DDoS

Hardware

1. Increase bandwidth

Bandwidth directly determines the ability to defend against attacks, increase the bandwidth of the hard protection is theoretically the best solution, as long as the bandwidth is greater than the attack flow is not afraid,anti DDOS but the cost is very high.

2. Upgrade hardware configuration

Under the premise of ensuring network bandwidth,virtual Machine cloud try to enhance the configuration of CPU, memory, hard disk, network card, router, switch and other hardware facilities, and use well-known, well-known products.

3. Hardware firewall

Put the server into a server room with a DDoS hardware firewall.vpshosting Professional firewall technology usually need to have the abnormal data traffic cleaning and filtering information function, can fight against SYN/ACK attacks, TCP fully connected network attacks, brush script language attack mode and so on these traffic-type DDoS attacks.

Individual hosts

1. Fix bugs and update security patches in a timely manner.

2. Close unnecessary services and ports, reduce unnecessary system add-ons and self-startup items, minimize the execution of fewer processes in the server, and change the working mode.

3. iptables

Strictly control account privileges, prohibit root login, password login, and change the default ports of commonly used services.

The whole server system

1. Load balancing

Load balancing is used to evenly distribute requests to all servers, thus reducing the burden on individual servers.

2.CDN

CDN is a content distribution information network built on top of the network, relying on edge system servers deployed in various places, through the distribution, scheduling and other functional modules of the research center's management platform, so that users can get the content they need in the vicinity, reduce social network congestion, and improve the response speed and hit rate of user data access, so CDN acceleration is also used in a load-balancing analysis technology. Compared with the high defense hardware firewalls can not possibly carry down the limit of unlimited traffic, CDN is more sensible, multi-node sharing penetration traffic, most of the CDN nodes have 200G traffic protection, coupled with the protection of the hard defense, it can be said to be able to cope with most of the DDoS attacks.

3. Distributed Cluster Defense

Distributed cluster defense has the attribute of setting multiple IP addresses on each node server, each node can withstand not less than 10GB of DDoS attacks, such as a node can not be attacked service, the system will automatically switch to another node according to the priority settings, all the attacker's packets will return to the sending point, thus paralyzing the source of the attack.

cloud server hk: Efficient, Reliable, Global Connectivity for Seamless Operations.

Top