Caching and protecting against attacks

 Types of attacks:

Synchronize/ Acknowledge floods



In a SYN flood attack, a malicious client sends a large number of SYN packets, but never sends the final ACK packets to complete the handshakes. The server is left waiting for a response to the half-open TCP connections and the idea is that the target eventually runs out of capacity to accept new TCP connections which prevents new users from connecting to the server, however the actual impact is more nuanced. 

UDP Floods



Reflection attacks

HTTP Flood attacks

Distributed Denial of Service Attack

Flooding your website with network traffic from multiple sources ( distributed groups of computers, IoT, etc)

https://aws.amazon.com/blogs/security/how-to-protect-dynamic-web-applications-against-ddos-attacks-by-using-amazon-cloudfront-and-amazon-route-53/

Protection

In AWS, DDoS mitigation capabilities are automatically provided; but you can optimize your application’s DDoS resilience by making architecture choices that best leverage those capabilities and also allow you to scale for excess traffic.
 If you have web applications, you can use load balancers to distribute traffic to a number of Amazon EC2 instances that are overprovisioned or configured to automatically scale. 
Large DDoS attacks can overwhelm the capacity of a single Amazon EC2 instance. With Elastic Load Balancing (ELB), you can reduce the risk of overloading your application by distributing traffic across many backend instances.

DNS query floods

- Real DNS requests that continue for hours and exhaust DNS server resources

CloudFront protection

- reduces number of calls to the origin server

Route 53 and CloudFront built in protection

- always-on monitoring
- anomaly detection

Route 53 built in protection

- DNS query floods protection
- schuffle sharing and anycast stripping to spread DNS traffic across edge locations


Other protection mechanisms

- deterministic packet filtering (drop the malformed TCP packets and invalid requests)
- heuristic based anomaly detection
- scoring of traffic across multiple dimensions and dropping most suspicious traffic

AWS WAF

- web application firewall
- monitors HTTP and HTTPS requests forwarded from route 53
- sits in front of Gateway API, Cloudfront or Application Load Balancer
- you can configure access, for example allowed IP addresses for requests or value of query strings

To prevent attacks based on IP address reputation, you can create rules using IP matching or use Managed Rules for AWS WAF. 

Amazon's IP reputation list rule group includes rules based on Amazon's internal threat intelligence. These rules look for IP addresses that are bots, performing reconnaissance against AWS resources, or actively engaging in DDoS activities. The AWSManagedIPDDoSList rule, has been observed blocking over 90% of malicious request floods.

-  automatically block IP addresses of bad actors when the number of requests received in a 5-minute sliding window exceed a threshold that you define. Offending client IP addresses will receive a 403 forbidden response (or configured block error response) and remain blocked until request rates drop below the threshold.

Activate AWS Shield Advanced






Comments

Post a Comment

Popular posts from this blog

Structure of Android OS  Android operating system consist of several layers, which are staring from bottom to top Linux Kernel : Takes care of threading, memory management, process management, hardware drivers, networking and security. Includes drivers for camera, audio, keypad, bluetooth, etc. Hardware Abstraction Layer HAL - Exposes hardware capabilities of hardware components such as Bluetooth, Camera etc to the Kotlin API through standard interfaces. When device is needed, the Kotlin API makes a call to the interface and a corresponding library is loaded for the hardware component. Android Runtime ART - Environment used to run the applications. Each application runs in its own process. Designed based on Java Virtual Machine to run apps in shared environment, where battery, CPU, memory are limited. Reads .dex files. Native C/C++ Libraries - Used to build core Android components such as ART and HAL.Their functionalities are exposed by Java Framework API Java API Framework - Set o...
Read more