Protection against DDoS attacks: What solutions are there?
DDoS attacks can temporarily disable websites and shops. To avoid this, companies have special protection solutions available. We introduce the common technologies.
Basic protection in the computer center of the provider
In principle, every managed-hosting provider specializing in business customers operates basic protection in their own data center. Sometimes this is also advertised as a free DDoS protection. This should ensure the accessibility of your systems, while attacks on other customers take place in the same data center. The provider quickly detects all types of DDoS attacks and takes appropriate countermeasures. However, accessibility to an attack on your own systems is not guaranteed by this solution. In addition, downtimes due to DDoS attacks are excluded from the Service Level Agreements (SLA) in the industry.
Defend DDoS attacks properly
In addition to basic protection, hosting providers offer additional solutions in collaboration with specialized CDN and DDoS mitigation providers. There are a variety of products available on the market, which can be roughly divided into these categories:
Some providers of content delivery network (CDN) solutions also offer efficient DDoS solutions based on their globally distributed infrastructure. These solutions pre-empt DDoS attacks at the edge of the network before they reach your web applications. For this purpose, they are upstream of the hosting environment and can thus clean the entire web traffic. The availability of your online shop or website is thus preserved.
The CDN-based solutions are also referred to as DNS forwarding (the domain name system resolves a request to a domain to the corresponding IP address of the target system). The DNS entries of the environment to be protected are adjusted so that traffic first encounters the mitigation infrastructure.
DDoS Scrubbing Center
With these solutions, your infrastructure is preceded by a scrubbing center. All traffic to the environment is filtered there and then continued via a secure line to the hosting provider. The protection, in this case, applies to your entire hosted environment. This solution is particularly useful if, in addition to the webshop, other enterprise applications also run on the hosted infrastructure.
Another name for this technology is BGP routing (BGP = Border Gateway Protocol, the routing protocol used on the Internet).
New: DDoS Protection with Shared Resources
Recently, a DDoS protection solution based on the cloud principle has been on the market especially for small and medium-sized projects. This means that multiple customers use the necessary infrastructure and thus reduce the costs for the individual. Nevertheless, here is an effective protection against DDoS attacks given, in addition to the web offer also includes other services (eg mail or FTP server). This solution is based on the principle of BGP routing.
To guard against DDoS attacks, it is also possible to operate a hardware instance as a transparent gateway between the public network environment and the hosting infrastructure or in conjunction with a load-balancing or firewalling infrastructure. This automatically filters incoming traffic for DDoS and other attack patterns. Schad traffic is thus detected early and filtered out so that it does not even reach the hosting environment. The disadvantage here, however, is that these solutions can handle a lower attack bandwidth than the other products.