When you’re working on the IT security strategy for your business, hackers and data breaches are probably at the top of your list of risks. And for good reason. It’s obviously vital to prevent unwanted attackers from exploiting weaknesses in your installed software or system configuration, in order to bypass security controls and access protected resources and databases.
But today’s sophisticated cyber criminals, intent on disrupting companies and making money, have more than one method of achieving their goals. Consequently, you need to protect your cloud servers from multiple forms of attack. This includes those concerned with DoS, or Denial of Service.
DoS attacks are of particular concern because they’re impossible to prevent. They don’t happen because your server was poorly protected or configured. They are carried out by hackers who simply flood systems with tens of thousands of times more legitimate requests and traffic than they were designed to cope with. This causes them to slow down or to crash completely, thus causing downtime for whatever services they were providing.
When a DoS attack originates from more than one IP address simultaneously it’s known as a DDoS, or Distributed Denial of Service. These are typically carried out by so-called botnets, where thousands of PCs are taken over by a virus or some other malware which allows them to be controlled remotely by DDoS attack perpetrators, who can initiate an attack at a moment’s notice.
Consequences of an Attack
A DDoS attack can be costly and disastrous for companies which operate online. Unchecked, the attack can continue for weeks on end, taking your business offline and frustrating your customers, suppliers and staff. According to one major cyber insurance provider, a typical small to medium sized organization accumulates US$ 120,000 per attack in recovery costs. Specialist online retailers, it says, stand to lose between $8,000 and $74,000 in revenue for each hour of downtime.
Taking out specialist DDoS insurance cover can often help you recover some of the direct costs, such as hiring experts to fix the problem. But no amount of money will bring back all of your key customers who lost faith in your company and defected to your competitors while your site was down, or undo the adverse publicity that the attack might have generated. Therefore you need to proactively protect your systems from DDoS before it’s too late.
While it’s tempting to assume that “DDoS surely couldn’t happen to us”, the reality is that it might. Systems of all sizes get attacked, for many reasons, the most common being blackmail. “Pay a ransom (often via cryptocurrency such as BitCoin) within 48 hours or we’ll take your systems offline.” And with botnets widely available to rent by the hour via the dark web, carrying out an attack is disturbingly easy to do.
Dealing with a DDoS is very different when compared to handling other sorts of attack, because there’s no underlying error or weakness that can be patched or fixed in order to stop it. The very nature of a DDoS incident means that you probably won’t be able to connect to the affected servers in order to fix the problem or mitigate any damage, because they will be at best unresponsive. For this reason, it’s essential that any protection against DDoS is implemented further up the chain, ie at the network perimeter rather than on individual servers.
How Alibaba Cloud Can Help
When you create your cloud servers on Alibaba Cloud, you can take advantage of a complete range of anti DDoS protection services that are easy to set up, including one option which is free of charge. Between them they currently handle around 2,500 incidents per day, keeping customers’ businesses online and accessible in the face of a DDoS.
Alibaba Cloud Anti DDoS Basic is available on every Alibaba Cloud server and is completely free. It’s even enabled by default when you create the server so there’s no additional installation or configuration required. It defends your servers against attacks of up to a very impressive 5 Gbits per second, by automatically restricting access if suspicious activity is detected. As the attack starts to subside, normal access is automatically and gradually restored. You can also opt to receive automatic notification via email and SMS message to keep you up to date with the situation in real time.
For many small to medium businesses and other online operations, Anti DDoS Basic can provide all the protection you need against denial of service attacks. But for a greater degree of protection, from attacks of up to 300 Gbits per second, Alibaba Cloud offers additional paid services such as Anti-DDoS Pro and Anti-DDoS Origin. In addition, Game Shield provides the ability to specifically protect online gaming and mobile back-end infrastructure.
At the heart of all Alibaba Cloud’s DDoS protection are the [traffic scrubbing centers]. When an attack is detected, all traffic destined for the affected server is redirected behind the scenes to the nearest scrubbing center that has the required capacity to handle it. From there, data related to the attack is filtered out and cleaned traffic is then sent back to the server. All of the Alibaba Cloud Anti DDoS system (the attack detector and the scrubbing center, as well as the centralized management system) are physically and logically located away from the servers being protected so they take the full force of the attack, so the attack traffic never reaches its intended destination.
Alibaba Cloud’s DDoS mitigation services can protect a variety of devices. Anti-DDoS Pro can be used on servers both within and outside of Alibaba Cloud. Anti-DDoS Origin works on Elastic Compute Service instances, server load balancer instances, Elastic IP instances, and Web Application Firewall assets, providing protection against attacks of up to 20 GBits/second.
Once purchased, getting enhanced systems like Anti-DDoS Pro up and running is simple and takes just a couple of minutes. You just change the DNS entries of your protected resources so that they point to the Anti-DDoS center.
You can leverage the power of Cloud Monitor on your Alibaba Cloud servers to keep a regular eye on server performance. If you’re running Anti-DDoS Pro, you can monitor the levels of raw inbound traffic as well as scrubbed traffic, to help you understand the current level of attack. See Create an Anti-DDoS alert rule for full details.
If you haven’t already formulated a strategy for dealing with DDoS attacks and minimizing their impact on your business, now is the time to do so. If you’re an Alibaba Cloud user, start by ensuring that Anti-DDoS Basic is enabled and running on all your servers. Configure it to send SMS or email alerts so that you receive notification in good time if your systems are under attack. You can then take further action if necessary, such as upgrading to Anti-DDoS Pro if the scale of an attack warrants it. Formulate an emergency response plan so that, if such a notification is received, you are in a position to be able to deal with it immediately, whatever time of the day or night it happens.
You can find more advice for relieving DDoS attacks in Best practices for mitigating DDoS attacks.
One of the benefits of cloud computing from Alibaba Cloud is that the underlying infrastructure is large enough to handle major DDoS attacks well away from your key servers and other associated services such as load balancers. By the time traffic reaches your cloud services it has been suitably scrubbed of all attack-related traffic, thus helping to keep your business online.
Implementing DDoS protection on Alibaba Cloud is simple and cost-effective. Entry level protection with Anti DDoS Basic is free of charge and is enabled by default. If circumstances dictate that a higher degree of protection is required, such as in the face of a massive DDoS attack that is beyond the scope of Anti DDoS Basic, upgrading to a more powerful, paid service like Anti DDoS Pro can be up and running quickly.
If you don’t already have an Alibaba Cloud account, you can create one for free at https://www.alibabacloud.com/