How secure is your Recruitment website? DDoS Attacks
Posted By: Thomas Shaw, 11:58am Tuesday 17 November 2009
As reported in the news yesterday, Australian hosted recruitment software provider, RecruitAdvantage faced a denial of service (DDoS) attack on their online software. The SaaS product (TurboRecruit) was subsequently slowed down and taken offline.
Unfortunately, customers around the country were unable to create, edit or post job advertisements, or work on the candidate records. Jobseekers were unable to apply for any vacancies whose job postings lead to the online recruitment software.
The goal of any DoS (Denial of Service) attack is to cripple a web site, either temporarily or permanently, so that the web site can no longer respond to legitimate connection requests. DoS attacks are much easier to accomplish than remotely gaining administrative access to a target system.
A DDoS (Distributed Denial of Service) attack occurs when multiple systems overwhelm the bandwidth of a particular target simultaneously. The computers behind such an attack are often distributed around the world and will be part of what is known as a botnet.
The main difference between a DDoS attack versus a DoS attack, is that the target server will be overload by hundreds or thousands of requests compared to just one attacker in the case of a DoS attack. Therefore it is much, much harder for a server to withstand a DDoS attack as opposed to the simpler DoS incursion.
Symantec have produced a video which explains the process in easy to understand language.