Providers that protect against DDoS attacks

Akamai

Akamai [11] operates one of the largest content delivery networks (CDNs) worldwide and uses its network to offer DDoS protection in the cloud. In addition to the DNS and BGP variants, Akamai sells proxy protection, which places your individual applications (e.g., ports on IP addresses) under their protection.

Like Link11, the Prolexic Connect product provides data centers with the option to slip under the wing of CDN (Figure 2). Like Link11, Akamai structures the billing model as a subscription and uses the 95th percentile of clean or normal incoming traffic to calculate a price. In the BGP variant, the number of /24 networks and the number of protected sites still play a role.

Figure 2: Akamai, known for its global CDN, provides customers with protection against attacks for a fee.

Conclusions

If you run your infrastructure with AWS, you will be grateful for the basic protection provided. Advanced protection is quite pricey, though. You should consider whether Amazon's presence is so relevant for your business that it justifies a premium of more than $3,025 per month. The option to pay per attack can quickly have an adverse effect on the purse of the victims. If you want to get away from Amazon completely, you need to look around for another provider in terms of DDoS protection.

The information in this article can probably steer you in the right direction, but it does not present a universal solution. Because the pricing structures differ considerably between providers, you should first analyze your own threat situation closely. Have you already experienced attacks or been threatened with attacks? If so, was the entire company threatened or just one department? In the latter case, even Amazon can be useful, especially if the volume of regular traffic is not too high.

Even if you do not take precautions against DDoS attacks with specific measures, you should at least have a contingency plan up your sleeve and discover your options beforehand. Link11 and Arbor offer emergency links on their websites in the event of an attack. For those at risk, there is no time to lose.

Infos

  1. NetFlow: https://en.wikipedia.org/wiki/Netflow
  2. sFlow: http://www.sflow.org
  3. Ipfix: https://tools.ietf.org/html/rfc7011
  4. Border Gateway Protocol: https://tools.ietf.org/html/rfc1772
  5. Flowspec: https://tools.ietf.org/html/rfc5575
  6. Netfilter Conntrack memory usage: https://johnleach.co.uk/words/372/netfilter-conntrack-memory-usage
  7. A10: https://www.a10networks.com/products/thunder-series/ddos-detection-protection-mitigation
  8. AWS Shield: https://aws.amazon.com/en/shield/
  9. Arbor: https://www.arbornetworks.com/ddos-protection-products
  10. Link11: https://www.link11.com/en/
  11. Akamai: https://www.akamai.com/us/en/resources/ddos.jsp

The Author

Konstantin Agouros works as Head of Open Source Projects at Matrix Technology AG, where he and his team advise customers on open source and cloud topics. His new book, Software Defined Networking: SDN-Praxis mit Controllern und OpenFlow [Practice with Controllers and OpenFlow], is published by De Gruyter.

« Previous 1 2 3 4

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • DDos Attack Map Charts Denial of Service

    A new web application helps users visualize distributed denial-of-service attacks.

    more »
  • ARP Spoofing

    Any user on a LAN can sniff and manipulate local traffic. ARP spoofing and poisoning techniques give an attacker an easy way in.

    more »
  • Backdoors

    Backdoors give attackers unrestricted access to a zombie system. If you plan to stop the bad guys from settling in, you’ll be interested in this analysis of the tools they might use for building a private entrance.

    more »
  • Honeynet

    Security-conscious admins can use a honeynet to monitor, log, and analyze intrusion techniques.

    more »
  • TCP Hijacking

    It is quite easy to take a TCP connection down using a RST attack, and this risk increases with applications that need long-term connections, such as VPNs, DNS zone transfers, and BGP. We’ll describe how a TCP attack can happen, and we’ll show you some simple techniques for protecting your network.

    more »
comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF:

Price $2.95

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source