AWS Shield
The Amazon Web Services (AWS) Shield [8] provides protection against DDoS attacks (Figure 1). The Standard protection is available to any AWS customer. The product includes detection of network flow data and automatic mitigation of DDoS attacks against SYN flooding or UDP reflection attacks. However, you do not receive information about a successful defense. If you choose the AWS Shield Advanced product, you receive the following additional features for around $3,025 per month plus charges for data transfer:
- In addition to connection data at the network level, Amazon collects and analyzes transaction logs at the application level.
- Access to advanced scrubbing capacities.
- Notification of attacks on ISO Layers 3 and 4, as well as data about the type of attack.
- Reports for ISO Layers 3, 4, and 7.
- Incident management by the Amazon DDoS response team.
- If necessary, manual mitigation.
- Manual analysis after the attack.
- Reimbursement for costs incurred by the attack associated with CloudFront, Route 53, and ELB services.
Figure 1: Amazon protects customers against DDoS attacks – to an extent. For more protection, you will have to dig very deeply into your pockets.
Of import is that Amazon only protects what runs on Amazon. Although it is possible to protect data traffic on your own servers using services such as CloudFront or a reverse proxy and to protect your own network connection in another way, you cannot fight off targeted attacks.
REF: http://www.linux-magazine.com/Issues/2018/206/DDoS-Defense/(offset)/6
沒有留言:
張貼留言