Amplified DDoS attacks
Amplification refers to a set of methods to increase the volume of attacks, typically through the abuse of non-suspecting 3rd party servers. A good example of such amplification is DNS amplification, in which queries are made to DNS servers that resolve domain names into IP addresses. When using the UDP protocol, the source IP of queries made to DNS servers is not verified. An attacker can therefore make a short request that yields a much longer response, while providing the IP address of the attacked target instead of the real IP making the request. The DNS server will send a response, which may be 10 or even 50 times longer than the query, to the attack target. Thus attackers can increase vastly the impact of their attacks.
API stands for Application Programming Interface. An API is a software intermediary that allows two or multiple software applications to talk to each other. It also allows extension mechanisms so that users are able to extend current functionality in various ways.
Also See: CDN360
Application acceleration is a network solution focus around maximizing web application’s speed for end users. Application acceleration is used for issues like WAN latency, bandwidth congestion. Applications that require extensive interactive content, this technology allows quick rendering and increase loading speed that could meet user expectation.
Also see: Enterprise Solutions
A Backdoor is a type of malware which bypasses or negates normal authentication procedures for the purpose of accessing a system illicitly. Remote access is thus permitted to system resources, such as databases and file servers, allowing perpetrators to issue system commands and update the malware remotely.
“Big data” is a term to describe data sets that are too large or too complex to be processed or analysed by traditional data-processing application software. Currently, it tends to refer the use of data analytics methods or user behavior analytics that need to extract value from data.
Brute Force Attacks
Brute Force attacks are automated attempts to access restricted resources, such as user accounts, by trying to log in or access the resource again and again with incremental tiny variations of usernames, passwords or other parameters.
Cache is a hardware or software component that stores data thus future requests for that data can be served faster. Caching is at the core of content delivery network (CDN) services. CDN copies website content to proxy servers which are optimized for content distribution.
CDN (Content Delivery Network)
A content delivery network (CDN) refers to geographically distributed large network of proxy servers and data centers. CDN is to provide high availability and good performance by distributing content spatially relative to end users. Companies across different verticals employ CDN to deliver media (such as video, audio and streaming), HTTP content, and download files.
Also see: How Content Delivery Network Works
Most operators find CDN solutions are fundamental for delivering the services and contents to keep pace with the growing demand for streaming media, online gaming. CDN services provide a cost effective solution. Without CDN, it is impossible to satisfy consumers’ need for fast and secured online experience from any device.
For network operators who want to benefit from CDN without managements CDNetworks offers leading solutions for CDN services. For developers who want to take charge of their own CDN and be more flexible with the cost and performance, CDNetworks offers CDN360 with our unique self-serving features.
A Credential Stuffing attack is a variant of Brute Force. In these cases, the attacker already has a list of user names, emails and passwords, typically stolen or leaked from a site or service. This list is used to try and access accounts on a different site or service, leaning on the fact that users tend to re-use passwords on multiple services.
Credit Card Stuffing (Carding)
Similar to Credential Stuffing, in which passwords stolen from one site or service are used on another one, Carding uses stolen credit card information from one site or service to run an automated process to verify each card’s validity by charging small amounts on the checkout page or via the API of a different site.
Cross Site Scripting (XSS)
Data Leakage Protection (DLP)
The term Data Leakage Protection refers, generally, to tools and services that typically monitor outbound data and make sure that it does not contain Sensitive Data Exposure, or a leakage of information into the wrong hands. Such tools typically block the flow of outgoing data or remove the sensitive information from it. A good WAF should contain a module for outbound data inspection.
A Dictionary Attack is a “softer” version of a Brute Force attack in which the access attempts are based on dictionaries of commonly used passwords, such as “1234”, to locate and penetrate accounts or other resources with weak passwords.
Distributed Denial of Service attacks (DDoS)
DDOS attacks are attacks with various methods designed to take a site or an online service down and make it inaccessible to users. One common method is directing a large number of requests simultaneously at the target website so that it becomes overwhelmed and exhausts its resources.
Domain Name System (DNS)
The domain name system (DNS) is a naming convention for computers, services, or any other system or resource on the Internet or in a private network. Essentially, domain names are translated into IP addresses for the purposes of routing traffic and identifying users worldwide.
See also: DNS Security
HTTPS & HTTPS
Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia files, such as HTML. It was designed for communication between web browsers and web servers. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents (e.g. hyperlinks) can be accessed by users easily. Hypertext Transfer Protocol Secure (HTTPS) is an extension of HTTP. It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security.
- HTTP is unsecured while HTTPS is secured.
- HTTP operates at application layer, while HTTPS operates at transport layer and uses TLS/SSL certificate to ensure authentication..
See also: How to distribute and utilize videos
Images and Resolutions
Resolutions refers to the sharpness and clarity of an image. It often used to describe monitors, printers, and bit-mapped graphic images. Websites with plain texts are rarely seen these days. Images can improve engagement, due to higher resolution screens image size has increased. Therefore, website performance is slowed down by high resolution images.
