What is a DDOS Attack & How to Protect Your Site Against One
Reduce Attack Surface Area
One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for attackers and allowing you to build protections in a single place. We want to ensure that we do not expose our application or resources to ports, protocols or applications from where they do not expect any communication. Thus, minimizing the possible points of attack and letting us concentrate our mitigation efforts. In some cases, you can do this by placing your computation resources behind
Plan for Scale
The two key considerations for mitigating large scale volumetric DDoS attacks are bandwidth (or transit) capacity and server capacity to absorb and mitigate attacks.
Transit capacity. When architecting your applications, make sure your hosting provider provides ample redundant Internet connectivity that allows you to handle large volumes of traffic. Since the ultimate objective of DDoS attacks is to affect the availability of your resources/applications, you should locate them, not only close to your end users but also to large Internet exchanges which will give your users easy access to your application even during high volumes of traffic. Additionally, web applications can go a step further by employing Content Distribution Networks (CDNs) and
Server capacity. Most DDoS attacks are volumetric attacks that use up a lot of resources; it is, therefore, important that you can quickly scale up or down on your computation resources. You can either do this by running on larger computation resources or those with features like more extensive network interfaces or enhanced networking that support larger volumes. Additionally, it is also common to use load balancers to continually monitor and shift loads between resources to prevent overloading any one resource.
Know what is normal and abnormal traffic
Whenever we detect elevated levels of traffic hitting a host, the very baseline is to be able only to accept as much traffic as our host can handle without affecting availability. This concept is called rate limiting. More advanced protection techniques can go one step further and intelligently only accept traffic that is legitimate by analyzing the individual packets themselves. To do this, you need to understand the characteristics of good traffic that the target usually receives and be able to compare each packet against this baseline.
Deploy Firewalls for Sophisticated Application attacks
A good practice is to use a Web Application Firewall (WAF) against attacks, such as SQL injection or cross-site request forgery, that attempt to exploit a vulnerability in your application itself. Additionally, due to the unique nature of these attacks, you should be able to easily create customized mitigations against illegitimate requests which could have characteristics like disguising as good traffic or coming from bad IPs, unexpected geographies, etc. At times it might also be helpful in mitigating attacks as they happen to get experienced support to study traffic patterns and create customized protections.
相關推薦
What is a DDOS Attack & How to Protect Your Site Against One
Reduce Attack Surface Area One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be at
What is a Bounty Program? Steps to make a successful Bounty Program
The cryptocurrency industry is growing by leaps and bounds. The cryptocurrency enthusiasts are growing proportionally. It is no longer hidden that these en
What is Cyber Security Month? How to perform Google's Security Checkup and stay safe online
If you've visited Google's homepage recently, you may have noticed a small note indicating that it is Cyber Security Month, together with a message encoura
What is a Webhook and how can I use them at my company?
The Webhook is increasingly being used by companies hoping to improve their customer experience. But what exactly are they and how can they help you? If y
Wallets for dummies — how to protect your crypto
If you want to own cryptocurrencies you need a wallet. But you are responsible for selecting the correct one and for keeping your crypto funds safe. So, it
轉載 -- How To Optimize Your Site With GZIP Compression
// 下面這篇文章講的非常不錯,看完了 https://betterexplained.com/articles/how-to-optimize-your-site-with-gzip-compression/ // Content-Encoding, 定義 fr
轉載 -- How To Optimize Your Site With HTTP Caching
https://betterexplained.com/articles/how-to-optimize-your-site-with-http-caching/ // Caching Tutorial for Web Authors and Webmasters // 下面
What is a Security Token? A Comprehensive Guide to How They Work and Their Impact
There’s been a lot of talk about security tokens recently. But what is a security token in the first place? How do they work? And how might they impact you
Ask HN: What is a good alternative to Confluence?
There are lots of wiki systems, but most of them have poor usability, strange markup languages and very few social functionality (comments, alerts ...). An
What is a hybrid cloud and why you need to know about it?
What is a hybrid cloud and why you need to know about it?You know cloud, don’t you? It has been around for a while now and it is wide-spread across compani
what-is-a-closure
arc quest draft overflow targe .com com http www. https://stackoverflow.com/questions/36636/what-is-a-closure http://www.cs.tufts.edu/~n
新手使用Vector報錯Vector is a raw type. References to ge
str parameter 了解 不能 我不 raw reference ner 新手 照著書上抄代碼有下面一句private Vector vector=null;但是eclipse報錯Vector is a raw type. References to generic
What is Web Application Architecture? How It Works, Trends, Best Practices and More
som put type ruby async sin porting whole ldb At Stackify, we understand the amount of effort that goes into creating great applications.
What is Double Spending & How Does Bitcoin Handle It?
enter num sig ken wid time address phy missing https://coinsutra.com/bitcoin-double-spending/ Bitcoin is gaining rapid popularity and a
What is a shell and what is Bash?
space import span process ext 屏蔽 解釋器 ffffff shadow 常聽說:shell編程,Bash編程,和Bash shell編程,究竟什麽是shell,又何為Bash,兩者有什麽聯系…簡單的說,shell是命令解釋器,用於解析和執行命令
How To Size Your Apache Flink® Cluster: A Back-of-the-Envelope Calculation
January 11, 2018 - Apache Flink Robert Metzger and Chris Ward A favorite session from Flink Forward Berlin 2017 was Robert
What Is a Computer Switch?
The computer switch though has long existed in the market, few people can speak on it with great familiarity. As the network expands, the computer swi
List is a raw type. References to generic type List should be parameterized
編譯環境:Eclipse 問題:編譯集合型別List、Set、Map程式碼時,編譯器出現下面的警告: List is a raw type. References to generic type List<E> should be parameterized Set is a
Fullstack React: GraphQL is fantastic. Here's how to write aGraphQL server
Hey Friend, it's Nate from Fullstack React. I love GraphQL and have found the client experience to be extremely pleasant. GraphQL is a
Stephen Hawking Taught Us a Lot About How to Live
勇氣、好奇心、幽默感,那些霍金教給我們的事Stephen Hawking Taught Us a Lot About How to LiveStephen Hawking, the English cosmologist and black hole maven, liked to say he was bo