{"id":3222,"date":"2019-09-02T11:14:10","date_gmt":"2019-09-02T11:14:10","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=3222"},"modified":"2020-05-02T05:21:02","modified_gmt":"2020-05-02T05:21:02","slug":"mitigating-ddos-attacks","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/","title":{"rendered":"Mitigating  DDoS Attacks"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>DoS attack is malicious attempt to affect\navailability of a targeted system, to legitimate end users. <\/li><li>During the attack, attackers generate large\nrequests to overwhelm target system. <\/li><li>In DDoS attack, attacker uses multiple sources\nto generate attack.<\/li><li>DDoS attacks types, are as OSI being attacked<ul><li>Network\n(layer 3)<\/li><\/ul><ul><li>Transport\n(Layer 4)<\/li><\/ul><ul><li>Presentation\n(Layer 6)<\/li><\/ul><ul><li>Application\n(Layer 7)<\/li><\/ul><\/li><\/ul>\n\n\n\n<p><strong>DDoS Mitigation <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>process of successfully protecting a targeted\nsystem from a DDoS attack. <\/li><li>Uses network equipment or protection service to\nmitigate incoming threat.<\/li><\/ul>\n\n\n\n<p><strong>DDoS Mitigation Stages<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Detection &#8211; to stop a DDoS distinguish an attack\nfrom a high volume of normal traffic. <\/li><li>Response \u2013 System responds to incoming\nidentified threat by intelligently dropping malicious traffic<\/li><li>Routing &#8211; routing traffic, to break remaining\ntraffic into manageable chunks preventing denial-of-service.<\/li><li>Adaptation &#8211; Analyzes traffic for patterns such as repeating offending IP blocks and attacks <\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"163\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-55.png\" alt=\"\" class=\"wp-image-3420\"\/><\/figure>\n\n\n\n<p>AWS Services for DDoS Attack Mitigation <\/p>\n\n\n\n<p><strong>AWS Shield <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A managed DDoS protection service <\/li><li>Available in Standard and Advanced tiers<\/li><li>Shield Standard <ul><li>applies\nalways-on detection and inline mitigation techniques, like deterministic packet\nfiltering and priority-based traffic shaping<\/li><\/ul><ul><li>included\nautomatically to ELB load balancers, CloudFront and Route 53 at no extra cost. <\/li><\/ul><ul><li>Use\nShield with WAF rules to create a comprehensive DDoS attack mitigation\nstrategy.<\/li><\/ul><\/li><li>AWS Shield Advanced <\/li><li>provides enhanced DDoS attack detection and\nmonitoring by &#8211; layer traffic to ELB, CloudFront and Route 53 <\/li><li>Uses additional techniques for granular\ndetection of DDoS attackslike detect HTTP floods or DNS query floods. <\/li><li>includes 24&#215;7 access to AWS DDoS Response Team\n(DRT)<\/li><li>Directly create or update AWS WAF rules<\/li><li>Receive improvements to AWS architectures<\/li><li>includes access to near real-time metrics and\nreports<\/li><li>Combine with WAF metrics for comprehensive\nCloudWatch monitoring and alarming strategy. <\/li><\/ul>\n\n\n\n<p><strong>AWS WAF<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It is a web application firewall <\/li><li>Protects web applications from common web\nexploits <\/li><li>define customizable web security rules to control\nwhich traffic accesses web applications<\/li><li>Provided free with AWS Shield Advanced<\/li><li>&nbsp;can\nengage the DRT to create WAF rules.<\/li><li>WAF rules use conditions to <ul><li>target\nspecific requests <\/li><\/ul><ul><li>trigger\nan action<\/li><\/ul><ul><li>identify\nand block common DDoS request patterns <\/li><\/ul><\/li><\/ul>\n\n\n\n<p><strong>Route 53<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A highly available and scalable DNS service <\/li><li>to route end users to infrastructure running\ninside or outside of AWS. <\/li><li>manage traffic globally by routing types<\/li><li>Gives out-of-the-box shuffle sharding and\nAnycast routing capabilities <\/li><\/ul>\n\n\n\n<p><strong>Amazon CloudFront<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>distributes traffic across multiple edge locations\n<\/li><li>filters requests to ensure that only valid\nHTTP(S) requests are forwarded to backend hosts<\/li><li>supports geoblocking, to prevent requests from\nparticular geographic locations.<\/li><\/ul>\n\n\n\n<p><strong>ELB<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It automatically distributes incoming\napplication traffic across multiple targets<\/li><li>Targets can be <ul><li>Amazon\nEC2 instances<\/li><\/ul><ul><li>Containers<\/li><\/ul><ul><li>IP\naddresses<\/li><\/ul><ul><li>multiple\nAZ<\/li><\/ul><\/li><li>It minimizes risk of overloading a single\nresource. <\/li><li>ELB, like CloudFront, supports valid TCP\nrequests<\/li><li>UDP and SYN floods are not able to reach EC2\ninstances. <\/li><li>Also gives a single point of management <\/li><li>serves as a line of defense between internet and\nbackend<\/li><li>ELB includes Application Load Balancer, for HTTP\/HTTPS\ntraffic load balancing <\/li><li>directly supports AWS WAF.