How to deal with high traffic attacks?
Purchase CDN acceleration services, just drain the traffic, the attacker also needs to cost, and ultimately the war of attrition.
Why did AliCloud suffer a ddos attack?
Today, Ali cloud enterprise authentication microblogging said, in December 20 to 21, Ali cloud on a well-known game company suffered a DDoS attack, the attack time up to 14 hours, the attack peak traffic reached 453.8Gb. Specifically which game company was attacked and suffered an attack on the reason, at present Ali has not yet revealed. Ali Cloud said it condemned the hacking attack and called on all Internet innovation enterprises **** the same boycott of hacking behavior. "AliCloud will never compromise in the face of hacking."
What is cloud computing to hackers?
Cloud computing is different from the traditional network structure, hackers attack from where, where the service provider defense, where is the security battlefield of cloud computing services? From the cloud computing model analysis, it is not difficult to see the future security of the "five battlefields":
1, the user access portal: cloud computing services are provided through the network, the user uses a fixed or mobile smart terminal to log on to the cloud service, the access portal is the web site of the cloud computing service is the way for external visitors. This is the "gate" of cloud computing, users come in from here, and attackers come in from here. The attacks that are most likely to occur here are as follows:
Password attacks: guessing user passwords, impersonating users to log in, and obtaining user resources. Cloud computing generally does not open the remote platform management function, but for PaaS/IaaS, the user remote management of their own platform is common, the attack on the administrator's password is more tempting; Fake "credentials": multi-factor authentication, in addition to passwords, there are also digital certificates, or fingerprints, iris, etc., to impersonate the user, it is necessary to "imitate" the user, you have to "imitate" the user, and then the user will be able to log in. To impersonate a user, it is necessary to "fake" these "documents". After collecting relevant user information on the terminal, it is still relatively easy to imitate, such as bank cards, ID cards, etc.; Phishing: This is a traditional attack, targeting the user's relevant private information, and the cloud computing login interface is very much the same as the website, which makes it easy to be attacked by phishing. Information eavesdropping: eavesdropping on user communications, such as deciphering the user's mailbox, you can copy the user's incoming and outgoing emails, and monitor the user's business dealings; DDOS attack: this is for cloud service providers, which can be divided into portal bandwidth attacks and service capability attacks, the purpose is to cause interruption of the cloud computing service, and in this way, to blackmail the service provider to compromise, to pay the protection fee.2, business applications (SaaS, PaaS services): both service providers and users of business software, contains a large number of loopholes, and the use of low difficulty, the intruder can not only attack the application software, access to user information, but also as a next step in the occupation of the "host" springboard. Attacks on a variety of ways, the main ones are as follows:
Virus and worms: the use of application software vulnerabilities spread viruses, worms more and more, carrying on the Trojan horse is even more abominable, because the Trojan horse can go home, the infiltration of non-targeted into the purpose of destroying the organization; Horsetagging: the cloud computing services are mostly BS architecture, through the Web Horsetagging is the main way to disseminate Trojan horse. Prominent is the social class, **** enjoy storage services, users upload information more and more complex, easy to carry malicious code. Web site horse hanging on the service provider's own services have no impact, just face problems, hurt is the user; Application software attacks: invasion for Web applications, such as SQL injection, XSS, etc., to obtain user database privileges, steal user information; this is currently the Internet's most used invasion methods; Host attacks: further is to obtain the host, you can pass the operating system The vulnerability of the operating system can be attacked directly, the difficulty to be greater (most servers have security reinforcement), through the application software as a springboard is relatively easy, first access to the application's permissions, and then through buffer overflows and other ways to "raise the right" to occupy the service host or virtual machine, install backdoors or control programs, the host into the attacker's control of the "broiler". "The first step is to make sure that you have a good understanding of what you are doing and how you are doing it.3, virtual machine (IaaS services): virtual machine is the basic "container" of cloud computing services, but also the rental unit of IaaS services, its own elasticity of service capabilities and low cost, through simple business contacts can be used. For hackers, this is a big "resource" in itself, and in addition to utilizing it, they can also break through it and invade the service provider's back-end management:
VM "overflow": cloud computing service providers provide secure services for multiple users because they can The reason why cloud computing providers offer secure services to multiple users is because they can isolate users from each other, avoiding information *** enjoyment and access between users. As in a hotel, different customers are assigned to different rooms, and access cards and monitoring prevent customers from going to the wrong room. Attackers want to break through this restriction, that is, "overflow", after the overflow, not only can access the "neighbor" data and systems, but also access to the background management system, control the entire "hotel The "hotel" is a "hotel" with a "hotel" of its own.This breakthrough technology relies on the security of the cloud computing service platform used by the service provider, and there are not many commercially available platforms that have already been declared by hackers to be able to do "overflow".
