By Shuang Le,
Recently, Alibaba Cloud CloudMonitor has detected attacks against global central bank websites by Anonymous members. So far, more than two important websites in China have been attacked, primarily by high volume DDoS and HTTP flood attacks.
Alibaba Cloud has detected DDoS and HTTP flood attacks through threat intelligence, as the main attacks of this incident. So far, attacks have caused intermittent access failures of multiple websites.
Alibaba Cloud security experts have come up with five attack characteristics:
Alibaba Cloud security experts recommend building a security defense emergency system that integrates Anti-DDoS Service Pro and Web Application Firewall (WAF).
Alibaba Cloud responds to high-risk incidents with a defense system that integrates Anti-DDoS Service Pro and WAF. The solution can be simply deployed by updating DNS resolution, and available for both cloud and on-premises (including non-Alibaba Cloud) systems.
Anti-DDoS Service Pro implements the SaaS security service to effectively defend against DDoS attacks when origin servers become unavailable under a large volume of DDoS attack traffic. This ensures the stability and reliability of the origin site.
Based on the powerful big data capability of Alibaba Cloud, WAF defends against SQL injection, XSS, common web server plugin vulnerabilities, Trojan uploads, unauthorized access to core resources, and other common OWASP attacks. It filters out massive numbers of malicious attempts to prevent leakage of users' website assets and data, helping enforce website's security and availability.
Alibaba Cloud Security's Anti-DDoS provides the following features and benefits:
Alibaba Cloud Security's DDoS mitigation system defends Alibaba Cloud users against various types of DDoS attacks targeting the network layer, transportation layer, and application layer (including HTTP Flood, SYN Flood, UDP flood, UDP DNS Query Flood, (M)Stream Flood, ICMP Flood and all other types of DDoS attacks). It also sends SMS messages in real time to inform users of the attack events.
Alibaba Cloud Security's DDoS mitigation system adopts world?class detection and protection technologies and implements attack discovery, traffic redirection, and traffic mitigation in five seconds, greatly reducing the network jitter. Meanwhile, the system triggers the protection by referring to the traffic threshold, and statistics and judgment of network behaviors, so as to precisely identify DDoS attacks, thus ensuring the service availability in case of a DDoS attack.
Each basic unit in Alibaba Cloud Security's DDoS mitigation system can filter 10 Gbps attack traffic. Powered by the high scalability and high redundancy of the cloud computing architecture, the Anti-DDoS system supports seamless scale-up in the cloud environment to implement the highly scalable Anti-DDoS capability.
Alibaba Cloud Security Anti-DDoS system can not only defend against DDoS attacks launched outside Alibaba Cloud, but also detect abuse of cloud resources as well. Once a cloud server is detected to be used to launch DDoS attacks, the cloud network traffic monitoring system will collaborate with the host security protection system to restrict the network access behavior of the abused cloud server and generate an alarm, so as to effectively control the internal host.
Alibaba Cloud Security's WAF provides the following features and benefits:
Provides web security protection for the HTTP, HTTPS, HTTP2, and WebSocket traffic of websites.
Defends against common OWASP attacks, including SQL injection, XSS, webshell uploading, backdoor isolation, command injection, illegal HTTP protocol requests, common web server vulnerability attacks, unauthorized access to core resources, path traversing, and scan protection.
The IP address of origin server is not exposed to attackers, so attack packets cannot bypass the WAF to attack your website directly.
Protection rules are synchronized with Taobao. Latest vulnerability patches are provided to global users simultaneously to secure websites.
With observation mode enabled for new website services, possible attacks matching the protection rules trigger warnings but are not blocked. This makes it easy to collect statistics on the false positive rate of your services.
Controls the frequency of access from a single source IP addresses, provides JavaScript verification to validate a client's identity. Identifies massive and slow request attacks based on the statistics of response codes, URL request distribution, abnormal referers, and user-agent features, and works with the precise website protection rule to provide comprehensive protection. Fully utilizes Alibaba Cloud's advantages in big data security to establish threat intelligence and trusted access analysis models. This allows you to quickly identify malicious traffic.
Provides a friendly configuration console interface and supports condition combinations for common HTTP fields, including IP, URL, Referer, and User-Agent. This allows you to create powerful, precise access control policies that are applicable to scenarios such as anti-leeching and website background protection. Establishes comprehensive multi-layer protection with the security modules for protection against common Web attacks and HTTP flood attacks, easily distinguishing between secured and malicious traffic based on your needs.
Updating web protection rules to provide enough protection even before official patches of web application vulnerabilities are released.
Supports centralized management and analysis of attack events, attack traffic, and attack scales.
Considering the high complexity and resistance of this attack, you should contact a professional security service vendor and a service staff member to create a comprehensive solution.
Alibaba Cloud experts can help you to implement a robust security solution to protect your system against such attacks. The benefits of Alibaba Cloud security services include:
For more information, visit https://www.alibabacloud.com or contact an Alibaba Cloud professional at https://www.alibabacloud.com/contact-sales
Alibaba Cloud Discovers the Latest ThinkPHP v5 Vulnerability
Alibaba Cloud Web Application Firewall Endorsed by Top Research Agencies
32 posts | 15 followers
FollowAlibaba Clouder - July 22, 2019
Hiteshjethva - March 29, 2024
Alibaba Cloud Security - December 12, 2019
Alibaba Clouder - July 27, 2018
Alibaba Clouder - December 15, 2017
Alibaba Clouder - December 21, 2020
32 posts | 15 followers
FollowAlibaba Cloud provides products and services to help you properly plan and execute data backup, massive data archiving, and storage-level disaster recovery.
Learn MoreA low-code, high-availability, and secure platform for enterprise file management and application
Learn MoreCustomized infrastructure to ensure high availability, scalability and high-performance
Learn MoreSDDP automatically discovers sensitive data in a large amount of user-authorized data, and detects, records, and analyzes sensitive data consumption activities.
Learn MoreMore Posts by Alibaba Cloud Security