Learning Objectives:
- Learn how to use AWS Shield to build scalable DDoS defense into your applications
- Learn how to monitor your applications on the AWS Cloud and detect DDoS attempts
- Learn how to respond to in-progress DDoS attempts
5. Scale network and fixed
infrastructure to mitigate DDoS
attacks on-site
Visibility and control
Large capital expenditures,
maintenance costs, and in-house
expertise
On Premise
6. Route traffic to other networks for
better mitigation capacity, managed
services
Mitigate larger DDoS attacks without
upfront investment or in-house
expertise
Black box solution – can introduce
latency, additional points of failure,
increased operating costs
Cloud Routed
7. Automatic, always-on DDoS protection for
all applications on AWS
Leverage 16 AWS Regions and 100+
CloudFront Edge Locations to mitigate large
attacks close to the source
Simple, flexible, and affordable
Robust capabilities without undifferentiated
heavy-lifting
Cloud Native
21. Amazon
Route 53
ALB Security Group
Amazon
EC2
Instances
Application
Load Balancer
Amazon
CloudFront
Public Subnet
Web Application
Security Group
Private Subnet
DDoS Attack
Users
Globally distributed attack
mitigation capability
SYN proxy feature that verifies
three-way handshake before
passing to the application
Slowloris mitigation that reaps
long-lived collections
Mitigates complex attacks by
allowing only the most reliable
DNS queries
Validates DNS
Summary: A DDoS Resilient Architecture
31. Amazon
Route 53
ALB Security Group
Amazon
EC2
Instances
Application
Load Balancer
Amazon
CloudFront
Public Subnet
Web Application
Security Group
Private Subnet
DDoS Attack
Users
Globally distributed attack
mitigation capability
SYN proxy feature that verifies
three-way handshake before
passing to the application
Slowloris mitigation that reaps
long-lived collections
Mitigates complex attacks by
allowing only the most reliable
DNS queries
Validates DNS
Summary: A DDoS Resilient Architecture
Provides flexible rule language
to block or rate-limit malicious
requests