随着互联网不断普及,网络带宽增加,全球覆盖的高速网络给大家带来了方便,也为DDoS攻击创造了极为有利的条件。同行业的恶意竞争,涉黑的敲诈勒索,致使DDoS攻击者可以从中获利,目前DDoS攻击已经形成了一条完善的黑色产业链。在利益的驱动下,攻击者和防御方都在不断提高技术。
一句话简单说明DDoS,攻击者借助多种来源(协作者或被盗用主机)发动对目标的攻击。在攻击中,每个来源(协作者或被盗用主机)均参与攻击活动,从而生成海量的数据包或请求来"淹没"目标。
传统IDC由于网络带宽、配置固定等原因,长期以来一直被DDoS攻击所困扰。一直面临客户投诉、商业利益损失、法律纠纷等问题。随着公有云的普及,企业客户纷纷上云,DDoS攻击者也把专注力转向了如何攻击公有云。
经典的公有云防御DDoS架构
- 分离管理员和用户的访问入口,攻击者一般是通过伪装成普通用户,通过暴力手段和大流量堵塞网络,让其他用户不能正常访问。管理员单独入口访问,攻击时不影响管理员进入。
- 前端负载均衡器配合WAF服务器,清洗大部分攻击流量,减轻对后端服务器压力。
- 后端负载均衡器分配正常用户和极少量的攻击流量,减轻对应用服务器压力。
- WAF服务器和应用服务器均采用自动扩缩机制,在受到流量冲击时自动扩展抵御攻击。
- 文件管理器保存配置文件和重要文件,管理员可以通过修改配置文件,改变WAF策略快速抵御攻击。
公有云在防御DDoS攻击方面有很大优势,结合泰岳云服务专家团队支持,可以侦测和抵御99.9%以上的DDoS攻击。我们为您司的应用量身定制安全架构,提供全面的托管服务,专职人员全时侦测攻击行为,最快速响应攻击动作,最大限度确保应用正常运行。
DDoS攻击目的性很强,快速确定攻击方式和可能造成的攻击影响,分级别处理攻击,再结合云上环境优势,达到全方位保护系统,最大限度缓解DDoS攻击带来的影响。
分级别应对攻击
对于大流量的DDoS攻击,我们可以选择不同的应对措施:
- 当非关键性业务或可中断服务被攻击时,考虑到被攻击所产生的多余成本,可以选择短暂停止业务和服务,让攻击者无法继续攻击。
- 当关键性业务或必须保证实时的服务被攻击时,可以扩大服务器计算能力,这正是云上环境区别于物理机房的优势,让攻击者一直达不到攻击目的,以此放弃攻击。
- 当业务需要全球化服务时,可以通用云上规则快速分析攻击者来源,通过前端代理规则丢弃该区域流量,虽然可能影响到该区域用户的访问延时,但是可以大幅度减少攻击对全球化服务的影响。
发挥云上环境的优势
- 云上环境具有高敏感性,在有异常流量出现时可以快速发现,结合专业团队,可以快速响应攻击。
- 云上环境具有快速改变优势,在攻击进行中,可以在分析攻击记录后,快速改变规则,达到丢弃区域流量,封锁范围IP,黑名单阻拦等。
- 云上资源的快速伸缩,可以短时间内扩大计算能力,吸收大流量攻击,保障服务正常运行。
我们专注于您的DDoS防护保障,您专注于您的业务领域。
With the continuous popularization of the internet and increased network bandwidth, global high-speed network coverage has brought convenience to everyone, but also created extremely favorable conditions for DDoS attacks. Malicious competition in the same industry, extortion involving criminal elements, has enabled DDoS attackers to profit from it. Currently, DDoS attacks have formed a complete black industry chain. Driven by profit, both attackers and defenders are constantly improving their technology.
To simply explain DDoS in one sentence: attackers launch attacks against targets using multiple sources (collaborators or compromised hosts). In the attack, each source (collaborator or compromised host) participates in the attack activity, generating massive amounts of data packets or requests to "flood" the target.
Traditional IDCs have long been plagued by DDoS attacks due to fixed network bandwidth and configurations. They constantly face issues like customer complaints, commercial interest losses, and legal disputes. With the popularization of public cloud, enterprise customers are moving to the cloud one after another, and DDoS attackers have also turned their focus to how to attack public clouds.
Classic Public Cloud DDoS Defense Architecture
- Separate administrator and user access points. Attackers typically disguise themselves as regular users, using brute force methods and high traffic to clog the network, preventing other users from accessing normally. Administrators access through a separate entrance, so attacks don't affect administrator access.
- Front-end load balancer works with WAF servers to scrub most attack traffic, reducing pressure on backend servers.
- Back-end load balancer distributes normal users and minimal attack traffic, reducing pressure on application servers.
- WAF servers and application servers both use auto-scaling mechanisms to automatically expand and resist attacks when under traffic impact.
- File managers save configuration files and important files. Administrators can quickly defend against attacks by modifying configuration files to change WAF policies.
Public cloud has significant advantages in defending against DDoS attacks. Combined with Taiyue Cloud Service expert team support, we can detect and defend against over 99.9% of DDoS attacks. We customize security architecture for your applications, provide comprehensive managed services, with dedicated personnel monitoring attack behavior around the clock, responding to attack actions most quickly, and maximizing the assurance of normal application operation.
DDoS attacks have strong purpose. Quickly determining the attack method and possible attack impact, handling attacks by level, and combining with cloud environment advantages can achieve comprehensive system protection and minimize the impact of DDoS attacks.
Responding to Attacks by Level
For high-traffic DDoS attacks, we can choose different response measures:
- When non-critical business or interruptible services are attacked, considering the excess costs generated by being attacked, you can choose to temporarily stop business and services, making it impossible for attackers to continue the attack.
- When critical business or services that must be guaranteed real-time are attacked, you can expand server computing power. This is exactly the advantage of cloud environment over physical data centers - preventing attackers from achieving their attack goals, leading them to abandon the attack.
- When business requires global services, you can quickly analyze attacker sources through cloud rules, discard traffic from that region through front-end proxy rules. Although this may affect access latency for users in that region, it can significantly reduce the impact of attacks on global services.
Leveraging Cloud Environment Advantages
- Cloud environment has high sensitivity. When abnormal traffic appears, it can be quickly detected. Combined with professional teams, attacks can be responded to quickly.
- Cloud environment has rapid change advantages. During attacks, after analyzing attack records, rules can be quickly changed to discard regional traffic, block range IPs, blacklist block, etc.
- Rapid scaling of cloud resources can expand computing power in a short time, absorbing high-traffic attacks and ensuring normal service operation.
We focus on your DDoS protection, you focus on your business domain.