INSUBCONTINENT EXCLUSIVE:
In October 2016 DNS provider Dyn was hit by a major DDoS (Distributed Denial of Service) attack by an army of IoT devices which had been
hacked specially for the purpose
How then can you make sure that your organization doesn't fall victim to this kind of attack
In this guide you'll discover major infrastructure providers who have the necessary digital muscle to protect against attacks designed to
Development began several years ago under George Conard in the wake of attacks on election monitoring and human rights related websites in
the Ukraine.Project Shield is able to filter potential malicious traffic by acting as a reverse proxy which sits between a website and the
internet at large, filtering connection requests
If a connection seems to be from a legitimate visitor Project Shield permits the connection request
If a connection request is determined to be bad e.g
multiple connection attempts from the same IP address, then it is blocked
wonder how filtering traffic via a proxy will work with SSL
Fortunately, Jigsaw has thought of this and has put together a comprehensive tutorial to make sure secure connections to your site work
Several other tutorials are also available in the support section.Currently Project Shield is only available for media, election monitoring
and human rights related websites
The primary focus is also on small under resourced websites which cannot afford expensive hosting solutions to protect themselves for DDoS
Although Cloudflare is based in the US it maintains over 180 data centers around the world: an infrastructure to rival Google's
This maximizes your sites chances of staying online.Every Cloudflare user can choose to activate the 'I'm under attack' mode which can
protect against even the most sophisticated of DoS attacks by presenting a Javascript challenge
As a matter of routine Cloudflare also acts as a reverse proxy sitting between visitors and your site host to filter traffic in much the
same way as Jigsaw's Project Shield
In March 2019, Cloudflare introduced Spectrum for UDP, which provides DDoS protection and firewalling for unreliable protocols.Visitors
making connection requests have to run a gauntlet of sophisticated filters including site reputation, whether their IP has been Blacklisted
and if the HTTP header seems suspicious
HTTP requests are finger printed to protect against known Botnets
As an industry giant, Cloudflare can easily leverage its position by sharing intel across the 7+ million websites it manages
The 'Standard' tier is available to all AWS customers at no extra charge
This is ideal as many small businesses choose to host their websites with Amazon
AWS Shield Standard is available to all customers at no extra charge
It protects against more typical network (layer 3) and transport (layer 4) attacks when used Amazon's Cloud Front and Route 53 services
However, your bandwidth e.g
15Gbp/s will still be limited by the size of you Amazon instance making it feasible for hackers to carry out a DoS attack if they have
Worse still you remain responsible for paying for the extra traffic to your instance.To mitigate this Amazon also offers AWS Shield Advanced
A Subscription include DDoS cost protection, which can save you from a huge spike in your monthly usage bill if you are the victim of an
AWS Shield Advanced can also deploy your ACL's (Access Control Lists) to the border of the AWS network itself giving you protection against
even the largest of attacks
The piece of mind afforded by AWS Shield Advanced is expensive however
All members benefit from basic DDoS protection
Features include always on traffic monitoring and real time mitigation of network (layer 3) attacks for any public IP addresses you use
This is the very same type of protection afforded to Microsoft's own online services and the entire resources of Azure's network can be used
This has been widely praised for being very easy to enable, requiring just a few clicks of your mouse
Crucially Azure does not require you to make any changes to your apps although the standard tier does offer protection against application
(layer 7) DDoS attacks via the app gateway web app firewall
Azure monitor can show you real time metrics if an attack does take place
These are retained for 30 days and can be exported for further study if you wish
If these exceed a pre-defined threshold, DDoS mitigation is automatically launched
This includes inspecting packets to make sure they aren't malformed or spoofed as well as using rate limiting
Protection applies equally to all resources
but the features and functionality mentioned in the review stayed relatively the same.Verisign is almost as old as the Internet itself
Since 1995 it has grown from a simple Certificate Authority to a major player in the Network Services industry
Users can choose to redirect connection attempts with a simple change of their DNS (Domain Name Server) settings
Traffic is sent to Verisign for checking to prevent network attacks
Verisign analysis all traffic thoroughly before redirecting
several dedicated DDoS "scrubbing centers"
These analyze traffic and filter out bad connection requests
The combined infrastructure runs to almost 2TB/s and can block even the most overwhelming DDoS attacks
Athena is broadly divided into three elements
The 'Shield' filters network (layer 3) and transport (layer 4) attacks via DPI (Deep Packet Inspection), blacklists - whitelists and site
The Athena 'proxy' inspects HTTP headers for bad traffic during initial connection attempts
The 'proxy' and 'shield' are supported by Athena's 'load balancer' which helps to prevent application (layer 7) attacks.The customer portal
displays detailed reports on traffic and allows you to configure your threat management, for example by creating connection blacklists
