Cloud security: Leveraging the grid cloud against application layer DDoS

The threat of DDoS (Denial-of-service attack) at the application level is more dangerous for data center operators. Because the state detection design of IPS devices and firewalls encounters this new attack tactic, a large increase in status requirements becomes more vulnerable, making the device itself more vulnerable to attack. In addition, the current protection measures based on boundary network have a big gap if they want to use cloud computing to solve DDoS attacks, using the DDoS infrastructure of the service provider or the dedicated DDoS attack protection in the upstream of the victim's infrastructure.

The current solution does not take advantage of the computational power that is distributed over the network, nor does it coordinate upstream devices to deflect traffic before it is saturated. There is no ready-made solution that can operate simultaneously in the boundary network and in the cloud.

Take a look at this article from Infosecurity-magazine.com, Arbor NX's product director, Rakesh Shah, about today's DDoS attacks, published in Cloud http://www.aliyun.com/ Zixun/aggregation/16952.html ">security Alliance's article is really worth reading.

I started noticing them when I was a arbor, and when I was in Exodus Communications, their original founders came to me to see if we could fund them. At the time, I doubted whether they could get enough information on the Internet to do what they planned. But I was wrong. Times have changed.

This passage of Rakesh has two points. First of all, the premature DDoS technology for Web sites and DNS servers has been ... Old. They are still useful, but network providers are getting better at preventing them.

When I was in Speedera NX, before Akamai acquired us, we were only successfully attacked by a DDoS attack, which was our DNS server. We are saddened to tell our customers that we are under attack and unable to maintain their network traffic. The client moved to Akamai and was successfully attacked by the same DDoS attack the next day, and the very good company was only successfully attacked by a DDoS attack because they had a very good distributed architecture. You haven't heard a story like this today.

DDoS attacks on HTTP will not disappear, but we are increasingly aware of how to handle them. Now, the application layer of DDoS attacks, it can continue to consume the back-end of the server, and eventually run out of all the cloud line, the result of the victims can only choose to spend the amount of cloud computing, or let application services shut down.

Based on the amount of consumption is not always good, especially when these quantities are DDOS caused!

Rakesh's second interesting point is that DDoS attack protection does not use the computational power of scattering on the network. So the ultimate solution to DDoS attacks is to use the grid cloud. If there is a solution that can use a huge amount of network computing power, then the application layer DDoS attack will fail.

After all, using a botnet/dummy network botnet for DDoS attacks is itself a grid cloud, and some of the total computing power that botnets can use is dwarfed by the centralized data centers of Google or other cloud providers.

Using a grid cloud to counter DDoS attacks using a grid cloud is not only clever but also classic. I look forward to seeing a real solution come true.

(Responsible editor: Liu Fen)