DDos and AWS Shield

• what is DDOS attack?
  • shutdown
  • distributed denial of service
• ddos : its receiving too many requests
  • syn flood
  • udp reflection : send many big UDP Requests
  • DNS flood attack
  • slow loris attack : thread will be overwhelming
• application level attack
  • more complex more specific
  • cache bursting strategies
• protection on aws
  • aws shield Standard: bydefault
    • reflection attacks an other layer3 layer4 attacks
  • aws shield advanced (premium)
    • protect against higher fees
  • aws WAF : filter specific requests based on rules
    • if more than 5MB drop it
  • cloudfront and route 53
    • use aws shield by default
    • availability protection using global edge network
    • combiled with shield, provides ddos attack mitigation at the edge
  • ready to scale → aws auto scaling
  • seperate static resources from dynamic ones
    • dynamic reqeusts are smaller