Month: August 2021

​DDoS-protected DNS service: Why do you need it?

If you are checking what DDoS-protected DNS service is, you probably already suffered from a DDoS attack. Now, they are more common than ever and damage online businesses. They might stop your server when you needed it the most and cause severe losses. It is clear that you need a way to stay safe and keep your online business running. You need DDoS protected DNS service! 

​What is DDoS protected DNS service?

DDoS protection or DDoS mitigation service refers to an additional DNS service that combines different tools and techniques to check traffic and stop DDoS attacks. The DDoS attacks are strong waves of traffic organized by cybercriminals that try to unstable your servers and make them incapable of responding to normal clients’ requests. 

What one protected DNS service should do is: 

  • Analyze the traffic deeply. Understand the normal patterns of the traffic and use them for comparison. 
  • Separate traffic. Understand what is human traffic and what is machine traffic. 
  • Filter. Filter the incoming traffic based on whitelisting or blacklisting and other parameters. The protection can distinguish and stop bad traffic.  
  • Monitor. Monitor the whole DNS traffic. If the system spots a strange pattern, it could activate different behavior and take actions to stop a potential DDoS attack. So, understanding the traffic is vital. 
  • Distribute the traffic. In some cases, just the load balancing could be enough to distribute the malicious traffic between the DNS server and resist the attack. 
  • Activate Failovers if needed. If one or more servers go down, it could notify you about the event and redirect the traffic to the rest of the DNS servers. Automatically, without the need of a human operator. 

​Why do you need DDoS protected DNS service?

  • Less downtime. If you have DDoS protection, your servers will resist a lot more to DDoS attacks and experience significantly less downtime. Your visitors will still be able to access your application or website. 
  • Good performance, even under attack. The distribution of traffic that a DNS service provider can offer you should be enough to manage the traffic well. So well, in fact, that your application or website will still be available and without a significant penalty in productivity. 
  • It will be more beneficial. Yes, downtime costs and it costs a lot. How much does a minute of it cost for you? What about an hour or a whole day? Compare this number to around 100 dollars per month, and you will see that DDoS-protected DNS service is really worth it. 
  • It is easy to manage. Don’t get me wrong, if you are not familiar with DNS, it might be a bit hard, but if you are, it will be very simple. Set it up once, and the monitors and failover mechanism could run almost 100% by themselves. Only if the attack is really strong, you, your IT team, and the customer service of the DNS provider will need to fight the DDoS attack together. 

​Conclusion

DDoS-protected DNS services are getting so common as the SSL/TLS certificates for the websites. They are not a must, but pretty much everybody who has a large e-commerce site or an important application gets it. Better protect that suffer downtime and wait many long hours until your domain gets accessible again. 

Leave a Comment

Introduction to Anycast DNS

Anycast DNS explained.

Through Anycast DNS, several servers that are located in different geographical points can provide the same IP address. The DNS data for your domain name is duplicated on more than one server. You are able to choose a specific number of servers, depending on your needs. That way, your overall presence is going to be better.

When you are using Anycast, the most nearby server is going to answer the request of the user. In case one of your servers is offline due to maintenance or down for some reason, your website is still going to be reachable. The request will move to the second closest and available DNS server to resolve. As a result, the user’s request is going to be answered faster. Also, the overall experience is going to be improved in terms of loading time, waiting for a response, and so on.

How does it work?

Anycast network routing can route incoming requests over various data centers. The requests arrive in a singular IP address associated with the Anycast network. So, the network spreads the data based on a priority method. Choosing a particular data center will typically be adjusted based on reducing latency and selecting the data center closer to the requester. 

Advantages

  • Better uptime. It is possible for a server to fail, but the chance of a group of servers to fail at the same time is very low. So, your website is going to have better uptime, and your users could access it at any time.
  • Faster response time. The waiting time is way shorter when your servers’ responses are fast. Less potential clients are going to abandon your website.
  • Improved security. You can rely on other servers in case one of them gets compromised.
  • Rank on search engines. User experience includes waiting for a response, loading time, etc. Search engines don’t miss to rank better or worse your site based on these factors.

Anycast vs. Unicast DNS Routing

  • In Unicast DNS routing, the DNS resolver, an element on the DNS server accountable for discovering the authoritative DNS record for the demanded hostname, can get a list of many DNS name servers. It searches on the first one on the list. Then waits till it replies or there is a timeout, and then it is able to try the next on the list. This can cause high latency.
  • In Anycast DNS routing, resolvers are configured with only one anycast address for each group of name servers. That way, the latency is eliminated. The timeout delays with a non-responsive nameserver do not happen. Anycast routing automatically excludes unreachable points of presence (PoP). The DNS resolver is always routed to the closest and well-performing DNS server.

Why use Anycast DNS?

In case you have a website, service, or app, you probably want reliability and speed in each location. Nobody wants angry customers. With Anycast DNS, you achieve excellent performance at various places and handle the traffic effectively. The better network performance leads to more satisfied clients and then probably to more sales.

Leave a Comment

What is cPanel?

cPanel is a software specially designed to supply a graphical interface for managing easily the daily tasks involved with hosting a website. 

Additionally, it provides you text interface (command line), automation tools to make administrative tasks easier, and API (application programming interface) based access. This last means a software interface that connects computers and different software. It helps you to manage the different programs you need to install for running your website.

cPanel functions.

