DDoS attack

What is a DDoS attack?

DDoS stands for Distributed Denial of Service (DDoS) attack, and it’s when someone will try to make a website or service unavailable. To perform a DDoS attack, you need many compromised machines. Such machines are called botnets.


Those machines at a given time will try to overflow the website with traffic using different techniques. A successful DDoS is when the site is unavailable or slows down the loading time for the users that try to reach them.


Today hackers perform DDOS attacks with anything connected to the internet that is capable of receiving and sending information (packages) trough it.

How to protect

There is not much we can do to prevent DDoS attacks if we are users of services under attack.
The responsibility of protecting the webpage or service is on the service provider.

Brute-force attack

A Brute-force attack is when the attacker will try a set of combinations to try to get into an account.

An attacker will use known passwords, dictionaries, numbers, a combination of letters and words, to crack the password.

The stronger the attacker has computer power, the more combinations it can execute on a given time.

Some companies to avoid such attacks will make the login rest for a couple of seconds, or even minutes in case a wrong password is inputted.

There are many programs to brute force passwords, and they are relatively simple to use.

How to protect

The owner and responsible for services that we use online (like Facebook, Google, etc.) are responsible for protecting us.

Still, there are things that we can do to protect our accounts better.

Unique passwords

It is creating one password that is specific for each account, again much better if handled by the password manager.

Complex/Strong passwords

A password hard to crack, best if managed by the password manager

Password Manager

It is the best security measure for your passwords. Takes away the complexity of managing the all and will create unique and robust passwords automatically for any given account.

2FA

Two-factor authentication (2FA) is an additional layer of protection beyond your password. It significantly decreases the risk of a hacker accessing your online accounts by combining your password (something you know) with a second factor, like your mobile phone (something you have).

Backdoor attack

Backdoors are like secret entrances to programs that allow the creators or the people that know about the backdoor to bypass any security and encryption.

Such gateways make data, that should be available only to its users, accessible to anyone that knows about that secret entrance.

The difference between a backdoor and a zero-day is that backdoors are made with a will to bypass security. Zero-days are mistakes in the software that leads to security being circumvented.

To create a backdoor, you need a high level of sophistication. Not only you need to hide it in the software, but you also need to make it available for the people that know about its existence.

It’s also probable that in your lifespan you have been using at least one software or hardware with backdoors. The only difference is that you might not have been the target of an attack via that open door.

2FA

2FA is a second layer to secure your account. It can be a code generated from a security app, and SMS you receive, or specific hardware that you need to use to verify that it is you who wants to enter the account.


Unfortunately, today the right password is not a guarantee that your account is safe from unauthorised logins.


That’s why 2FA plays a vital role in hardening your account security.
Websites refer to this security feature in several different ways: two-factor authentication (or 2FA), two-step verification (or 2-Step), multi-factor authentication, and two-step authentication.