Now let's discuss another concept for protecting against DDoS attacks, CD ends. What is a CDN? Let's start off with the definition. A CDN is a content delivery network refers to a geographically distributed group of servers, which work together to provide fast delivery of internet content. So the CDN is originally designed for actually the fast delivery. You know, it's not designed for DDoS primarily, although it's also used for that.

And this is what we are going to cover. The original purpose is fast delivery of internet content. So a CDN allows for the quick transfer of assets needed for loading internet content, including HTML pages, JavaScript files, style sheets, images and videos. And this is like the primary purpose of CDN and the popularity of CDN services continues to grow. And today, the majority of the web is served through CDN, including traffic from major sites like Facebook, Netflix and Amazon. So as you can see, using a CDN is a very common solution.

The world's biggest companies are already using it, like Facebook, Netflix, etc. But even though why CDN was created was not actually for protecting against DDoS attacks, later on, people started to realize this could be a good tool against DDoS as well. And as it is stated below, a properly configured CDN may also help protect websites against some common malicious attacks, such as distributed denial of service attacks. So let me also explain it visually from DDoS perspective. Suppose that your original server is basically here in the United States who have only one server and you start to use a CDN solution. Where the CDN basically copies the content of your website and spreads over the globe through its own servers.

So for example, a user, let's say in Europe here, tries to connect to your server. Instead of trying to connect through this line, he basically connects to the closest ad server. an edge server is basically the server of your CDN provider, which provides your content on behalf of you. So he's just connecting to the ad server of the CDN. He's not connecting to your original server at all. Similarly, imagine a situation like somebody wants to attack you through the DDoS factor and the attacker does it by using devices from all around the world.

In this scenario, these devices of the attacker will not be able to attack you directly like this. And from here and from here and etc. Whenever they We'll try to attack to your server, why a DDoS, they will be actually sending packets to the closest edge server not to yourself. In other words, person here, for example, will send the packets here, the person here will send the packets here, the person here will send the packet to this ad server. So in the end, your server will not be overloaded, because your server will be not even receiving these requests, at least in theory. As you can see, this is a great idea.

However, in reality, there are some challenges. And it's not always that simple to implement the solution. And actually, in the next lecture, we will be talking about those challenges.