OVHCloud’s distributed denial of service protection takes the complexity out of preventing denial of service attacks for your business.
Denial of service attacks are a pernicious problem for any business with a web presence. A DoS attack floods an external web service with traffic, making the server and its supporting infrastructure unable to respond to the flood of requests. This flooding blocks legitimate traffic and, in many cases, can cause a failure that requires administrator action.
Distributed denial of service attacks add an additional element, using a network of maliciously controlled computers to launch the attack. A malicious actor creates a “botnet” that might be analogous to zombies in a horror movie. These machines can be controlled by that malicious entity and used to launch coordinated DoS attacks. Since these attacks come from hundreds or even thousands of devices around the world, they are difficult to detect and mitigate.
These attacks can use multiple “attack vectors,” ranging from complex attempts to exploit software vulnerabilities to simple attempts to make so many requests on your resources that they can’t keep up.
SEE: Top 3 Tips for Identifying Quality Vulnerability Intelligence (TechRepublic)
Preventing DDoS attacks typically requires quite sophisticated application and network design. And the simplest mitigation—having enough processing power and additional network to withstand a DDoS attack—is also the most expensive. In addition to a strong technical architecture, a combination of firewall devices capable of advanced network analysis and content delivery networks could help mitigate a DDoS attack but requires configuration and administration.
OVHCloud, a cloud and hosting provider, offers a much easier solution with its cloud-based DDoS protection, which is free with the company’s hosting packages.
The OVHCloud solution relies on what the company calls a “VAC,” a set of physical and virtual servers and routers that the company says can “suck” malicious traffic by redirecting it away from an organization’s web and application servers. .
The OVHCloud system includes a series of high-performance routers that continuously analyze the traffic that passes through them en route to an organization’s servers. When the router detects an attack, excess bandwidth can be deployed to prevent servers from being overwhelmed. Routers redirect all incoming traffic to the VAC less than two minutes after the attack originates.
This immediately reduces the loads on servers and applications and shifts the workload of scanning all incoming traffic to the VAC. The VAC takes over, absorbs and analyzes all incoming traffic and only passes legitimate traffic to the organization’s server.
The VAC will continue to process all traffic for the next 26 hours, after which the attacker has likely lost patience or moved on to an easier target. At this point, the VAC will “stand down” and begin passing traffic normally to the servers while it restarts in case another attack occurs.
Interestingly, OVHCloud offers a specific DDoS setting for online games. Recognizing the importance of competitive gaming and esports, where sponsorships, prize money and reputation are at stake, OVHCloud has customized its DDoS protection for popular game servers.
SEE: Health care turns to the gaming industry to build its metaverse (TechRepublic)
This protection is customized for various popular gaming and communication platforms, from GTA to Mumble. The routers are configured to cache requests, which presumably provides additional throughput for high-stakes esports events.
OVHCloud also offers DDoS protection on all of its hosting options and includes a default anti-DDoS policy configured by default.
For users who require more advanced and customizable DDoS protection, OVHCloud includes an Application Programming Interface that allows control and monitoring of the DDoS platform. The API can be used to notify the administrator about events or even adjust DDoS profiles as events occur.
If user choices fail to mitigate an incoming DDoS attack, protection will continue to scale to keep applications up and running. This provides a good balance between allowing users flexibility in designing their DDoS protection, while also providing increased protection in case user configuration proves inappropriate.
DDoS attacks are difficult to detect and mitigate, as they can strike without warning and from multiple sources in seemingly no consistent pattern. Designing a comprehensive approach to DDoS protection can be extremely challenging, even for experienced network and security administrators, and implementing the right hardware and software can be cost prohibitive.
OVHCloud allows the server administrator to focus on more important matters, as the robust protection is already designed and implemented. The use of shared VAC technology gives applications powerful protection when needed, which effectively “disappears” when it is no longer working.
Hosting providers often seem interchangeable, with most providing reliable and cost-effective bare metal or cloud-based hardware at similar prices. Capabilities like OVHCloud’s include DDoS protection which can be the tipping factor that differentiates one provider from another. This feature can keep your business-critical applications running when malicious actors try to take them down.