Leveraging multi-layered security capabilities integrated into our global web content delivery network, Akamai helps businesses and government organizations safeguard their websites and web-based applications. One way that Akamai's cloud-based cyber security platform protects our clients is by detecting and thwarting one of the most common types of internet threat: the denial of service attack.
What Is a Denial of Service Attack?
A denial of service attack (also known as a DoS attack) is a malicious attempt to make a website or web application unavailable to legitimate users by purposely overwhelming the site's supporting infrastructure with an enormous volume of bogus traffic, to the point that the site is able to process additional requests only very slowly or not at all. A denial of service attack can target either the network layer of the internet protocol stack (such as with a TCP/IP ‘SYN' request flood) or the application layer (such as with a DNS request flood or an HTTP request flood).
How Have Denial of Service Attack Methods Changed?
The denial of service attack is one of the oldest forms of aggression against websites, but DoS methods have evolved in important ways:
- The ability of attackers to create and deploy large armies of automated "bots"—spread across dozens, hundreds, or even thousands of computers, often unbeknownst to computer owners—has resulted in distributed denial of service (DDoS) attacks of far greater scale than was possible with the DoS attacks of the past.
- DoS perpetrators have increasingly shifted their focus higher up the internet protocol stack, to the application layer where a denial of service attack is harder to detect.
- The denial of service attack is increasingly used not just as an end in itself but as an attention-diverting decoy, while other simultaneous attacks seek to find and exploit holes in a web application's data protection mechanisms. (For more on the latter type of attack, see our short SQL injection tutorial.)
How Can Akamai Help Your Organization Defeat Denial of Service Attacks?
Akamai's cloud-based web security solution thwarts denial of service attacks through a combination of defense mechanisms deployed in concert across Akamai's global network of edge content delivery servers. These include:
- Network layer defenses like automatically dropping all non-application traffic, such as SYN packets, ICMP packets, or UDP packets without application payloads, at the edge server.
- Application layer defenses such as static and dynamic caching at the edges of the internet, adaptive HTTP request throttling, and blocking or redirecting requests based on criteria like source IP address, originating geographic location, or URI query string patterns.
- Absorption through massive network scale. The Akamai content distribution network spans more than 175,000 servers worldwide and routinely delivers an average of 5 Tbps of internet traffic. When you partner with Akamai, even a large, botnet-driven denial of service attack against your site is absorbed by our mass-scale, forward-positioned content delivery network, before it ever reaches your data center.
Akamai's web security cloud not only detects and mitigates denial of service attacks, it also features a built-in distributed web application firewall to thwart other types of cyber attacks such as SQL injection and cross-site scripting (XSS). And for merchants looking to reduce the burden of PCI DSS compliance requirements, the Akamai cloud also supports an edge tokenization service that shortens and simplifies your PCI compliance checklist by keeping sensitive card data from ever entering your origin infrastructure.
Learn more about why many of the world's leading brands trust Akamai to protect them against denial of service attacks and other cyber threats.