• Skip to main content
  • Skip to primary sidebar

DDoS Blog

Cyber Security News

DDoS Mitigation in the Cloud: Part II

January 25, 2018 By TheNewsTeam

There are five general requirements to remove an attack in the cloud: (i) Detect the attack asap and determine its size; (ii) Attempt to mitigate its effects as much as is possible; (iii) Migrate the Virtual Machine (VM), which is under attack to safe physical servers if necessary; (iv) In order to migrate the VM, ensure that network bandwidth is guaranteed; (v) Stop the attack with a countermeasure, such as one of the following.

Firewalls

Similar to traditional computing systems, firewalls are usually treated as the first line of defense in the cloud computing environment. They protect the front access points of the cloud, and filter traffic in various ways, including the following: (i) inspecting only header information such as destination address (ii) analysing request and server responses via a state table (iii) analysing the protocol syntax by breaking off the client/server connection.

Clusterized Firewall

  1. Liu et al. in their 2014 article, A clusterized firewall framework for cloud computing, suggest dividing the cloud service into application layers and grouping the servers into clusters. Each cluster has a firewall, which protects applications per the arrival rate, thus guaranteeing quality of service for legitimate users.

Hybrid Firewalling Architecture

There are hybrid firewall architectures available, which combine physical and virtual firewalling services. The physical firewalls represent the company’s physical IT-security infrastructure, and the mitigation service aims to load balance the traffic that is sent to virtual firewalls. The virtual firewalls analyze, monitor and report and reside on virtual machines.

Infrastructure

Amazon Web Services (AWS) proposes an Infrastructure Layer Defense against DDoS attacks. It uses a resizable compute capacity, selects AWS regions for the best latency and throughput, considers Elastic Load Balancing (ELB), uses a CDN service and uses a scalable DNS service. The Application Layer defense deploys web application firewalls to protect the vulnerabilities within an app, or to block unknown source IP addresses, HTTP methods, etc.

Virtual Machine Monitor (VMM)

The goal of a VMM is to monitor and figure out the amount of available resources and compare it to a threshold in order to identify an attack is happening. The VMM is composed of a tagger, a duplicator and a detector, which allow it to monitor and evaluate what the attacker is doing. If the system does come under attack, the OS and all its applications can be moved to a new isolated entity. As the VMM exists, there is no service interruption for the victim because their applications are running in both the original VM and the newly isolated one. Once the migration is complete, the original VM is destroyed, and the attacker can no longer impact its target. Downsides to the VMM include the fact that it is difficult to determine the VMM threshold and that it exists, whether there is an attack or not, so will often sit idle.

Intrusion Detection Systems (IDS)

Traditional IDS can’t offer full visibility into a company’s cloud environment, but

specifically geared Intrusion Detection Systems (IDS) can be used in Virtual Machines (VMs) as a Mitigation technique in cloud computing. Cloud IDS can be separated into two categories: (i) Network-based Intrusion Detection Systems (NIDS); (ii) Host-based Intrusion Detection Systems (HIDS).

For NIDS, the detection affects all network traffic whereas HIDS applies only to a specific host. The IDS can block an intruder’s address through analysing inbound and outbound traffic.

IDSs can analyse the network traffic using a predefined rule set, and protect classified or confidential data in defense zones. Each layer or defense zone requires its own IDS to identify new potential attacks and vulnerabilities within their systems.

Overall Security Architecture

Security architecture in the cloud necessitates numerous different elements: servers, switch controller, router, protocols and applications.

A Security Aware Cloud Architecture should always offer protection to secure public clouds and data centers through various mechanisms, including (i) trust delegation and negotiation architecture; (ii) DDoS specific defense and worm containment; (iii) developing a reputation system for different sites; (iv) fine-grain access control; and (v) collusive privacy prevention.

Software-Defined Networking (SDN) and cloud computing can improve the DDoS Attack Mitigation Architecture (DaMask). The DaMask architecture involves three different layers: network switches, network controllers and network applications. There are two defined modules: (i) DaMask-D, a network attack detection system, and (ii) DaMask-M, an attack reaction module. DaMask-M defines three straightforward operations: forward, drop and modify the packet. These operations are implemented as a series of APIs, allowing the defenders to customize the countermeasures.

Filed Under: Cloud Computing, DDoS Motivation Tagged With: AWS, cloud computing, Cloud DDoS, cloud mitigation, clusterized firewall, firewall, hybrid firewall, IDS, infrastructure, security architecture, VMM

Primary Sidebar

Directory

  • Accidental DDoS
  • Akamai
  • Arbor Cloud
  • Business Rivalry DDoS
  • China Unicom
  • Cloud Computing
  • Cloudflare
  • Corero Network Security
  • DDoS Case Studies
  • DDoS Foundations
  • DDoS History
  • DDoS Landscape
  • DDoS mitigation
  • DDoS Motivation
  • DDoS Protection Services
  • DDoS Scripts
  • DDoS Tools
  • DNS Amplification
  • DNS Flood
  • DoSarrest
  • Extortion DDoS
  • F5 Networks
  • Genie Networks
  • Google
  • Government
  • Hacktivist DDoS
  • HTTP Attack
  • ICMP Flood
  • Imperva Incapsula
  • Infrastructure-related attacks
  • IoT DDoS
  • IP Fragmentation Attack
  • IP Null Attack
  • Kentik
  • LAND attack
  • MemCached DDoS
  • Mitigation Techniques
  • Multi-vector Attack
  • Nation State DDoS
  • Neustar
  • Nexusguard
  • NTP Amplification Attack
  • Null Routing
  • PING Flood
  • Ping of Death
  • Random Recursive GET attack
  • Recursive GET attack
  • Reflection Attack
  • Script Kiddies DDoS
  • Slowloris
  • Slowloris
  • Smokescreen DDoS
  • Specially Crafted DDoS
  • SSL-based DDoS
  • SYN Floods
  • SYN-ACK Flood
  • Types of Attack
  • Types of Mitigation
  • UDP Flood
  • Uncategorized
  • Verisign
  • Verizon
  • XML-DoS
  • Zero-day DDoS Attack
Copyright © 2017 Disclaimer. Privacy Policy
All product names, logos, and brands are property of their respective owners.