Also see: Web Performance
Infrastructure as a Service (IaaS)
Infrastructure as a service (IaaS) is a form of cloud computing that provides virtualized computing resources over the internet. Traditional IT infrastructure such as server hardware are provided by the cloud and it reduced the requirement for purchasing and maintaining private IT infrastructure. Alongside IaaS, software as a service (SaaS) and platform as a service (PaaS), are the three main categories of cloud computing.
Injections refers to adding (or “injecting”) commands to inputs that a software application or a SaaS expects to receive from users, such as on forms, or APIs, with the intention that these commands will be executed by an underlying component or service, gaining control over that component, extracting data from it, or other malicious acts.
this obviates the need for “etc.” because it indicates that the following are examples.
Load balancing refers to the process of distributing requests and tasks over a set of servers, which aims to make the overall processing more efficient. As a result, avoiding a single server becomes overwhelmed by web traffic.
Man in the Browser (MitB)
Man in the Browser attacks are almost identical to MitM attacks, but instead of being located somewhere on the network between the two parties, the attacker penetrates the browser of one party, typically by using a malicious browser extension or an app installed on that user’s device. This access to the user’s browser allows the 3rd party to eavesdrop or modify data exchanged between the user and a website.
Man in the Middle (MitM)
In a Man in the Middle attack, a hacker intercepts the traffic between two communicating parties. In some cases, such an infiltrator would need to pass the messages between the parties and thus to pretend to be the first party when communicating a message to the second one and vice versa. Such an interception can be used either to eavesdrop and/or to modify the data sent between the parties. Generally, a combination of encryption (such as TLS/SSL) and certificates are used to prevent this.
Media streaming is video and audio content over the Internet being constantly received and presented to viewers. Media files are normally managed by media companies.
See also: Media Delivery
OWASP Top 10
OWASP stands for the Open Web Application Security Project. It is a global non-profit foundation of security specialists and other volunteers, famous for publishing a list of the highest security risks for web applications, known as “OWASP Top 10”.
Protocol DDoS Attacks
These attacks target weaknesses in protocols such as TCP/IP (network layer attacks) and HTTP (application layer attacks) or their implementations. Typically, these attacks exploit scenarios in which a server gets a packet or a request from a computer and will expect further communication. The server allocates memory and resources to maintain the session state and the communication channel, which is abused by intentionally slowing down or halting communication and draining such resources.
Web Scraping is an automated process designed to extract public data from websites by making multiple requests to different web pages or resources. Scraping can be categorized as an exploitation of computer resources and of business data, but is not an “attack” per se, since typically the scraped data is exposed to users and not restricted.
Software Defined WAN (SD-WAN) is the next generation of WANs: It offers a completely new way of managing and operating your WAN infrastructure. This managed, secure, SD-WAN connectivity solution delivers seamless connections and optimised user experience without sacrificing security.
SD-WAN addresses to many IT challenges. This approach to network connectivity can lower operational costs significantly and improve resource usage for mult-isite deployment. Bandwidth can be used more efficiently by network administrators and it can help ensure high levels of performance for critical applications without compromising security or data privacy.
Also see: What SD-WAN means for your Business
Sensitive Data Exposure (Data Leakage)
A sensitive data leakage refers to a security breach incident category, rather than a specific type of vulnerability or attack. Such an incident takes place whenever a site or a service is exploited already and sends sensitive data into the wrong hands. The data typically includes personal identifying information, credit card numbers, financial information or other private data.
SQL Injection (SQLi)
SQL Injection is a common type of Injection, in which the attacker sends SQL commands to a software application or site interface to target a Database Server that may be serving the software or service being hacked.
Video Streaming is the transmission of video files from a server to a viewer continuously. Therefore, online video is transferred in real time as is consumed. Streaming is opposite to downloading. Streaming happens in real-time. If a video file is downloaded, viewer needs to safe a copy of that entire file on the device and video cannot play until downloading finishes. Whereas, if a video file is streamed, it is played without actually copying any files.
See also: Media Acceleration Live Broadcast
VOD refers to Video On Demand. VOD is a media distribution system that allows viewers to access videos without traditional video entertainment device or static broadcasting schedule. Videos can be downloaded to devices for continued viewing, or can be streamed.
Also see: Media Acceleration
Virtual machine (VM) is software and emulates a computer system. VM is based on computer architectures and provides computer or server functions. Its implementation involves specialized hardware, software, or a combination.
Virtual Private Server (VPS)
A virtual private server (VPS) is a virtual machine that used as a server such as providing processing power to client machines. VDS (virtual dedicated server) also means the same.
Volumetric DDoS Attacks
These attacks, measured either in Gigabits (or even Terrabits) of inbound traffic per second in the network layer or HTTP/s requests per second in the application layer, typically use distributed resources, such as hijacked computing devices and botnets,. to generate more traffic then the targeted system can absorb. Network layer attacks (L3/L4) typically target the network capacity with a flood of “meaningless” network packets while Application layer attacks (L7) target server resources such as memory or Input/Output capacities through a flood of requests that will be executed and responded by the attacked servers, until systems resources are exhausted.