Like For IaaS, DDoS Protection for Cloud Computing PaaS is Also Increasingly Becoming Important. Attackers Are Now PaaS and Even SaaS Setups. Yesterday, we published similar kind of guide – DDoS Protection for Cloud Computing IaaS, this time a bit newer thing. You probably need to read the article first. With Cloud Computing IaaS, one can compare our traditional virtual servers, but PaaS can make most of the advanced users clueless. Problem with SaaS is less to the consumers – consumers need not to think about DDoS Protection. But PaaS falls in-between.
DDoS Protection for Cloud Computing PaaS : Which Segments Are More Vulnerable?
There many limitations of PaaS like that with naked domain. IaaS and PaaS does not actually run in the same way.
DDoS attacks can be classified into 3 main categories – Volume Based Attacks or Bandwidth Based Attacks, Protocol Attacks and Application Layer Attacks.
In case of PaaS, the attack usually concentrates on the specific web applications and flood with HTTP requests. There are typical Cloud specific DDoS attacks like SYN Floods (exploits the flaws in TCP 3 way handshake procedures), UDP Floods (Floods with UDP packets to the random ports), ICMP Floods (Flooded with ICMP echo request packets), Ping of Death (thats why we gave warning for activating Ping on Nginx), Smurf Attack (ping from a spoofed IP address), HTTP based DoS Attack (HDoS), XML based DoS Attack (XDoS) etc.
DDoS Protection for Cloud Computing PaaS as Countermeasure
Co-operative Intrusion Detection System, Cloud Trace Back Model(CTB) and Cloud Protector, Confidence Based Filtering(CBF) Approach, CLASSIE Packet Marking Approach, Filtering Tree Approach, Information Theory Based Metrics Method are commonly used methods to protect the Cloud DDoS.
Current political stuffs, exactly like Akamai stated last year, increased these attacks. Except using a professional specified service for serious web applications, there is very less to do works in the Security part. It is obvious that using a tight password, not using PHPMyAdmin on the same “gear” will make the setup secure. As physical IP address is not exactly allocated in the way we do with IaaS, the attacks can be handled at DNS level if a custom domain is used and the internal domain is not exposed outside.
So, just keep this matter in head that PaaS can also face DDoS. This is not for not using the PaaS – this is for keeping the things safer.