DDoS protection. Briefly about it.

Started by goppog4334, Jul 11, 2022, 07:34 AM

Previous topic - Next topic

goppog4334Topic starter

It is divided into 2 types:
1) Filtering from malicious traffic at the L7 OSI application layer (application layer) for hosting and VPS. This option complements the capabilities of our basic DDoS protection, which is included for free in each tariff of the main hosting services of Eternalhost. When it is connected, traffic clearing extends to all levels of the OSI model that are important for cybersecurity — from L3 to L7.
2) Fine-tuning DDoS protection filters for "non-site" resources on VPS. The option is applicable for various online platforms, electronic trading platforms and services. For example, for corporate and gaming servers, file storage and databases, VPN servers, servers with trading platforms for fоrex, payment and mail services.


Regarding the protection of trading platforms and in particular the platform for trading on the fоrex exchange:
MetaQuotes has only recently begun deploying DDoS protection for its flagship MetaTrader 5 platform. Cloudflare's global network and "Cloudflare Spectrum" solution for brokers prevents disruptions caused by malicious traffic while allowing normal traffic to pass through.
In other words, the use of the latest trading software is of utmost importance in the stock exchange business. 8)


Building distributed systems is a whole art that allows you to spread requests across different nodes of a single system if some servers have become unavailable. All information is duplicated, the servers are physically located in Data centers of different countries. This approach makes sense to use only for large projects with a large number of users or high requirements for uninterrupted access — banks, social networks.If the server does not have reliable protection or the measures taken have not yielded results — cut the ropes.All DDoS traffic comes from a single provider and a backbone router, so you can block everything by connecting to a backup Internet connection line. The method is effective until you are discovered again.


As for the means of protection, they can be divided into local (on-premise), cloud and hybrid. On-premise solutions and anti-DDoS tools can be both software and hardware (specialized network devices), and they can be installed by both clients themselves and their web providers.
The main users of local anti-DDoS solutions are large telecom operators (cloud and Internet service providers) and data centers that can afford to have their own response service, are able to cope with powerful (hundreds of gigabits) attacks and offer an anti-DDoS service to their customers.

Cloud solutions implement almost the same protection functionality as on-premise solutions. In addition to packet protection, providers of anti-DDoS cloud services often offer services to protect sites from attacks made by bots (attackers use the HTTP protocol in them), as well as technical support and support during a DDoS attack. Cloud solutions seem to be the best option for most companies.

The hybrid solution is a set of an on—premise solution and a subscription to an anti-DDoS cloud service that connects automatically when an attack begins. The hybrid approach allows you to eliminate the limitations of on-premise solutions in terms of attack volumes and take advantage of both cloud solutions and on-premise tools.
Hybrid solutions can be recommended to large enterprises that pay special attention to customer interaction through online channels, as well as small service web providers.

Depending on which Internet resources you want to protect, choose anti-DDoS tools and services that have a particular range of protection functions:
protection against packet flooding based on packet filtering of the transport and network layer (L3 and L4) — that is enough to protect network devices;
protection against both batch flooding and application—level flooding (L3 — L7) is necessary, in particular, to ensure the operability of websites, since most attacks on them are carried out at the L7 level;
protection not only from flooding at the L3 — L7 level, but also from "intelligent" DDoS attacks using "smart" bots attacking those parts of web applications that have the greatest resource intensity when processing incoming requests, using Web Application Firewall (WAF) functions - that is necessary to protect critical Internet- resources.
According to the connection format, symmetric and asymmetric DDoS protection are distinguished. The first option involves installing a filter in symmetric mode: both incoming and outgoing traffic of the protected server (or service information about that traffic) always passes through the filter. Asymmetric algorithms analyze only incoming traffic.
As a rule, symmetrical means of protection are more effective, but the cost of ownership is higher, besides the signal delay is longer. Asymmetric means are often more complicated, but since they do not analyze outgoing traffic, full filtering of some attacks in asymmetric mode is not provided.

In addition, special care should be taken about the proper connection of DDoS protection: it is necessary to reduce to zero the number of vulnerabilities that an attacker could use.
And of course, you need to pay close attention to the choice of a protection web provider, since the real quality of its services, as well as the level of its competence in anti-DDoS issues, can extend in a wide range.