The Internet changes with each passing day, and to DDoS, CC led by the network attack is also wanton flood, high defense CDN and a number of defense alliance also vowed to resist. Today let’s take a look at the different defense methods for defending against DDoS attacks.

DDoS attacks are common, but they are the most annoying problem for o&M personnel. They can cause websites to go down, servers to crash, content to be tampered with, and even brand/property to be severely damaged.

In fact, in addition to routine defense awareness and operations of O&M personnel, the paid value-added services provided by IDC service providers are the best choice to defend against DDoS attacks. After all, the paid services are paid only when they have an effect.

Five ways to defend against DDoS attacks: First of all, the first way is to start from the daily DDoS attack defense, which is particularly related to the security awareness and defense awareness of operation and maintenance personnel. This method has the lowest cost for individuals and enterprises, and is also an essential part of defense: 1. Autonomous defense methods and steps

A. Periodically scan for vulnerabilities and patch them

Make sure there are no vulnerabilities in the server software to prevent attackers from getting in. Make sure the server has the latest system and security patches.

B. Filter out unnecessary services and ports

Filter unnecessary services and ports, that is, fake IP addresses on routers… Opening only service ports has become a popular practice for many servers, such as the WWW server, which opens only 80 ports and closes all others or blocks them on the firewall.

C. Check the source of visitors. Use the reverse router to check whether the IP address of the visitor is true. If it is false, the IP address is masked. Many hackers often use fake IP addresses to confuse users and make it difficult to find their source. Therefore, unicast reverse path forwarding can reduce the occurrence of false IP addresses and improve network security.

Secondly, if funds permit, you can purchase the following value-added services from IDC service providers to defend against DDOS attacks:

2. Use a high-defense server to ensure server system security

A high DDOS defense server is an independent hard defense server that can defend against more than 100 GB oF DDOS and CC attacks. It can provide security maintenance for a single customer. Depending on the environment of each IDC room, some hard defense servers and some soft defense servers are used. In simple terms, servers that help websites with denial-of-service attacks and periodically scan existing network hosts for possible security vulnerabilities.

3. Configure the Web application firewall

Web application firewall is a product that implements a series of security policies against HTTP/HTTPS. WAF(Web Application Firewall) is based on cloud security and big data capabilities, used to defend against SQL injection, XSS cross-site scripting, common Web server plug-in vulnerabilities, Trojan upload, unauthorized access to core resources and other OWASP common attacks. And filter massive malicious CC attacks, avoid your website asset data leakage, ensure the security and availability of website business.

4. Use a high-security IP address to hide the real IP address of the server

High IP defense is a value-added service for Internet servers that are unavailable due to heavy traffic DDoS attacks. The defense principle is that users can divert attack traffic to high-defense IP addresses by configuring high-defense IP addresses to protect the real IP addresses from exposure, ensure the stability and reliability of source sites, and ensure the access quality of users and the viscosity of content providers.

5, the use of high defense CDN, through content separation data traffic for defense

The full name of CDN Defense is Content Delivery Network Defense, namely, Content separation data traffic Defense. High against the basic principle of CDN is set up on the Internet in distributed on the Internet, with the help of edge network server deployed all over the country, according to the management center service platform of load balancing, distributed, production scheduling, such as program module, give customers nearby principle need content, without having to browse the website source network server immediately.

Its basic principle is simply to set up several high defense server CDN connection points, when there is a CDN connection point attack at that time each connection point bear each other. It is not easy to open a website because a connection point is attacked and hacked to death. At the same time, using CDN can also protect the source IP of the website. The key here is that once a high security CDN is connected (free CDN can prevent DDOS around 5G), do not leak the network IP of the source network server, otherwise the attacker can evade the CDN and immediately attack the source network server.

This article from: www.lnyatoo.com/guandian/15…