DDoS attacks are one of the most common network attacks. DDoS protection often leads to exhaustion for server operation and maintenance personnel, because once a server is attacked by DDoS, it will directly cause online business interruption, which is a fatal blow to Internet companies.
Generally speaking, DDoS attacks can be isolated according to the level of the Open Systems Interconnection (OSI) model of their attacks. Attacks most often occur at the infrastructure and application layers. Different DDOS protection strategies must be adopted for different attacks, which is more effective. First of all, let's take a look at what are infrastructure layer attacks and application layer attacks?
Infrastructure layer attacks are the most common type of DDoS attack, which refers to attacks at the network layer and transport layer, including synchronization (SYN) flooding attacks and other reflection attacks. These attacks are usually large in number, clearly marked and easy to detect, and are designed to overload the capacity of the network or application server.
Application layer attacks are often more complicated than infrastructure layer attacks, and refer to attacks at the presentation layer and application layer. These attacks are mainly targeted at specific expensive parts of the application, and the number will not be large, making the application unable to be used by real users. For example, a large number of HTTP requests for login pages, expensive search APIs, and even Wordpress XML-RPC floods (also known as Wordpress pingback attacks).
To protect against ddos attacks, you must first know the detection attack, which is to understand what is normal and abnormal traffic. You need to understand the characteristics of the good traffic that the target usually receives, and be able to compare each packet with the baseline. The baseline refers to the maximum traffic that a host can handle without affecting availability, also known as rate limiting. More advanced protection techniques can go one step further, and can only intelligently accept legitimate communications by analyzing a single data packet itself.
Good DDoS protection technology can be carried out from the following three aspects:
1. Deploy firewalls for complex application attacks
The best way to defend against attacks that exploit vulnerabilities in the application itself is to use a web application firewall, such as SQL injection or cross-site request forgery. In addition, due to the uniqueness of these attacks, it is easy to create custom mitigation measures for illegal requests, which may have characteristics such as masquerading as good traffic or coming from bad IP, unexpected geographic locations. Sometimes, it also helps to mitigate attacks because they may gain empirical support to study traffic patterns and create custom protections.
2. Expand bandwidth and server capacity
The two main considerations for mitigating large-volume DDoS attacks are bandwidth (or transmission) capacity and server capacity to absorb and mitigate attacks.
Since the ultimate goal of DDoS attacks is to affect the availability of your resources/applications, when building applications, you need to provide sufficient redundant Internet connections to ensure that they can handle a large amount of traffic, and place them close to end users and large Internet exchanges , So that your users can easily access your application even under heavy traffic. In addition, Web applications can further utilize content delivery networks (CDN) and intelligent DNS resolution services to provide content and resolve DNS queries from locations that are usually close to end users.
Most DDoS attacks are capacity attacks and take up a lot of resources; therefore, to achieve the purpose of DDoS protection, the most important thing is to quickly scale up or down computing resources. It can run on larger computing resources, or through resources that have more extensive network interfaces that support larger capacity or enhanced network functions. In addition, it is also common to use a load balancer to continuously monitor and transfer the load between resources to prevent any one resource from being overloaded.
Third, reduce the attack surface area
Another technique for mitigating DDoS attacks is to minimize the surface area that may be attacked to ensure that applications or resources are not exposed to ports, protocols, or applications, thereby limiting the attacker’s options and allowing you to build in a single location protection. In some cases, in order to minimize possible attack points, computing resources can be placed behind a content delivery network (CDN) or load balancer, and direct Internet traffic can be restricted to certain parts of the infrastructure, such as databases server. In other cases, firewalls or access control lists (ACLs) can be used to control traffic to the application.
With the development of DDoS attacks over the years, the types and scales of attacks have become more and more diversified and complex. When choosing protection measures for DDoS, companies must first analyze the type and scale of attacks before choosing appropriate high-defense services. The battle between offense and defense is one foot higher than the devil.
This article is from: https://www.zhuanqq.com/News/Industry/293.html