25 March 2019

Today’s blog post explains the term ‘DDoS’, and looks at the importance of protecting your online business and keeping your .au domain secure.

‘DDoS’ stands for “Distributed Denial of Service” and is commonly placed in front of the word ‘attack’, which can understandably cause a certain level of alarm.

What does a DDoS attack involve?

Imagine this. You are the owner of a coffee shop and one day there is a line of people out the door - but no one in the line actually has any intention of buying coffee. They are blocking the people on the street who do want to buy coffee, so are effectively denying them service, and you revenue.

Higher levels of disruption are likely to occur when the attack is online.

As explained by the Australian Cyber Security Centre (ACSC), these types of attacks ‘are designed to disrupt or degrade online services such as website, email and DNS services.’

During a DDoS attack, a website or other type of online service is overloaded with traffic and access is temporarily restricted or shut down. This traffic is usually coming from a (distributed) network of remotely managed servers controlled by a Botnet. While websites can handle normal amounts of traffic, botnets flood sites with so many requests that the site’s servers are bogged down and sometimes fail altogether causing a “denial of service”.

Many of you will remember the instance of the 2016 Australian Census, where on Census night,  a significant number of households were unable to access the service online, which was being offered for the first time. This event created a fair amount of mayhem and is believed to have been caused by a DDoS attack carried out by foreign hackers.

Faith was restored when the service was again made available one day after the attack. The Australian Bureau of Statistics made assurances, including a notice on their website which explained that no private information was accessed or extracted during the attack.

How does DDoS protection work?

Many .au registrars and internet security providers offer DDoS protection as a security service. For example, Micron21 provide a summary of the risks to businesses which include website downtime and brand damage. They explain that their DDoS mitigation services check the traffic that is coming in and filter out ‘attack’ traffic before it has an impact on site performance.

While the .au domain namespace is regularly scanned for threats, DDoS protection is definitely something you need to remain aware of, especially if online services are a key part of your business.

For further information on preparing for and responding to a DDoS attack visit the Australian Cyber Security’s latest ACSC Protect information paper.

Have a question, some feedback or an idea for a future blog topic? Email us at blog@afilias.com.au