Measures to counter cyber attacks can be divided into three groups:
By Type,
By Level,
By Connection Format
By Type
On-premise solutions are deployed on the client’s hardware, provide minimal delays, are flexibly integrated into existing IT infrastructure, and allow you to customize protection deeply for a specific case. But, a dedicated team of specialists and significant resources are needed to support such a solution.
You can achieve the same burst protection functionality as on-premises solutions by deploying DDoS mitigation measures in the cloud. But in this case, AntiDDoS resources are divided among all cloud users. Along with packaged protection, cloud service providers often allow you to connect website protection against bot attacks and offer technical support and support directly during the DDoS attack. Cloud solutions are cheaper, but Latency is higher.
Hybrid options combine the advantages of on-premise and cloud solutions, allowing you to get reliable protection at a relatively low cost.
By Level Of Protection
The main array of DDoS attacks is aimed at the network and transport layers (L3–L4 on OSI) and the application layer (L7 on OSI). Along with them, “intelligent” attacks that go beyond “templates” are also becoming popular.
Therefore, DDoS protection should be divided into three groups according to the attack level.
Protection L3 and L4. The primary protection method is packet flood filtering at the transport and network levels.
Protection L3–L7. Here, the main goal of all measures and tools is to protect against packet flooding and flooding at the application level.
Protection against flooding at the L3–L7 level and “intelligent” DDoS attacks. It is used to secure parts of applications that are the most resource-intensive during request processing. This type of protection requires the use of a firewall.
By Connection Format
Depending on the connection format, DDoS protection can be asymmetric or symmetric.
The filter passes the Symmetric protection algorithms for incoming and outgoing traffic. Asymmetric algorithms work differently – configured only for incoming traffic and do not consider outgoing flows.
Thus, symmetric algorithms are more efficient: they see all traffic and have more information to identify threats or dangerous patterns. However, due to the complexity of setting up, symmetric algorithms are best used for web resources and critical software, and asymmetric ones when you need to protect provider networks. However, redirecting outgoing traffic through a DDoS filter is complex, irrational, or impossible.
What To Do To Protect Yourself
Reduce the amount of publicly available information. The less information an attacker has at the input, the more difficult it is to understand the architecture and interaction protocols, find vulnerabilities, correctly identify the targets of attacks, and assess the damage from them. This often results in the attacker being forced to launch many small DDoS attacks instead of one massive one, reducing potential damage and making suspicious activity easier to identify.
Provide your security provider with as much information as possible. It doesn’t matter who provides DDoS protection, an internal security service or a cloud provider, and he must know the architecture of the resources, the rules of interaction between them, the services used, protocols, and other information. This will allow you to build adaptive protection customized for a specific IT landscape with all its nuances and operating scenarios.
Build a safety margin into your IT infrastructure. Reserve capacity and performance reserves must be available, which will be enough for stable operation even with a slight peak in load or traffic. Moreover, it is essential to understand that a “compensatory margin” is required since even the most effective AntiDDoS measures cannot always filter out 100% of illegitimate traffic. Even if a powerful attack is repelled, the load on services will increase slightly, and without a reserve, this will be critical.
Identify interdependencies between components and potential points of failure. Often, the point of failure is bottlenecks in the interaction between system components. Emergency operation scenarios must be provided for them. For example, suppose a site runs with a mobile application requesting data. In that case, it is essential that the application can at least partially continue to function if the site becomes unavailable due to a DDoS attack.
Are Clouds Safe?
Regarding protection against DDoS attacks, migration to the cloud is an opportunity to rise above the problems partially. First, this is due to the specifics of the interaction between the cloud provider and the client, in which the service provider is responsible for ensuring the security of physical infrastructure and networks, the outer loop of service protection, and other measures. Moreover, when working in the cloud, the provider blocks suspicious requests, redistributes the load, connects backup channels, allocates additional resources, and more.
In addition, auxiliary protection tools can be deployed in the cloud.
Load balancer. The tool allows you to distribute incoming traffic between servers, which ensures scalability and fault tolerance of applications running on selected virtual machines. The load on each instance is reduced, and a single point of failure is eliminated.
CDN. Thanks to the use of content delivery networks, data is transmitted in a distributed manner, reducing the server’s load and reducing Latency. That is, the server can more gently cope with the increase in outgoing requests caused by a DDoS attack.
Comprehensive AntiDDoS services. Cloud providers offer comprehensive protection services that use multiple security technologies and allow you to resist DDoS attacks at different levels.
For example: StormWall, the provider, offers a separate AntiDDoS service for DDoS protection and AntiDDoS in conjunction with WAF. The tool protects projects in the cloud from the entire range of attacks – from the network to the application level. At the same time, the service can repel attacks with a capacity of up to 3500 Gbit/s, works through StormWall cleaning centers, and uses filtering points from different regions, thanks to which it can identify and block attacks directly near their source.
WAF (Web Application Firewall). The tool can filter network traffic, protect applications from attacks and intrusions, scan components for possible vulnerabilities, and monitor network requests via HTTP or HTTPS protocols.
Also Read: Antivirus Information Protection
