Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Does a CDN Protect Against DDoS Attacks? | @CloudExpo #Cloud #Security
A CDN by its very nature will absorb DDoS attacks for the content that it serves and this could be considered protection

Does a Content Delivery Network (CDN) protect against Distributed Denial of Service (DDoS) attacks? It's a good question. A CDN by its very nature will absorb DDoS attacks for the content that it serves and this could be considered protection but, as is often the case, this is only the beginning of the story.

If we consider what is actually going on here, the CDN isn't actually ‘blocking' the DDoS attack - it is simply reducing its impact by throwing more resources at the problem. This means that the size of the DDoS attack a CDN can deal with is inherently dependent on the size of the CDNs infrastructure, which for some of the market-leading players means that pretty much any current attack targeting CDN served content can be ‘absorbed.'

This sounds great - DDoS Problem Solved - but there a couple of big caveats here.

First, many CDN providers charge based on the amount of traffic they process and content they serve. If the CDN solution to DDoS is simply to ‘absorb' it then that traffic can be chargeable - so the ‘cost' of an attack for a CDN customer isn't predictable and unexpected (large) bills can be the result.

The second and perhaps most significant problem is the risk that the attacker can bypass the CDN, or proxy through it, to target the customer's origin server.

If the attacker can find out the IP address of the origin server used to provide dynamic content, account information, etc., then he can bypass the CDN. There are techniques that effectively use the CDN as the proxy for a DDoS attack towards a customer's origin servers. Unfortunately, both of these techniques are used in the wild, and many commercial ‘DDoS for Hire' services advertise their ability to circumvent CDNs.

The answer is layered DDoS protection. This involves the use of a cloud-based DDoS protection service to deal with high magnitude attacks, plus an on premise component to deal proactively with all attacks, including the stealthier, more sophisticated application layer attack vectors. Both of these layers are designed to ‘block' attack traffic, so that only good traffic is processed - this differs from the way most CDNs ‘absorb' DDoS attacks.

If attack traffic is blocked then it can longer consume resources on application / service infrastructure, and most good DDoS mitigation services charge based on the amount of clean traffic delivered to the end-customer (not the ‘unknown' amount of attack traffic) - this makes the cost model far more predictable and palatable to the CFO.

Conclusion
A content delivery/distribution network is not a solution to DDoS attacks. CDNs can reduce the impact of a DDoS attack targeting CDN served content, but they do not represent a comprehensive defensive strategy. CDNs may prevent some attacks from succeeding - but not all.

Relying on a CDN to protect your organization from a DDoS attack is very risky, in the same way as being reliant on an umbrella to keep you 100% dry in heavy rain. The umbrella will provide protection from rain as it falls, but not from being splashed by a passing bus. Organizations should consider the best-practice of layered DDoS defense, possibly alongside a CDN if required, to effectively protect against DDoS threats.

About Darren Anstee
Darren Anstee, Chief Technology Officer at Arbor Networks, has 20 years of experience in pre-sales, consultancy and support for telecom and security solutions. In his position, he works across the research, strategy and pre-sales aspects of Arbor’s traffic monitoring, threat detection and mitigation solutions for service providers and enterprises around the world. Prior to joining Arbor, he spent over eight years working in both pre- and post-sales for core routing and switching product vendors. Follow Darren Anstee on Twitter ‏@cadernid

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions n...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructur...
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mis...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performa...
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE