How to protect data center from DDoS attacks?

What seems to be DDoS attacks today seem to be known even by people very far from the IT sphere. In case a person suddenly came to Habr, who had not heard anything about it, let us say a few words about the basic one. So, DDoS is Distributed Denial of Service, “Distributed Denial of Service”: a large number of machines infected with malware start sending requests to the server at the same time.

As a result, the server, of course, "falls." The attack technique is quite simple, and very effective - so everything is used by it, from simple “cyberbuligans” who, for whatever reason, do not like the site being attacked, to governments of states with serious political goals. And in Russia, where the fight against cybercrime is very sluggish, the practice is widespread.

Ordering a similar attack on a competitor is easy, you can easily see for yourself. On request “order DDoS”, any search engine will provide hundreds of links - and among them will be full of the most real cybercriminals who actually provide such a service.

Why are we talking about all this?

Data centers are also under threat

---

In addition, the good protection against DDoS attacks in our time is a significant criterion when choosing a data center. There are two reasons for this.

First, with a sufficiently powerful, well-organized DDoS attack, the server can receive a load of several hundred Gbit / s (300 Gbit / s and more attacks are fixed) - not every data center can withstand the like. Secondly, not individual sites, but entire data centers, are increasingly attacking. Approximately 2/3 of data centers are attacked in order to "clog" their communication channels.

And for large large data centers, the reflection of attempts to “register” them has already become a routine - and, moreover, not all centers have learned how to deal with them. Approximately one fifth of the data center shutdown cases are precisely the consequences of DDoS, and it is more difficult to “raise” the center after that than for some other failure.

Most likely, the number of such incidents will only increase. Not all companies hide information about the data centers in which their servers are located, and to attack the entire data center is technically no more difficult than a specific resource.

In short, even if you do not expect any attack on your server (which, as we have already found out, quite arrogantly), you can still become a victim of DDoS. But together with thousands of people and organizations that use the services of your data center. Just because someone from the "neighbors" annoy someone.

So it is very important how the data center is protected from DDoS attacks. We, in the KONTEL DPC, understand this perfectly well - and we try to take all measures to prevent problems (which, after the occurrence, are much harder to eliminate).

How do data centers protect today?

How do we protect against DDoS?

---

As usual, DDoS protection in those data centers that have taken good care of it (like ours) is used both software and hardware. Of course, we are not only talking about trivial things, like the protection that Microsoft implements in IIS.

Excellent complex solutions to protect both individual servers and entire data centers from DDoS are created by Cisco. Here we are talking about the hardware and software complex. First of all, Cisco Traffic Anomaly Detector is working - passive monitoring of traffic is in progress, not detrimental to performance. But on the other hand, it allows time to recognize the beginning attack, and to transmit an “alarm signal” to the Cisco Guard.

Cisco Guard does not work "external perimeter" - the device is placed on the upstream segment of the path that passes traffic. By the way, the signal from the attack does not have to come from the Anomaly Detector - some kind of intrusion detector, or even a regular firewall can also transmit this information. Since Cisco Guard uses a separate network interface, its work on “filtering” traffic during DDoS does not interfere with other systems.

Cisco Guard on the MVP architecture, by the way, is successfully scaled - so this is exactly the case when you can create a defense that clearly exceeds the capabilities of the attackers. At the same time, as the company itself says, the protection is carried out “with surgical precision” - that is, Cisco scrutinizes the suspicious traffic to a thorough analysis and filtering, while the “normal” traffic continues to be completely free.

But, of course, Cisco is not a monopolist in the field of software and hardware protection of the data center from DDoS attacks. Such systems are being developed in Russia (where, as we noted above, the problem of DDoS is quite acute). A good example here is the Perimeter system, but we will not go into its comparison with Cisco products.

And what to advise the user?

---

Well, besides the obvious "rely on the reliability of our services"? .. For example, you may be advised to abandon Windows Server and Apache. Network screen "Windows", to put it mildly, does not do very well with such loads. As for Apache, at the level of the code architecture itself, it has a number of vulnerabilities that have been successfully exploited for years - despite any patches.

Well, and most importantly - do not be afraid. Sooner or later, almost everyone will encounter DDoS. It is important to prepare for this trouble - almost inevitable, in order to reduce possible losses to a minimum. We do just that, and advise everyone.

Well, as always, some tasty dedikov with already included protection against DDOS

Order a server with protection from 3200 rubles