<\/li><\/ul>\n\n\n\n<p><strong>VPCs and Security\nGroups<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>With Amazon VPC can configure <ul><li>subnet\nroutes<\/li><\/ul><ul><li>public\nIP addresses<\/li><\/ul><ul><li>security\ngroups<\/li><\/ul><ul><li>network\naccess control lists <\/li><\/ul><\/li><li>Can minimize application attack surfaces<\/li><li>Can configure load balancers and EC2 instance\nsecurity groups <\/li><li>Controls traffic from specific IP addresses,\nfrom CloudFront or AWS WAF<\/li><\/ul>\n\n\n\n<p>Best Practices<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Be ready to scale. Scale to meet additional\ntraffic volumes, if valid or a DDoS attack by ELB, CloudFront, Route 53 <\/li><li>Minimize the attack surface area and safeguard\nexposed resources- decouple infrastructure<\/li><li>Know what is normal; alert on what is not. <\/li><li>Architect for resilience<\/li><li>Deploy Firewalls for Sophisticated Application\nattacks<\/li><\/ul>\n\n\n\n<p> For web applications &#8211; <\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"225\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-56.png\" alt=\"\" class=\"wp-image-3421\"\/><\/figure>\n\n\n\n<p>For Load Balanceable Applications <\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"236\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-57.png\" alt=\"\" class=\"wp-image-3422\"\/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>DoS attack is malicious attempt to affect availability of a targeted system, to legitimate end users. During the attack, attackers generate large requests to overwhelm target system. In DDoS attack, attacker uses multiple sources to generate attack. DDoS attacks types, are as OSI being attacked Network (layer 3) Transport (Layer 4) Presentation (Layer 6) Application&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2471,"menu_order":36,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7],"class_list":["post-3222","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mitigating DDoS Attacks - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mitigating DDoS Attacks - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"DoS attack is malicious attempt to affect availability of a targeted system, to legitimate end users. During the attack, attackers generate large requests to overwhelm target system. In DDoS attack, attacker uses multiple sources to generate attack. DDoS attacks types, are as OSI being attacked Network (layer 3) Transport (Layer 4) Presentation (Layer 6) Application...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-02T05:21:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-55.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/\",\"name\":\"Mitigating DDoS Attacks - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-09-02T11:14:10+00:00\",\"dateModified\":\"2020-05-02T05:21:02+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Solutions Architect Professional (SAP-C02)\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Mitigating DDoS Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mitigating DDoS Attacks - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Mitigating DDoS Attacks - Testprep Training Tutorials","og_description":"DoS attack is malicious attempt to affect availability of a targeted system, to legitimate end users. During the attack, attackers generate large requests to overwhelm target system. In DDoS attack, attacker uses multiple sources to generate attack. DDoS attacks types, are as OSI being attacked Network (layer 3) Transport (Layer 4) Presentation (Layer 6) Application...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-02T05:21:02+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-55.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/","name":"Mitigating DDoS Attacks - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-09-02T11:14:10+00:00","dateModified":"2020-05-02T05:21:02+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/mitigating-ddos-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Solutions Architect Professional (SAP-C02)","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/"},{"@type":"ListItem","position":3,"name":"Mitigating DDoS Attacks"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=3222"}],"version-history":[{"count":3,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3222\/revisions"}],"predecessor-version":[{"id":3424,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3222\/revisions\/3424"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2471"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=3222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=3222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=3222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}