Cloud security: Leveraging the grid cloud against application layer DDoS

Source: Internet
Author: User
Keywords Attack they we can cloud security

The threat of DDoS (Denial-of-service attack) at the application level is more dangerous for data center operators. Because the state detection design of IPS devices and firewalls encounters this new attack tactic, a large increase in status requirements becomes more vulnerable, making the device itself more vulnerable to attack. In addition, the current protection measures based on boundary network have a big gap if they want to use cloud computing to solve DDoS attacks, using the DDoS infrastructure of the service provider or the dedicated DDoS attack protection in the upstream of the victim's infrastructure.

The current solution does not take advantage of the computational power that is distributed over the network, nor does it coordinate upstream devices to deflect traffic before it is saturated. There is no ready-made solution that can operate simultaneously in the boundary network and in the cloud.

Take a look at this article from Infosecurity-magazine.com, Arbor NX's product director, Rakesh Shah, about today's DDoS attacks, published in Cloud http://www.aliyun.com/ Zixun/aggregation/16952.html ">security Alliance's article is really worth reading.

I started noticing them when I was a arbor, and when I was in Exodus Communications, their original founders came to me to see if we could fund them. At the time, I doubted whether they could get enough information on the Internet to do what they planned. But I was wrong. Times have changed.

This passage of Rakesh has two points. First of all, the premature DDoS technology for Web sites and DNS servers has been ... Old. They are still useful, but network providers are getting better at preventing them.

When I was in Speedera NX, before Akamai acquired us, we were only successfully attacked by a DDoS attack, which was our DNS server. We are saddened to tell our customers that we are under attack and unable to maintain their network traffic. The client moved to Akamai and was successfully attacked by the same DDoS attack the next day, and the very good company was only successfully attacked by a DDoS attack because they had a very good distributed architecture. You haven't heard a story like this today.

DDoS attacks on HTTP will not disappear, but we are increasingly aware of how to handle them. Now, the application layer of DDoS attacks, it can continue to consume the back-end of the server, and eventually run out of all the cloud line, the result of the victims can only choose to spend the amount of cloud computing, or let application services shut down.

Based on the amount of consumption is not always good, especially when these quantities are DDOS caused!

Rakesh's second interesting point is that DDoS attack protection does not use the computational power of scattering on the network. So the ultimate solution to DDoS attacks is to use the grid cloud. If there is a solution that can use a huge amount of network computing power, then the application layer DDoS attack will fail.

After all, using a botnet/dummy network botnet for DDoS attacks is itself a grid cloud, and some of the total computing power that botnets can use is dwarfed by the centralized data centers of Google or other cloud providers.

Using a grid cloud to counter DDoS attacks using a grid cloud is not only clever but also classic. I look forward to seeing a real solution come true.

(Responsible editor: Liu Fen)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.