By Alibaba Cloud CDN Team
The trends of industrial digitization and intellectualization are deepening day by day with the rapid development and application of information technology. The information security and protection of enterprises have risen to an unprecedented level.
After more than ten years of technical development, Alibaba Cloud CDN has gradually built a secure network protection system that combines edge and cloud features. These features include full-procedure secure transmission, edge defense against common attacks, and enterprise-level dedicated resource deployment, O&M, and content security protection mechanisms. With these features, Alibaba Cloud CDN builds a secure network operation environment for enterprises to enter foreign markets.
Two core scenarios exist for CDN security protection: bandwidth congestion and resource exhaustion.
The core of an edge security system built based on Alibaba Cloud CDN is more than acceleration only. Acceleration is the foundation of the overall solution. Relying on Alibaba Cloud Dynamic Route for CDN (DCDN), the acceleration effect of static and dynamic hybrid sites is improved through core technologies, such as automatic static/dynamic separation, intelligent routing, and private protocol transmission.
Based on the acceleration, the system offers customers security capabilities in six aspects: edge application layer security, network layer DDoS defense, content anti-tampering, full-procedure HTTPS transmission, high availability security, and security compliance. The system ensures the security for the entire procedure from the customer's business traffic into the CDN product system and back to the customer's origin server. Thus, it ensures the security acceleration of enterprise Internet businesses.
Alibaba Cloud CDN builds a full set of enterprise-level edge security capabilities, including DDoS mitigation, WAF, frequency control, IP/region blocking, machine traffic management, and precise access control, providing full-stack protection from the network layer to the application layer. This ensures the stability and security of customers' online services without sacrificing the acceleration performance of websites.
Each year, the Alibaba Cloud Security Center detects nearly one million DDoS attacks on the cloud. Application-layer DDoS (CC attacks) has become a common type of attack, with more varied and complex attack methods. Issues related to web application security still account for a large proportion. From the disclosure of user information to consumer carnival, the security level of every industry and every web application is being tested all the time. To increase the security and reliability of network platforms that host data transmission, Alibaba Cloud CDN constantly works to increase its security capabilities.
CDN and Anti-DDoS Premium can be used together to deliver content. When a DDoS attack occurs, the traffic in areas where DDoS attacks occur can be scheduled to Anti-DDoS Premium, which scrubs the traffic and protects the quality of your services effectively. This coordinated solution can effectively scrub high-volume DDoS traffic and defend against flood-type attacks, such as SYN, ACK, ICMP, UDP, NTP, SSDP, and DNS. In addition, based on the computing capabilities and deep learning algorithms of the Alibaba Cloud Apsara platform, intelligent DDoS attack prediction is used to switch traffic over to Anti-DDoS Premium smoothly without affecting business operation.
CDN uses the malicious IP and fingerprint libraries built by Alibaba Group to deal with malicious web crawlers. It uses machine learning capabilities tailored to business risks and customized crawler models to mitigate the impact of web crawlers and automated tools on website businesses. This ensures data security and protects the core business value of enterprises.
When the response time of your website is increased due to CC attacks, the frequency limiting feature can block specific requests sent to your website within seconds and improve the security of your website. Frequency limiting protects your website URL from suspicious requests that exceed a set threshold. It supports a wide variety of monitoring objects and is configured with custom rules to define an appropriate access threshold. Once the set request threshold is reached, custom responses are triggered, and frequent access requests are handled through a variety of means, such as blocking or challenging.
Alibaba Cloud CDN allows you to configure an IP address blacklist or whitelist to identify and filter users. This helps you control access to CDN resources and improve resource security. You can also use the country blacklist and whitelist to block access requests from specific regions and resolve the highly frequent malicious access requests in some regions.
Custom match conditions are enabled to implement precise access control. The matching condition can check common HTTP fields, such as IP, URL, and header, to meet the customized requirements of business scenarios. This function describes the access requests to be captured by supporting rich request fields and defining various matching conditions. Once a request is matched, the operations defined in the rule are triggered to achieve precise access control, such as challenging, observing, and blocking.
Due to CDN's distributed architecture, users can obtain content by accessing a nearby edge node, which effectively hides the origin IP address and mitigates the access pressure on the origin server. When large-scale malicious attacks strike, edge nodes can be used as the first line of defense. This disperses the attack intensity and completes edge protection using the preceding security capabilities.
