DDoS attack... for dummies!
The hereunder article highlights a major attack on FinTechs, such as PayPal, and shows how security is a must.
DDoS attack shuts down key FinTech Sites from BankInnovation (21st of October 2016)
But be cautious with "big titles" like in this article It could make you thinking that these FinTechs are weak... Understanding exactly the kind of attack is important. In this case, it was not the FinTechs' infrastructure which had been successfully attacked but the way to access.
Indeed, what is DDoS? DNS Deny of Service... Still unclear? Juste follow me ;o))
DNS is for Domain Name System. All internet sites have an IP address which almost no common user could remember. So with put names on them: the url. And the root of the url is what is called a Domain. Managing Domains names is done by a set of companies known as DNS service providers (the modern internet equivalent to the good old paper phonebook).
What is Deny of Service? It is "just" attacking you through some heavy solicitations. Imagine yourself... 1 person speaks to you: no problem to understand him. A second person speaks to you at the same time: difficult to follow the 1st one but still OK. Now, 10 persons speaks to you at the same time: you do not catch any conversation anymore, even the one you were having with the 1st person. You suffer of a DoS... Over solicitation on your service (understanding a conversation) has just stopped it.
And now... what is a DDoS (DNS Deny of Service)? Imagine you organise a big party at your home and sent your GPS coordinates in the invitation. Every body is on the road to come but suddenly GPS is crashing... No one can find you anymore, you will be alone at your party... Was your home door broken? Or unsafe? Not at all... the weak point is the GPS and the fact that it was the only mean to find you...
Can you do something against a DDoS attack? Of course! In my example, you should have provided also in the invitation your address and even a paper map. If the GPS crashes, people have an alternative to find you. So you will enjoy your party with all your friends!
Coming back to the article, the attacked FinTechs should have at least a second DNS provider. Indeed, it becomes much (much much) more difficult to attack successfully several DNS providers at the same time... This allows then to keep ways to drive your users to your door, even if 1 DNS provider goes down.
As you could see, cyber security is key and... is a wide & complex topic. Have you even thought one day that to secure your birthday party, you have to worry about GPS's liability?
Head of Production House @ ING Belgium | Expert in video strategy and production
8 年Straightforward and very good popularisation of a complex topic Thierry!