DDoS Mitigation Techniques and AWS Shield
•
0 likes•2,218 views
AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speaker: Brian Wagner, Security Consultant, Professional Services, AWS
Recommended
More Related Content
What's hot
What's hot (20)
Similar to DDoS Mitigation Techniques and AWS Shield
Similar to DDoS Mitigation Techniques and AWS Shield (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Recently uploaded
Recently uploaded (20)
DDoS Mitigation Techniques and AWS Shield
- 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Brian Wagner, Security Consultant, Professional Services, AWS March 23rd, 2017 DDoS Mitigation Techniques and AWS Shield
- 2. What is DDoS? DDoS 101
- 3. What is DDoS? Distributed Denial Of Service
- 4. Denial of Service The act of making a network service unusable or unavailable usually by overloading the server or the network
- 5. Who Gets Attacked and Why Source: Arbor Networks, Inc. 2015 WISR Report
- 6. Vertical Breakout: Enterprise, Government, Education Source: Arbor Networks, Inc. 2015 WISR Report
- 7. Attack Target Infrastructure Components Source: Arbor Networks, Inc. 2015 WISR Report
- 8. Physical Link Network Transport Session Presentation DDoS Attacks Target Layers 3, 4 and 7 Application Telnet, FTP, Mail ISO Presentation ISO Session TCP X.25, Pkt, IP LAPB, HDLC RS232, 802.1, DSx, OCn1 2 3 4 5 6 7 Layer Example Protocol
- 9. Types of DDoS attacks Volumetric DDoS attacks Congest networks by flooding them with more traffic than they are able to handle (e.g., UDP reflection attacks)
- 10. Types of DDoS attacks State-exhaustion DDoS attacks Abuse protocols to stress systems like firewalls, IPS, or load balancers (e.g., TCP SYN flood)
- 11. Types of DDoS attacks Application-layer DDoS attacks Use well-formed but malicious requests to circumvent mitigation and consume application resources (e.g., HTTP GET, DNS query floods)
- 12. DDoS attack trends Volumetric State exhaustion Application layer 65% Volumetric 17% State exhaustion 18% Application layer
- 13. Impact of mitigating DDoS attacks
- 14. Attack Duration: varies by service provider Source: Arbor Networks, Inc. 2015 WISR Report Source: Imperva DDoS Threat Landscape Report 2015-2016
- 15. Challenges in mitigating DDoS attacks Difficult to enable Complex set-up Provision bandwidth capacity Application re-architecture
- 16. Challenges in mitigating DDoS attacks Manual involvement Operator involvement to initiate mitigation Re-route traffic via distant scrubbing location Increased time to mitigate Traditional Datacenter
- 17. Challenges in mitigating DDoS attacks Traffic re-routing = Increased latency for users Traditional Datacenter
- 18. Challenges in mitigating DDoS attacks Expensive to use
- 19. AWS approach to DDoS protection
- 20. At AWS, our goal has always been to … Remove undifferentiated heavy lifting Automatically protected against common attacks Ensure availability AWS services are highly available
- 21. DDoS protections built into AWS Integrated into the AWS global infrastructure Always-on, fast mitigation without external routing Redundant Internet connectivity in AWS data centers
- 22. AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at No Additional Cost Paid service that provides additional protections, features and benefits.
- 23. AWS Shield AWS Integration DDoS protection without infrastructure changes Affordable Don’t force unnecessary trade-offs between cost and availability Flexible Customize protections for your applications Always-On Detection and Mitigation Minimize impact on application latency Four key pillars…
- 24. AWS Shield Standard Layer 3/4 protection ü Automatic detection & mitigation ü Protection from most common attacks (SYN/UDP Floods, Reflection Attacks, etc.) ü Built into AWS services Layer 7 protection ü AWS WAF for Layer 7 DDoS attack mitigation ü Self-service & pay-as-you-go
- 25. DDoS protections built into AWS ü Protection against most common infrastructure attacks ü SYN/ACK Floods, UDP Floods, Refection attacks etc. ü No additional cost DDoS mitigation systems DDoS Attack Users
- 26. AWS Shield Advanced Application Load Balancer (Select Regions only) Classic Load Balancer (Select Regions only) Amazon CloudFront (All Regions) Amazon Route 53 (All Regions) Available today on …
- 27. AWS Shield Advanced Always-on monitoring & detection Advanced L3/4 & L7 DDoS protection Attack notification and reporting 24x7 access to DDoS Response Team AWS bill protection
- 28. For protection against most common DDoS attacks, and access to tools and best practices to build a DDoS resilient architecture on AWS. AWS DDoS Shield: How to choose For additional protection against larger and more sophisticated attacks, visibility into attacks, AWS cost protection, Layer 7 mitigations, and 24X7 access to DDoS experts for complex cases. Standard Protection Advanced Protection
- 29. • No commitment • No additional cost AWS DDoS Shield: Pricing • 1 year subscription commitment • Monthly base fee: $3,000 • Data transfer fees Data Transfer Price ($ per GB) CloudFront ELB First 100 TB $0.025 0.050 Next 400 TB $0.020 0.040 Next 500 TB $0.015 0.030 Next 4 PB $0.010 Contact Us Above 5 PB Contact Us Contact Us Standard Protection Advanced Protection
- 30. You get it automatically AWS Shield: Getting started Enable via the AWS Console Standard Protection Advanced Protection
- 31. Thank you!