CDN also integrates the cloud WAF capability to implement the last-layer protection for the origin server. WAF performs malicious feature identification and protection on the back-to-origin business traffic. It also forwards normal traffic back to the server to avoid malicious intrusion against the website server, ensure the security of the core data of the enterprise's business, and resolve server performance exceptions caused by malicious attacks. CDN WAF provides virtual patches to fix the latest known website vulnerabilities to the maximum extent. CDN WAF can respond and fix vulnerabilities quickly by relying on cloud security.
CDN provides enterprise-level full-procedure tampering prevention capabilities for HTTPS links and node content to ensure transmission security between the origin server and the client. The HTTPS protocol protects links from being hijacked by intermediate sources, whereas the nodes verify the consistency of the source file. If the content of the source file is deemed inconsistent, the file will be deleted. Then, its original copy will be pulled from the source before being distributed. This complete solution ensures content security on the origin server, links, CDN nodes, and clients, providing higher transmission security.
CDN also provides exclusive resources for large enterprises in security-demanding scenarios:
Based on AI and a large number of sample sets, Alibaba Cloud CDN uses deep learning to train a recognition model that can identify indecent and explicit content in accelerated images accurately. Multi-level identification and flexible management and control solutions are supported for selection based on your needs. The overall detection accuracy of CDN exceeds 99%. CDN can replace 90% of manual reviews and reduce the risk of violations significantly.
By simplifying the security acceleration architecture, CDN allows O&M personnel to perform the all-in-one self-service configuration and API control. This allows them to implement routine attack monitoring and alerting, full-procedure troubleshooting, automatic protection, and real-time viewing of full data logs. At the same time, the escort and major event response system designed for large-scale promotional activities can help enterprises protect their applications against security risks and ensure system stability.
In addition to the technologies mentioned above, CDN is compliant with Level 3 of GB/T 22239-2019, ISO9001, PCI-DSS, and other standards. Its network security, data security, and service security capabilities have been recognized by leading global authorities.
A well-known airlines in Asia holds a large ticket sales promotion each quarter. The airline can block malicious ticket requests quickly with Alibaba Cloud CDN and WAF. Through long-term and continuous analysis of seat occupancy during the promotion period, the pressure of seat occupation rates is reduced to a relatively low level to ensure stable revenue for the airline.
This company is a dark horse among all other Chinese gaming companies that enter foreign markets. This enterprise uses Alibaba Cloud DCDN to integrate an ultra-large user experience, allowing users to replace all Border Gateway Protocol (BGP) network resources of their source servers with a single operating network. The bandwidth cost of the source server is reduced by more than 50%.
If you want to learn more, you can hear what Shen Zhenhui, an expert on Alibaba Cloud intelligence products, has to say about this in his session at the Alibaba Cloud Summit 2021: Accelerating Business with New Native Security in CDN
You can also learn more about Alibaba Cloud secure DCDN solution at: https://www.alibabacloud.com/solutions/content-delivery/secure-dcdn
Disclaimer: The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.
Six Advantages of Alibaba Cloud DDoS Protection and Four Solutions to Resist DDoS Attacks!
2,599 posts | 762 followers
FollowAlibaba Clouder - June 24, 2020
Alibaba Cloud Community - May 16, 2022
Alibaba Cloud Community - September 13, 2024
Iain Ferguson - January 13, 2022
Nick Patrocky - February 5, 2024
Alibaba Cloud Community - January 21, 2022
2,599 posts | 762 followers
Follow
Security Center
A unified security management system that identifies, analyzes, and notifies you of security threats in real time
Learn More
Security Solution
Alibaba Cloud is committed to safeguarding the cloud security for every business.
Learn More
Edge Security Acceleration (Original DCDN)
Edge Security Acceleration (ESA) provides capabilities for edge acceleration, edge security, and edge computing. ESA adopts an easy-to-use interactive design and accelerates and protects websites, applications, and APIs to improve the performance and experience of access to web applications.
Learn More
Security Overview
Simple, secure, and intelligent services.
Learn MoreMore Posts by Alibaba Clouder
