Right RDO, the DDoS overload the server with a huge amount of small files. More files it can send, more your server will be slow. And when you see there are around the world thousands of computer or servers, with VNC installed and without a password to access, you understand why DDoS is so easy. Get zombie is not a "hacker" skill.
the best way is of course not the free way however the free ways are very effective for small websites.
I highly suggest cloudflare as a free DDOS protection service.
Also it is recommended that you purchase hosting with a company whom has DDOS protection and good firewalls in place.
There are many paid services which offer Strong DDOS protection however you would not need those unless you have a very popular website or game server.
Defeating a DDoS attack is not an easy task. It requires experience in technology and understanding the concept. Most ddos protection providers have software and hardware firewalls working in conjunction to stop these attacks from reaching your server.
Attack speed (10gbps attack etc) may not matter if you website have other security flaws. There are various types of ddos attack like some effect on application layer while some effect on network.
For starters, try cloudflare service as it is easier to setup and maintain. Keep in mind not every provider can block every type of attack.
Highly recommended services after cloudflare would be incapsula, black lotus, imperva, bitninja, blockdos etc.
hardware firewalls are best and effective against DDOS, I am not that much supportive to the services of cloudflare, but it will work greatly for mid rage traffic. I heard some issues regarding Cloudflare on our page rank. Hope this one helps here.
Prevention is better than cure, I refer you to go through this article regarding DDOS from NCI
You can easily implement some simple steps like limiting router to prevent the web server from being overloaded and adding custom packet filters.
To make sure that company operations aren't affected in the event of DDOS attack try to avoid sharing the same server for hosting website and Company data.
You can implement different methods depending upon your priority of business through online.
If you are having an online payment system which is critical to your business , I recommend you should go with a premium protection service. We can easily implement an early DDOS detection system by motoring our traffic and comparing it with previous logs like. A sudden spike in traffic is one of the major signs of DDOS.
There is no universal DDOS protection on market. There are so many types of DDOS attacks. There are hw elements which can filter DDOS (I think that OVH has got some of them) and also there are SW filters, which I find out not too usefull (why? The best way to filter DDOS is to do it manually - by hosting provider or your network admin. If you do it manully you'll find a unique pattern of DDOS which most of DDOS are unique). Even though I would recommend you to set up some (eg. CSF).
For small Attacks, Cloudflare will do the job but if the attack is large and huge, then Hardware firewall will be the only hope and that too the capacity depends regarding how much large attack it can hold and that you need to clarify with your own datacenter as it can be different for each data center.
Cloudflare is a good one and I will suggest the same for small attacks