zoukankan      html  css  js  c++  java
  • 如何缓解DDOS攻击


    (a) reduce the number of necessary Internet entry points,
    (b) eliminate non-critical Internet entry points, 
    (c) separate end user traffic from management traffic, 
    (d) obfuscate necessary Internet entry points to the level that untrusted end users cannot access them, and 
    (e)decouple Internet entry points to minimize the effects of attacks. 

    c、 不要让普通用户走你的管理网络,也就是普通通道和管理通道必须隔离开来。
    d、 不可信任的用户禁止访问网络
    e、 减少INTERNET接入。

    2、 Be Ready to Scale and Absorb the Attack准备吸收DDOS攻击

    (1) select the appropriate instance types for your application,
    (2) configure services such as Elastic Load Balancing and Auto Scaling to automatically scale, and 
    (3) use the inherent scale built into the AWS global services like Amazon CloudFront and Amazon Route 53

     a、选择正确的实例类型;用来抗DDOS的EC2,AWS建立你用万兆网卡的实例。。。用半虚拟化的实例,C3, C4, R3, D2, and I2 instances。这些实例可以安装SR-IOV网卡驱动,专门来对抗DDOS。
     Because ELB only supports valid TCP requests, DDoS attacks such as UDP and SYN floods are not able to reach your instances.

    c、Auto Scaling,AWS很重要的一个功能
    Auto Scaling helps you maintain application availability and allows you to scale your
    EC2 capacity up or down automatically according to conditions you define. For example,
    you can set a condition to incrementally add new instances to the Auto Scaling group
    when network traffic is high (typical of DDoS attacks). You can also set a condition to
    remove instances in the same increments when network traffic is low. You can use
    Amazon CloudWatch to trigger scaling activities and ELB to distribute traffic to your
    instances within Auto Scaling groups.
    Auto Scaling可以帮助您保持应用程序的可用性,并允许您扩展您的

    使用 Auto Scaling有以下一些注意事项:
      How long it takes to launch and configure your servers? If you’re application
    takes more than five minutes to start, we recommend having multiple instances
    already running your application or low thresholds for scaling.
     What metrics have the most relevance to your application's performance?
    Example metrics for DDoS attacks are CPUUtilization, NetworkIn, and
     What existing resources (such as EC2 instances or AMIs) you might want to use as
    part of your Auto Scaling group? You’ll want the same type of instance or higher
    capacity running the application under attack for your Auto Scaling group.
     To how many AZs do you want the Auto Scaling group to span? We recommend a
    minimum of two AZs.
     How fast should you scale up and down? Keep in mind that DDoS attacks can
    come in waves. You don’t want to scale down after the initial wave only to find
    out you have to scale back up again.
     What is the maximum amount of EC2 instances for the Auto Scaling group?
    Additional instances may increase your costs. When you create your Auto
    Scaling policy, you can set maximum number of instances. You can also set an
    alarm when this maximum number has been reached. See Amazon CloudWatch
    for steps on setting alarms.

    3、Amazon CloudFront亚马逊的云服务 
    CDN这块抗DDOS就不用说了, 可以把您的流量分到各地去,让攻击者无法找到您真正的原站资源。
    Amazon CloudFront还具有过滤功能,以确保只有有效的TCP连接和HTTP请求而放弃无效的请求
    4、Amazon Route 53,亚马逊的智能DNS服务 
    这块我之前已经介绍过了。 你的用户都是中国,那么在DNS解析的时候,国外用户就不用解析了。或者让他们解析到127.0.0.1去。根据地域的IP来做智能DNS解析;

    5、Safeguard Exposed Resources保护公开的资源 
    这块主要是结合安全组以及 Amazon CloudFront。

    6、Learn Normal Behavior
  • 相关阅读:
    php连接mySql数据库 示例
    javascript Worker子线程
    js + php服务器推送see(自定义推送时间)
    javascript js获取html元素各种距离方法
    javascript 浅复制 和 深复制
    javascript 对象api
    php 搭建webSocket
    javascript 客户端webSocket示例
    javascript 集合 Object Array Map Set
    javascript json语句 与 js语句的互转
  • 原文地址:https://www.cnblogs.com/itfat/p/7268014.html
Copyright © 2011-2022 走看看