Mitigating cloud server risks during DDoS attacks
During recent DDoS attacks, the hackers are able to bring down all customers hosted on the targeted customer's service. Suggestions for mitigating that risk?
Software/Hardware used:
Software/Hardware used:
ASKED:
January 31, 2011 3:59 PM
UPDATED:
March 1, 2011 9:12 PM
Answer Wiki:
Go with a cloud hosting provider that has greater bandwidth then the hackers that are attempting to bring down the service with a DDos attack. As an example in the recent wikileaks DDos attempts, the hackers called off their attempt to shutdown Amazon because they could not exceed the bandwidth/resources that Amazon possessed. There is nothing you can do about a DDos attack by a nation-state simply because only another nation-state would have the resources to counter them.
Ramsey-After thinking about this and considering all options there is a way to do it yourself if you had the resources. There is not a full need to go with hosted cloud solutions. If you have multiple branches in different physical locations you are just as strong as these big guys. Since each of your locations have different Public IP’s and most likely different ISP’s a ddos attack would have to flood and attack each of your ISP’s. With the different Public IP’s as long as you are monitoring your traffic and have backup Cloud Base at another location you just close the one that is being attacked and bring up the other to Master at your other physical location. Bam! That is the answer!
To see all answers submitted to the Answer Wiki: View Answer History.
If this is a private cloud. Setup a firewall with Ingress and Egress filtering at the Border Gateway to keep information about network internal. The DDos attackers will go after weak computers so this will help hide flaws. Along with that, keep your computers security up to date and manage what internet services they are using, ie internet radio, IM, ect. Don’t let them just open ports out so someone can get in. It is all about locking down. Cheers, hope this helps. Cisco has a good guide at http://www.circleid.com/posts/20090322_designing_secure_networks_cisco_technology_part_4/
Hi,
With all due respect, I tend to disagree with the above point of view.
For me, it is a misconception to think that this kind of attack is only about bandwidth.
Recently I read this article that for the time being I completely agree.
Indeed, hackers attempted to bring down Amazon’s EC2 with DoS attacks, but as Compuware’s Richard Stone notes in this blog post, Amazon suffered no downtime as a result. The performance-degradation ripple effects were clearly visible using the CloudSleuth performance monitor. But if you were an EC2 customer — or a customer of any of the major cloud service providers with the scale to combat DoS attacks — you should be able to sleep at night.
–Rob Garretson
About me
After thinking about this and considering all options there is a way to do it yourself if you had the resources. There is not a full need to go with hosted cloud solutions. If you have multiple branches in different physical locations you are just as strong as these big guys. Since each of your locations have different Public IP’s and most likely different ISP’s a ddos attack would have to flood and attack each of your ISP’s. With the different Public IP’s as long as you are monitoring your traffic and have backup Cloud Base at another location you just close the one that is being attacked and bring up the other to Master at your other physical location. Bam! That is the answer!
(unless you’re getting hit from both sides.. wah wah wah)