This article describes the different Anti-DDoS solutions provided by Alibaba Cloud.
With the growing availability of attack tools and global botnets, the pool of possible attacks is larger than ever on the internet. Relying on humans to prevent and block attacks is simply not enough. With increased demand to deliver services or applications, more enterprises are increasingly adopting cloud technologies and hosting their apps in cloud environments. Among the best clouds providers, Alibaba Cloud offers you some solutions to also increase your security to fill securities gasp caused by Distributed Denial of Service (DDoS) attacks. Alibaba Cloud Anti-DDoS solutions secure websites, applications, and entire networks while ensuring the traffic is not compromised.
Understanding a Distributed Denial of Service (DDoS) Attack
A DDoS attack occurs when a distributed network of machines sends an overwhelming amount of malicious data to a target server or network, denying service by crowding out legitimate users trying to reach the server during the attack. Those attacks plant a malicious piece of code, or malware on insecure machines over the target web services and the Internet. This can undermine the performance or consume network bandwidth and make the target servers unresponsive. Common DDoS attack types include:
- Network layer attacks by sending a wave of traffic to a network
- Transport layer attacks that consume the connection pool resources of a server to achieve denial-of-service (DoS)
- Session layer attacks that consumes the SSL session resources of a server to achieve DoS
- Application layer attacks include DNS flood, HTTP flood, and dummy attacks to occupy application processing resources and consume the processing resources of a server to achieve DoS
Alibaba Cloud Anti-DDoS Solutions
Alibaba Cloud provides various DDoS mitigation solutions based on your business needs.
Anti-DDoS Origin is a protection service that improves protection capacity against DDoS attacks for resources and the public IP addresses of Alibaba Cloud resources against Layer 3 and Layer 4 volumetric attacks. It can defend against up to 5 Gbit/s of DDoS attacks free of charge for public IP addresses of Alibaba Cloud services. The services include Elastic Compute Service (ECS), Server Load Balancer (SLB), Web Application Firewall (WAF), and Elastic IP Address (EIP). It supports quick deployment, directly protects your cloud services, and provides protection bandwidth as required.
Anti-DDoS Origin is suitable for applications that are deployed on Alibaba Cloud. It meets the requirements for you when your service scale is large and you are sensitive to network quality. DDoS attack detection and scrubbing system are deployed at the egress of an Alibaba Cloud data center. Anti-DDoS Origin provides two editions: Anti-DDoS Origin Basic and Anti-DDoS Origin Enterprise.
- Anti-DDoS Origin Basic provides basic protection against DDoS attacks for public IP addresses of Alibaba Cloud resources free of charge
- Anti-DDoS Origin Enterprise provides shared and unlimited protection for public IP addresses of Alibaba Cloud resources
Anti-DDoS Origin provides the following benefits:
- Supports quick deployment within one minute
- Use of all resources that reside in a region to provide unlimited protection
- Alibaba Cloud Border Gateway Protocol (BGP) bandwidth resources across different Internet Service Providers (ISPs)
- Supports protection capacity sharing among multiple IP addresses
Anti-DDoS Pro and Anti-DDoS Premium
Alibaba Cloud offers another solution suitable for finance websites, e-commerce websites, portal websites, Internet egresses of government networks, portals, and open platforms. Anti-DDoS Pro and Anti-DDoS Premium protect servers on the Internet against volumetric DDoS attacks. These servers may be deployed on Alibaba Cloud or provided by a third party. To protect servers against volumetric and resource exhaustion DDoS attacks, Anti-DDoS Pro and Anti-DDoS Premium forward traffic to the Alibaba Cloud Anti-DDoS network by using DNS resolution. These services rely on high-quality BGP networks and intelligent protection technologies to provide strong and precise protection with high availability. They offer some benefits:
- Easy deployment You can connect your services to Anti-DDoS Pro or Anti-DDoS Premium by using domain names or ports
- Massive protection bandwidth as the services protect servers against DDoS attacks at the network layer, transport layer, and application layer.
- Origin server security ensured as the IP addresses of origin servers are hidden
- Stability and high availability
You can also see the specificities of each Anti-DDoS Pro and Premium:
Alibaba Cloud offers a third service Game Shield to protect against DDoS and HTTP flood attacks in the gaming industry. GameShield offers an elastic security network that can only be accessed by using SDK and prevents DDoS attacks and HTTP flood attacks. A client can access the elastic security network of GameShield through a local proxy server.
Compared to the traditional single-point DDoS defense solution, Game Shield uses data and algorithms to implement smart scheduling, quickly splitting “normal player” traffic and “hacker attack” traffic to different nodes to mitigate massive DDoS attacks, and through end-to-end encryption, preventing minor DDoS attacks that simulate user behavior from reaching the client. GameShield consists of two modules:
- Distributed anti-DDoS node: GameShield utilizes these nodes to defend against attacks greater than 600 Gbit/s.
- Game Security Gateway: GameShield can decode proprietary protocols. This allows GameShield to defend against HTTP flood attacks that are specific to the gaming industry.
Which Anti-DDoS Solution to Choose?
Alibaba Cloud offers all those anti-DDoS solutions to fit your need. It means that you should choose a solution regarding your environment and need. That is why Alibaba Cloud had provided some [scenarios to help you for a better choice](https://www.alibabacloud.com/help/en/doc-detail/123164.html)
In the early to mid-2000s, DDoS attacks were quite common. However, the number of successful DDoS attacks has been reducing. This decrease in DDoS attacks is likely due to the efforts of some efficient solutions. That is why Alibaba Cloud is putting so much effort into its solution to let you be at ease with your cloud environment.