Resource misuse: For attackers, the number of "broilers" is the same as the number of troops under their control, and cloud computing services can provide such cheap, legitimate "soldiers" that they don't need to spend a lot of effort to attack and hunt them down one by one. The main ways to be "utilized" are as follows:nDeciphering passwords: the invasion process of password deciphering is the most costly computing power, unless the state nature of the attack, the computing power of the intruder is a valuable asset, renting a cheap cloud computing, directly used to crack the password is a good idea. For cloud computing service providers, it is difficult to distinguish whether a user is doing "scientific computing" or decrypting high-precision Department of Defense passwords, and again, the privacy of the user's "business" prevents the service provider from conducting in-depth monitoring.
The same "quality" of financial services is offered by banks, regardless of whether the user's transactions are rice or "white flour".
n "Broilers": A virtual machine is a "broiler" that can be rented directly and used to focus a large number of "broilers" on a DDOS attack. The traffic and status of each "broiler" is not as abnormal as we think, and it is difficult for cloud computing service providers to judge (if they can't judge, they can't stop). And since cloud computing services are cross-border, an attacker can develop his own "broiler" management software to keep the "broilers" spread out evenly.
n "Springboard": "Botnets" are difficult to crack because controllers often use multiple layers of "springboards" to remotely control the front-end "broiler". "Broiler" to launch attacks, the defender blocked a large number of broiler, but also can not stop the attackers to organize the next "charge". The acquisition of cloud computing services, most of the network identity through the identification of cross-border, cross-border a lot of direct virtual machines as a "springboard", the attacker to the virtual machine link is private encrypted, even if the service provider found that the attacker's commands are issued by their own virtual machines, but also very difficult to locate the backstage controllers. If you then go through the virtual machines between several cloud computing service providers, jumping around, it will be even more difficult to find the real attack controller.
4, cloud computing management platform: cloud computing management platform is the core of cloud computing services (including business operations management and resource virtualization management of two parts), where the "failure", often fatal to the service. The protection here is not only from external intruders, but more importantly, to guard against internal personnel "misuse":
Hacker invasion: invasion here, it becomes the "master" of the entire cloud computing service, not only can grasp all the user data, billing information, but also can be the service provider's user data, billing information, and so on. The company's main goal is to provide the best possible service to its customers, and it is also a good way to ensure that the company's customers have the best possible service.Because cloud computing security is very important, the general selection of professional company management, close the remote management channel, multi-dimensional security reinforcement, the current hacker invasion options are more through the virtual machine "overflow", or the platform's own vulnerabilities;
insiders: tight protection, which inevitably leads to attacks on the turn "internal implementation". Therefore, security managers should be wary of the "mistakes" that occur, indeed, the staff's operational errors; a significant number of them may be "intentional", perhaps by attackers posing as insiders, or by insiders being bribed by attackers. In short, most cases of sensitive user information leakage show that the probability of "theft" by insiders is very high. Of course, there are many cases of business interruption caused by internal management problems, such as the Amazon Web service interruption in April 2011, which was caused by a system upgrade.5, data center: cloud computing services in the user's view is virtual, but the final "work" or to the physical implementation of the machine and equipment to support cloud computing services in the data center is real, is clearly traceable, therefore, for cloud computing service providers, physical security is equally important:
Data Leakage: Stealing the physical media, or man-made copy replication, seemingly primitive and simple, but is a very practical The data leakage: the theft of physical media, or artificial copy reproduction, seems primitive and simple, but is a very practical method of access.This is the "five major battlefields" in terms of cloud computing service providers, the competition is inevitable. In the user terminal, the same is the security of the place, here is also the weakest security, the most complex situation, the spread of viruses, Trojans, worms, directly with the "user business", legal flow into the cloud computing service side. Can not "purify" the terminal, the service provider is also difficult to guarantee the service of a general reason.
In short, in cloud computing, there is no network boundary, the position of the user and the attacker is blurred, and the security theory of boundary isolation is not very applicable. In the new business environment, the user's business flow has become the basic unit of business management, security protection, the user's business flow "isolation" and control is the most basic unit of security protection, information security from the network "packet" control, into a new mode of control by the user's business flow. The new model.
Vulnerabilities are the concern of hackers, but also security managers are concerned about, here is the focus of security attacks and defense, is the two sides of the strategic location of the fight.