridge in the same way again, if you knew it had been part of a botnet to launch a DDoS attack!
Protect yourself from DDoS
DoS and DDoS attacks are notoriously easy to launch and difficult to defend against. Businesses operating in the public and private sectors across all industries are vulnerable to these attacks.
All businesses need a cyber resilience program. Sense of Security works hand in hand with your business to develop comprehensive defences, including DDoS testing services
Protect your business against:
- Increasingly sophisticated attack methods with greater capacity for disruption
- Dynamic attacks which recalibrate based on the target’s system response
- Attacks launched from a range of sources around the world
- DDoS attacks being used as diversionary tactics for deployment of other attack methods.
Validate your defences
Depending on your security needs and the types of attacks you need to defend against, your business can use one or more market-ready solutions to resolve denial-of-service vulnerabilities.
Due to the high costs of these market solutions, validating your protection through an independent third-party is essential.
Types of market solutions for DDoS can include
- Telco/ISP bundled services
- Cloud absorption
- Content Delivery Networks (CDN)
- On-premise hardware and hybrid models.
The issue with market solutions is that one size doesn’t fit all, and buying the right mix of solutions is outside the expertise of most businesses. An outside consultant like Sense of Security
First, it is important to understand that DoS testing can be disruptive to an organisation so you need to work with a testing provider that is professional and can scope and schedule testing to minimise disruption.
Second, your testing must be comprehensive and repeatable. There is a full outline of testing in this whitepaper, but in a nutshell, your testing must be:
- Repeatable so that you can repeat individual tests, or the entire suite, to validate changes or as part of your ongoing monitoring
- Comprehensive enough to include full east-west testing so that the interactions of the servers, routers, load balancers and even your ISP – the ecosystem that runs your software – is tested too
- Understand the functions of the components and how they are meant to thwart any DoS attack
- Identify what sort of mitigation should occur when there is a DoS attack
- Be supported by procedures that identify what sort of mitigation should occur, when and who should initiate it
Sense of Security’s state-of-the-art DDoS testing addresses all these elements in a variety of scenarios to ensure thorough coverage of your risks and we can suggest solutions to resolve any weaknesses we uncover.