Through cPanel, users can create databases, install content management systems (CMS) like WordPress, monitor available storage space and bandwidth, manage e-mails for the domain, the DNS, and so much more.

When you access your cPanel, you will see a complete menu with different choices (e-mail, files, SEO and Marketing tools, databases, domains, metrics, security, software, advanced preferences, applications, apps installer, etc.). You just have to click the icons of the functions you look for and adjust their settings as you please.

Examples: 

  • Domains. In this section, you can set up additional domains, park them, create subdomains, etc.
  • E-mail. You can create, modify or delete e-mail accounts. You can also modify passwords, MX records, etc. 
  • Files. You can access and change files you saved in your account, backup, create FTP accounts, check available storage space on your disk, restore files deleted by accident, etc.
  • Metrics. Here you find different statistics to know your audience and enhance your website by offering it interesting content and a better experience.

Advantages of having cPanel.

  • With the cPanel, you can manage your web hosting without programming, coding, and different computing languages knowledge. For example, to create multiple subdomains through cPanel is only a matter of clicking and filling some fields. Without cPanel, you would have to edit the Apache configuration.
  • cPanel executes different tasks automatically. For example, you can add a program for scheduling. Define a date or the frequency, and it will do it for you. From scanning the server for failure detection, backing up files, updating of software, etc. Due to this automation of key tasks, vulnerabilities can be reduced.
  • To navigate around all these management categories and tools is simpler. cPanel concentrates everything in a clear and organized menu. 
  • cPanel’s compatibility ensures you can customize yours through third-party applications. 
  • It runs on the most popular browsers for you to access easily.
  • cPanel includes features to strengthen security. Keeping users’ data secure, adding passwords to directories, two-factor authentication, blocking suspicious IP addresses, etc.

Is it paid or free software?

cPanel software costs. But generally, the cost is paid directly by web hosting service providers. Users looking for this service sometimes think it’s free because they see it included already in the plans that hosting providers offer. But the cost for website owners is already included in the plan they pay.

The cPanel offers different plans and costs. They suit all kinds of needs. From freelancers, a small business requiring only one hosting account, to application developers, data centers, and large hosting providers. Prices go from $15 to $48.50 monthly. 

Conclusion.

The benefits of cPanel are clear, but still, its cost can be seen as a disadvantage by some users. Especially considering there are other control panel alternatives, even free ones. In any case, you can try cPanel for 15 days free of charge and decide for yourself!

Leave a Comment

What is TLS (Transport Layer Security)?

You often read about SSL certificates and how important they are for your site, but do you know that they are already a history? They were replaced with TLS a long time ago. So, should you use TLS encryption for your site? Let’s see.

​What is TLS?

TLS stands for Transport Layer Security, and it is one of the most popular security protocols that serves to encrypt data, authenticate it and guarantee its integrity.

The main purpose of TLS is to secure the two-way communication between a client from one side and a server on the other.

TLS is the protocol that completely replaced the SSL (Security Socket Layer) protocol. It’s been a long time since the SSL protocol was safe enough, but people are still searching for it, so you will hear it for some years more.

Hosting companies offer “SSL certificates”, and actually, they are offering TLS certificates.

The SSL was deprecated in 2015 and replaced with its natural progression called TLS. The newer one, 1.3, has better encryption, is faster, and fixes multiple vulnerabilities. It started originally as the SSL 3.1, but the name was changed on purpose, so it was clear that it was not related to the previous developer Netscape. 

​What does TLS do?

The TLS does three things – EncryptionAuthentication, and the third is Integrity.

  • Encryption. It uses a combination of two keys – private for signing and public for decryption. The goal is to have all the communication encrypted so nobody except the right entity can read it.
  • Authentication. It also checks the two sides of the communication and authenticates that they are truly those who should be communicating. It lowers the risk of a man-in-the-middle attack, pretending to be another and stealing the information or redirecting the traffic.
  • Integrity. The TLS also serves to prove that nobody modified the data from the communication on the way. Modify data could be very dangerous.

​How does TLS work?

Let’s make a breakdown of the Transport Layer Security process:

  1. The client sends a “Hello” message, defining which protocol and its version will be used for the communication (TLS 1.0, 1.1, 1.3)
  2. A Server sends a “ServerHallo” message, agreeing on the encryption method. It sends the cryptographic algorithm agreement, the ID of the session, the digital certificate of the server, and its public key.
  3. A check of the server for authenticity. The client will contact the certificate authority to verify the server. At this point, the client will check if the server is really who it says it is.
  4. Now it is time for the client key exchange. It will send a shared secret key that was previously encrypted with the server’s public key.
  5. Then the client confirms firth “finished” message, which was signed with the secret key.
  6. The server also needs to finish with another message. 
  7. Now the two sides, client and server, can have a symmetrically encrypted communication with the shared secret key. 

​When do we use Transport Layer Security?

We use TLS with the TLS handshake in communication like:

  • VoIP telephony for calls over the Internet.
  • Email communication for securing the message.
  • Messaging like Messenger, Whatsapp, Viber, etc. Also, other chat applications.
  • Safe communication on a website, especially e-commerce sites where personal data and bank data are at risk.
  • Secure access to a remote host.

​Conclusion

TLS is an encryption method that we can use to secure our communication. It is easy to use and works better than the previous SSL protocol. 

Leave a Comment