Tag: cyber-security

brief overview of ddos threat

Posted on by techexpert@lab4devops

Understanding DDoS Attacks and AWS Protection

A Library Analogy for DDoS Attacks

Imagine a library where visitors can check out books at the front desk. After checking out their books, they enjoy reading them. However, suppose that a prankster checks out multiple books and never returns them. This causes the front desk to be unavailable to serve other visitors who genuinely want to check out books. The library can attempt to stop the false requests by identifying and blocking the prankster.

In this scenario, the prankster’s actions are similar to a denial-of-service (DoS) attack.

Denial-of-Service (DoS) Attacks

A denial-of-service (DoS) attack is a deliberate attempt to make a website or application unavailable to users. In a DoS attack, a single threat actor targets a website or application, flooding it with excessive network traffic until it becomes overloaded and unable to respond. This denies service to users who are trying to make legitimate requests.

Distributed Denial-of-Service (DDoS) Attacks

Now, suppose the prankster enlists the help of friends. Together, they check out multiple books and never return them, making it increasingly difficult for genuine visitors to check out books. These requests come from different sources, making it impossible for the library to block them all. This is similar to a distributed denial-of-service (DDoS) attack.

In a DDoS attack, multiple sources are used to start an attack that aims to make a website or application unavailable. This can come from a group of attackers or even a single attacker using multiple infected computers (bots) to send excessive traffic to a website or application.

Types of DDoS Attacks

DDoS attacks can be categorized based on the layer of the Open Systems Interconnection (OSI) model they target. The most common attacks occur at the Network (Layer 3), Transport (Layer 4), Presentation (Layer 6), and Application (Layer 7) layers. For example, SYN floods target Layer 4, while HTTP floods target Layer 7.

Slowloris Attack

One specific type of DDoS attack is the Slowloris attack. In a Slowloris attack, the attacker tries to keep many connections to the target web server open and hold them open as long as possible. It does this by sending partial requests, none of which are completed, thus tying up the server’s resources. This can eventually overwhelm the server, making it unable to respond to legitimate requests.

UDP Flood Attack

Another type of DDoS attack is the UDP flood attack. In a UDP flood attack, the attacker sends a large number of User Datagram Protocol (UDP) packets to random ports on a target server. The server, unable to find applications at those ports, responds with ICMP “Destination Unreachable” packets. This process consumes the server’s resources, eventually making it unable to handle legitimate requests.

AWS Shield: Your DDoS Protection Solution

To help minimize the effect of DoS and DDoS attacks on your applications, you can use AWS Shield. AWS Shield is a service that protects applications against DDoS attacks, offering two levels of protection: Standard and Advanced.

  • AWS Shield Standard: Automatically protects all AWS customers at no cost. It defends your AWS resources from the most common, frequently occurring types of DDoS attacks. As network traffic comes into your applications, AWS Shield Standard uses various analysis techniques to detect malicious traffic in real-time and automatically mitigates it.
  • AWS Shield Advanced: A paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks. It also integrates with other services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing. Additionally, you can integrate AWS Shield with AWS WAF by writing custom rules to mitigate complex DDoS attacks.

Additional AWS Protection Services

  • AWS Web Application Firewall (WAF): Protects your applications from web-based attacks, such as SQL injection and cross-site scripting (XSS).
  • Amazon CloudFront and Amazon Route 53: These services offer built-in DDoS protection and can be used to distribute traffic across multiple locations, reducing the impact of an attack.

Best Practices for DDoS Protection

To enhance your DDoS protection, consider the following best practices:

  • Use AWS Shield: Enable AWS Shield Standard for basic protection and consider upgrading to AWS Shield Advanced for more comprehensive coverage.
  • Deploy AWS WAF: Use AWS WAF to protect your web applications from common web-based attacks.
  • Leverage CloudFront and Route 53: Use these services to distribute traffic and mitigate the impact of DDoS attacks.
  • Monitor and Respond: Regularly monitor your applications and network traffic for signs of DDoS attacks and respond quickly to mitigate any potential impact.

Conclusion

DDoS attacks are a serious threat to the availability and performance of your applications. By leveraging AWS Shield and other AWS services, you can protect your applications from these attacks and ensure they remain available and responsive to your users.