×
Community Blog Warding off DDoS Attacks with Anti-DDoS – Part 2: Mitigating DDoS Attacks

Warding off DDoS Attacks with Anti-DDoS – Part 2: Mitigating DDoS Attacks

Part 2 of this 4-part series focuses on using different Alibaba Cloud products to maintain a healthy system to mitigate DDoS attacks.

By Shantanu Kaushik

Struggling with DDoS Attacks? Get Free Support Now! Contact Us >>

Understanding threats and the scale of damage threats can cause helps organizations evolve. Disruption in business continuity causes losses and damages the business' reputation. DDoS attacks have become prevalent over the years and gained the attention of cybersecurity experts. This led to a sophisticated understanding of DDoS and how these attacks can be mitigated.

Alibaba Cloud launched a collaborative global DDoS protection service as an effective counter-measure against DDoS attacks. We will discuss it at length in the next article of this series. Let's take a look at the architecture of this initiative to record the relevant details:

1

In this article, we will discuss effective ways to mitigate DDoS attacks using products from the Alibaba Cloud lineup. As we discussed previously in Part 1, some of the most common types of DDoS attacks are:

1.  Application Layer Attacks

These attacks use techniques like HTTP and DNS flood to induce a denial of service. They consume all the resources for application processing on the server.

2.  Network Layer Attacks

A huge volume of traffic is directed towards the server network. This seizes the network bandwidth to induce a denial of service. UDP amplification and NTP flood attacks are common examples.

3.  Session Layer Attacks

The attacker bots consume the SSL session resources to induce a denial of service.

4.  Transport Layer Attacks

The attacker uses SYN flood and connection flood to induce a denial of service within the transport layer. In this scenario, the connection pool resources of a server get clogged.

Mitigating DDoS Attacks

Optimize Service Architecture

Alibaba Cloud provides superb public cloud resources and services like Auto Scaling. You can optimize your service architecture using these services to mitigate DDoS attacks. Let's take a look at more information below:

  • Performance Evaluation

Migrating to any service requires careful consideration and testing to retain any business values or business applications running on an on-premise setup. Stress testing the infrastructure is recommended to get a detailed overview of how your server and network resources will behave during a DDoS attack that primarily stresses the resources.

  • Use Alibaba Cloud Elastic Resources

Alibaba Cloud Server Load Balancer (SLB), Cloud Monitor, and an active geo-redundancy architecture can handle massive traffic surges. Alibaba Cloud ensures that you can mitigate DDoS attacks, avoid single point of failure (SPOF), and avoid any resource-hogging attacks by properly balancing resources using SLB.

  • Auto Scaling

Deploying Alibaba Cloud Server Load Balancer (SLB) and Auto Scaling can help reduce the risk of DDoS attacks drastically. Auto Scaling automatically adjusts the computing resources based on traffic demands or according to any policies set. Auto Scaling helps mitigate and avoid application layer and session layer DDoS attacks by automatically adding servers to maintain service availability and performance throttling.

  • Configuring DNS

It is always a wise idea to configure your DNS resolution to avoid any attacks. Enabling TTL, DNS client authentication, ACL implementation, and avoiding unknown DNS responses can lead to an effective mitigation technique for DDoS attacks.

Isolation of Resources

Any implementation should be checked and optimized at regular intervals. We advise isolating any irrelevant services and unused applications to optimize resource usage. This enables a better response system and helps mitigate any DDoS attacks.

  • Implementing a Virtual Private Cloud (VPC)

A Virtual Private Cloud (VPC) is an excellent resource to enable the isolation of resources and environments. In a hybrid cloud setup, Alibaba Cloud VPC is an excellent service that creates a secure environment for systems to intercommunicate. VPC can prevent attacks by isolating network resources.

  • Define a Security Group

Security Groups can help drastically lower the DDoS attack ratio. You can effectively control the number of open ports by defining a security group, depending on service requirements. Uncontrolled security policies can overstress your system and cause failure. You can lower public exposure and mitigate attacks by defining an effective security policy.

Monitor Your Services

An effective monitoring service can lower the chances of an attack on your service. Also, enabling an effective prevention policy based on monitoring and metrics collection will ensure heightened emergency plans to ward off DDoS attacks.

  • Cloud Monitor

Alibaba Cloud Monitor is an effective tool to monitor and collect metrics for your Alibaba Cloud resources. This allows for optimized systems with a highly viable alert system to mitigate any attacks.

  • Alibaba Cloud Anti-DDoS Monitoring

Alibaba Cloud Anti-DDoS Basic is a completely free solution that helps mitigate DDoS attacks. Anti-DDoS Basic can send alerts about service fluctuations due to heavy traffic or when it detects a DDoS attack.

You can come up with an emergency plan based on how your service behaves by monitoring your services.

Security Solutions

Alibaba Cloud has a strong lineup of security and authorization products. Some of these services are free and activated automatically once you create an account or buy any product or solution from the Alibaba Cloud lineup. Some products include the Web Application Firewall (WAF), Resource and Access Management (RAM), IDaaS (Identity as a Service), Cloud Firewall, and Anti-DDoS solutions.

These products can help you mitigate any cyber attack and retain business continuity when deployed correctly. Alibaba Cloud offers comprehensive product options and DDoS emergency support to help you recover from a denial of service.

Wrapping Up

Distributed Denial of Service (DDoS) attacks have grown significantly over the years and a major concern. Enterprises are getting affected by the wide-spread impact of DDoS, which causes economic loss and affects the organization's reputation.

Alibaba Cloud has executed extensive research to roll out its Anti-DDoS service. It is available in Basic, Pro (Mainland China), Premium (World), Origin, and GameShield variants. In the next article of this series, we will discuss the Alibaba Cloud Anti-DDoS service and its usage.

Upcoming Articles

  1. Warding off DDoS Attacks with Anti-DDoS – Part 3: Alibaba Cloud Anti-DDoS
  2. Warding off DDoS Attacks with Anti-DDoS – Part 4: Global DDoS Collaborative Protection and GameShield
3 0 0
Share on

Alibaba Clouder

2,447 posts | 550 followers

You may also like

Comments

5865711848460123 January 28, 2021 at 3:41 pm

Hey Shantanu, that’s a pretty good blog out there! Very resourceful. Can you please suggest some good service providers who can help my business to overcome DDoS attacks?

5831993604691175 January 29, 2021 at 10:40 am

Hi there, Thanks a lot lot!You can take leverage of the current offer extended by Alibaba Cloud itself. They are offering free DDoS support. You can follow this link - https://www.alibabacloud.com/campaign/anti-ddos

5865711848460123 January 31, 2021 at 2:26 pm

Hi, Thanks for sharing, I will check that. Do know about https://mazebolt.com/, I was evaluating that too.