Cloud Denial of Service Protection

Grazed from CloudPatterns.org. Author: Editorial Staff.

Cloud denial of service (DoS) attacks are multifaceted and prevent consumers of cloud services from accessing their cloud resources. A cloud DoS protection service is incorporated into the security architecture to shield the cloud provider from DoS attacks. A network DoS protection service updates the domain name service (DNS) to route all cloud provider traffic through the protection service, which filters attack traffic and routes only legitimate traffic to the cloud provider. Alternately, the cloud provider can route traffic to a DoS protection service when experiencing an attack, or create their own DoS protection service.

There are three categories of DoS attacks: volume-based attacks, protocol attacks, and application layer attacks. A volume-based attack is when a DoS forces a cloud victim to use overwhelming amounts of network bandwidth. This causes unsupportable network usage, leaving the cloud services without network resources and causing non-responsiveness…

These DoS attacks include distributed denial of service (DDoS) and distributed reflector denial of service (DRDoS). The attacks focus on multiple layers of the networking stack. Volume-based attacks include UDP floods, ICMP floods, and other spoofed-packet floods…

Read more from the source @ http://cloudpatterns.org/candidate_patterns/cloud_denial_of_service_protection