Cloud security Services: WAF and DDoS attack prevention
Source: Internet
Author: User
KeywordsDDoS attack cloud Security Service Wafweb application firewall
For cloud-safe services, WAF and DDoS attack prevention. Today there are a number of security offerings based on cloud services, including web and mail filtering, network traffic access control and monitoring, and tagging for payment card services. An important difference between security services is "in the cloud" or "for the Cloud," which is the security service that is integrated into the cloud environment as a virtual device for user and control. Security is the service (SaaS) that is designed to ensure that other cloud service providers transmit traffic and data through. In this article, we will focus on cloud based Web application filtering and monitoring, and DDoS attack prevention services, and may provide a model of both. Web application firewalls can now provide several types of cloud-based Web application Firewall (WAF) services. The first category is "Security in the Cloud", using current hardware and software-based WAF to provide virtual devices, as platform services (Platform as a service, PaaS) and infrastructure services in the cloud service provider Environment (infrastructure as a service , IaaS) are used. These vendors include Imperva and art of defence, while EC2, Gogrid and Terremark, like the well-known cloud environment Amazon, can also provide services. The cost of implementing these virtual devices is generally more reasonable and provides a valuable capability for cloud service customers, such as additional filtering for common Web application attacks, and limited behavior analysis. Many data leaks originate from SQL injection or similar attacks, so this is a service that should be researched, especially for cloud devices that handle sensitive data. However, performance can be affected and therefore requires very high-performance equipment. Perform important testing before you completely enable the rule set on any WAF device. Art of defence is unique because it is responsible for all WAF services in the EC2 cloud, making it easy for Amazon customers to implement. In addition, Amazon offers the WAF of Citrix's NetScaler products to customers who do not want to specialize in an AWS (Amazon Web Service) that manages a WAF virtual device. Service providers have created multiple security services as WAF deliveries for cloud security. Imperva has created a cloud-based WAF service company called Incapsula, which focuses on small and medium-sized businesses that want to take shortcuts and manage Web application traffic through WAF, rather than managing a single device within the company or in a cloud environment. Starting with just changing some DNS settings, it appears that Incapsula is focused on detecting and preventing major web-based threats and issues, including SQL injection, Cross-site scripting attacks (XSS), and other owasp top 10 vulnerabilities, as well as focusing onCapacity caching and reducing traffic overhead. Since 2009, Akamai technology has been providing cloud-based WAF capabilities, starting with application filtering based on the open source Modsecurity WAF platform, albeit customized to run on Akamai's Edge platform network. Currently its capabilities include the IP address whitelist and blacklist, as well as custom rules to detect and block protocol exceptions, SQL injection and XSS attacks, content leaks, and other security breaches. Akamai recently announced that it will collaborate with Qualys and other companies on new Open-source WAF projects. DDoS attack prevention for DDoS prevention, there are several "in the cloud" service providers to choose from, such as Terremark, Rackspace and NaviSite companies. Users can use DDoS prevention as an additional management service and add it to the cloud management plan. DDoS prevention services vary in price and scope, depending on the level of customization required. For simple redundancy and DNS "protection" services, the cost is usually low, but for customers with a large number of sites and virtual hosts, the cost increases as the service provider's operating overhead increases. Most customers do not need DDoS prevention, but organizations that have stringent uptime requirements, or that are susceptible to DDoS attacks, should assess whether these services are available in the cloud management environment and meet their specific needs. Other companies offer "cloud security" for DDoS prevention, cloud service customers or self-management data customers who can send traffic through their infrastructure to monitor and manage. Akamai offers services known as DDoS protection, including DNSSEC, traffic optimization, bandwidth control, Web acceleration, server public cloaking, and other features. Another company that provides cloud-based DDoS prevention is dosarrest. Its proxy protection and personalization services provide a DDoS "cache" for the site, which can handle traffic and control bandwidth very efficiently when the customer suffers an attack. This is an important security delivery for ebay, Amazon and other highly visited sites, because DDoS attacks are trivial for cooperative attackers and can effectively stop web-based businesses for a while. Cloud based WAF and DDoS prevention services are a step forward in terms of ease of security implementation. WAF products are traditionally seen as very difficult to implement and manage. Using virtual devices to simplify integration and outsource most of the operational configuration is very meaningful for the cloud service provider's employee management, reducing costs and specialized technicians. DDoS prevention is a highly specialized security capability that becomes more accessible to customers in the cloud model and benefits from the inherent scalability and redundancy of the cloud Platform and data center. "Editorial Recommendation" Web application firewall to build enterprise application security is not setAnti-Web application firewall How to provide protection for customers the next article "Ten Commandments" on Web application firewall security disclosure of the Web application firewall four functions three kinds of technical analysis WAF Procurement Essentials "Editor: Chen Bowen TEL: (010) 68476606" Original: Cloud security services: WAF and DDoS attack prevention return to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.