Community Blog How to Effectively Keep DDoS Defenses Outside Your Network

How to Effectively Keep DDoS Defenses Outside Your Network

In this blog, we explore the risks of DDoS attacks and look at products that can help to protect your business by keeping your servers and data is secure.

We're always being told that an effective IT security strategy should be all about confidentiality, integrity and availability. However, we also need to be sure that our data doesn't leak, that it can be trusted, and that our systems are always accessible by those who want to use them.

With so many high-profile data breaches making international headlines in recent months, it's tempting to overly focus on protecting confidentiality and to neglect the other two pillars. But we do so at our peril, because attackers have more than one string to their bow.

When it comes to availability, or lack of it, the most widely known attack is the DoS, or Denial of Service. In recent years it's become the DDoS, or Distributed DoS. Not only do attackers fire so much traffic at your servers that they crash under the weight of it all, but the traffic originates simultaneously from tens of thousands of locations. This means that merely blocking all incoming connections from one particular IP address will not mitigate the attack.

When it comes to being able to protect against DDoS attacks, cloud-based servers are a far better choice than running your own hardware in your own data center. By the time the attack traffic hits your data center or server, your systems will be sufficiently overwhelmed that you won't have the capacity to do anything about it. By using cloud servers, and the massive infrastructure of which they are a part, DDoS traffic will be detected and deflected before it has a chance to reach your company's actual servers or its VPC (virtual private cloud).

DDoS Protection

Alibaba Cloud offers three products to protect you from DDoS attacks. These are known as Anti-DDoS Basic, Anti-DDos Pro, and Anti-DDos Premium. Anti-DDos Basic is completely free of charge, you just need to enable it from your management console. It defends against many common attack types such as ICMP, UDP, TCP, SYN and ACK floods. It requires minimal configuration and no technical knowledge – you can just switch it on and it starts working immediately, protecting you from DDoS traffic levels of up to 5Gbits per second. You can also opt to receive notifications by email or SMS when an attack is detected, so that you can take further action if required.

For protection against additional types of attack, Alibaba Cloud offers two more products. Anti-DDoS Pro is a paid-for service that offers protection against large-scale attacks of up to 300Gbits/second, and is available for servers based in the mainland China hosting region. You will need to adjust your DNS settings so that your host name resolves to the Anti-DDoS server room, from where cleaned and filtered traffic will then be automatically forwarded.

For those who require the most powerful protection, regardless of location, Anti-DDoS Premium is available. It handles many additional attack types, and offers protection against attacks of virtually any size. The system currently has the capacity to deal with simultaneous attacks totaling more than 2 Terabits/second and has a full set of configuration options to allow your operations staff to control and monitor the system's operation as they wish.

Launching a DDoS attack is resource-intensive. If a attacker tries it once and it fails, they are less likely to try again. Therefore, it's definitely a good idea to implement some form of DDoS protection on your cloud servers. And with Alibaba Cloud you can do so completely free. Full information about all Alibaba Cloud's anti-DDoS and related security services is available at https://www.alibabacloud.com/product/security

0 0 0
Share on

Alibaba Clouder

2,600 posts | 753 followers

You may also like


Alibaba Clouder

2,600 posts | 753 followers

Related Products