AWS offers really great tools to protect you from threats and ensure security in the cloud, one of these tools is AWS shield which is essential tools to safeguard your web apps or websites from Distributed Denial of Service (DDoS) attacks.
what is DDoS attacks?
DDoS attacks have become increasingly common in today's digital world, with the number of attacks are rising, DDoS stands for “Distributed Denial-of-Service” attack, DDoS attacks are a type of Cyberattacks in which the attacker (Often, it's not just one person who is responsible for this attack; sometimes, the attacker is a nation) floods a server with internet traffic by botnets (A botnet is a network of computers infected by malware that are under the control of the attacker), rendering connected online services and sites inaccessible to legitimate users. These attacks are sophisticated and designed to overwhelm the network with unwanted traffic. As a result, network performance is either degraded or critical infrastructure experiences a service outage.
AWS Shield
AWS Shield is a managed DDoS protection service offered by AWS, It works in partnership with ELB, Amazon CloudFront, and Amazon Route 53 to protects you from DDoS attacks of many types of DDoS Attacks.
AWS Shield protects against three different types
- Network volumetric attacks
These are designed to simply overwhelm the system being attacked.
So to direct as much raw network data at a target as possible
- Network protocol attacks or TCP SYN floods
There are various types of protocol attack, but one common one is to generate a huge number of connections from a spoofed IP address (computers infected by malware) and then just leave these connections open and never terminating them, the server will be impacted by the huge volume of fake connections.
- Application layer attacks
Imagine you have a part of your web app which allows searches, think of something like Facebook or Twitter Search which lets you search for new friends or people to follow, Attackers can use web app searches to launch DDoS attacks by sending a large number of requests to a web application that has a search feature. The attacker sends requests that are designed to consume as much server resources as possible. And it can be done hundreds, thousands, or millions of times per second. Some parts of the application are cheap to request, but expensive to deliver the result.
So those are the types of things which Shield protects against.
AWS Shield comes in two forms, Shield Standard and Shield Advanced. While both offer protection against DDoS attacks, there are significant differences between the two.
Shield Standard
Shield Standard is a free service that comes with all AWS accounts, you benefit from its protection automatically without you having to do anything.
AWS Shield Standard doesn’t provide much in the way of proactive capability or any form of explicit configurable protection. It’s just there working away in the background
Shield Standard is designed for applications that require basic protection against DDoS attacks but have a low risk tolerance.
Shield Advanced
Shield Advanced, which comes with additional costs (it costs $3,000 US dollars per month,per organization) and benefits, is a commercial extra product that offers additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall.
Shield Advanced provides a 24/7 to AWS Shield Response Team (SRT), advanced attack mitigation techniques, and protection against attacks at the application layer.
It also includes features such as traffic logging and metrics, which allow customers to monitor their traffic and identify potential attacks.
Shield Advanced is designed for applications that require a higher level of protection against DDoS attacks and have a higher risk tolerance.
If you have feedback about this blog post, submit comments in the Comments section below.
Top comments (0)