Product Advantages
-
Great Capability
Defend your servers against a wide range of network and transport layer DDoS attacks with globally distributed scrubbing centers that provide Tbit/s protection capacity.
Defend your servers against a wide range of network and transport layer DDoS attacks with globally distributed scrubbing centers that provide Tbit/s protection capacity.
-
Instantaneous Response
Efficiently detect and rapidly respond to DDoS attacks before your services are impacted.
Efficiently detect and rapidly respond to DDoS attacks before your services are impacted.
-
High Reliability
Enjoy always-on protection, and tune your protection settings based on the detected attacks.
Enjoy always-on protection, and tune your protection settings based on the detected attacks.
-
24/7 Support
Keep your services up and running with the always available and experienced DDoS mitigation staff.
Keep your services up and running with the always available and experienced DDoS mitigation staff.
Application Scenarios
Painpoints
Website access is slow or blocked due to DDoS and CC attacks, resulting in the loss of users and low sales volumes.
Advantages
Introduction to DDoS Attacks
Common DDoS attacks
DoS attacks are also called flood attacks. They intend to exhaust the network or system resources on the target computer, causing service interruption or suspension. Consequently, legitimate users fail to access network services. A DDoS attack involves multiple compromised computers controlled by an attacker flooding the targeted server with superfluous requests. Table 1 describes the common DDoS attacks.
Table 1 Common DDoS attacks
Attack Type
|
Description
|
Example
|
---|---|---|
Network layer attack |
Occupies the network bandwidth with volumetric traffic, causing your service to be unable to respond to legitimate access requests. |
NTP flood attack |
Transport layer DDoS attack |
Occupies the connection resources of the server, resulting in denial of services. |
SYN flood, ACK flood, and ICMP flood attacks. |
Session layer attack |
Occupies SSL session resources of the server, resulting in denial of services. |
SSL slow connection attack |
Application layer attack |
Occupies the application processing resources of the server and consumes its processing performance, resulting in denial of services. |
HTTP GET flood attack and HTTP POST flood attack |
How Can I Report to the Network Monitoring Department When a DDoS Attack Occurs?
Reporting Process
1. You need to report to the local network monitoring department as soon as DDoS attacks occur and provide related information as required.
2. The network monitoring department determines whether your case can be filed and performs relevant network monitoring process.
NOTE: For details about the standards of filing a case, contact the local network monitoring department.
3. After your case is officially filed, Huawei Cloud will cooperate with the network monitoring department to provide attack evidence.
What Evidence Can Huawei Cloud Provide?
After your case is filed in the network monitoring department, Huawei Cloud will provide the following assistance:
Huawei Cloud will provide responsible personnel in the network monitoring department with traffic logs and attack information about your services on Huawei Cloud.
NOTE: Because the data will be used as legal evidence, it cannot be provided to you directly. You can view information about the attack traffic on the HUAWEI CLOUD management console.
HUAWEI CLOUD cannot analyze traffic logs and attack information, or identify the attacker.
NOTE: Because HUAWEI CLOUD is not a judge, it is impossible to judge who is guilty. Nor does it have law enforcement rights, who can conduct a case investigation. HUAWEI CLOUD can only serve as an evidence provider and witness.
HUAWEI CLOUD will respond to the network monitoring department in a timely manner and assist their work.
In case of security attacks, you are advised to actively request the network police to file your case and conduct investigation by referring to the standards for case filing of the local network monitoring department.
View information about attack traffic:
You can view traffic statistics and attack events on the HUAWEI CLOUD management console.
Black Hole Threshold of Cloud Native Anti-DDoS Basic
CNAD Basic (Anti-DDoS) is enabled by default to protect your resources against DDoS attacks.
Black Hole Threshold
The black hole threshold refers to the basic attack mitigation capability provided by HUAWEI CLOUD. When the scale of attack exceeds the threshold, HUAWEI CLOUD executes a black hole policy to block the IP address.
Anti-DDoS provides 2 Gbit/s of defense against DDoS attacks for common users for free. Anti-DDoS can provide up to 5 Gbit/s of defense (depending on the available bandwidth of Huawei Cloud) against DDoS attacks.
Scrubbing Principle
HUAWEI CLOUD monitors service traffic in real time. Once an attack is detected, it diverts service traffic to the HUAWEI CLOUD Anti-DDoS scrubbing system, which identifies the traffic from that IP address, discards the attack traffic, and forwards legitimate traffic to the target IP address, thus reducing damage on the server.
Security
-
Shared Responsibilities
Huawei guarantees that its commitment to cyber security will never be outweighed by the consideration of commercial interests.
Huawei guarantees that its commitment to cyber security will never be outweighed by the consideration of commercial interests.
-
Identity Authentication and Control
No matter whether you access the Anti-DDoS service through the console or calling APIs, you are required to provide the identity credential and verify the identity validity.
No matter whether you access the Anti-DDoS service through the console or calling APIs, you are required to provide the identity credential and verify the identity validity.
-
Audit and Logging
Cloud Trace Service (CTS) keeps track of user activities and resource changes on your cloud resources. It helps you collect, store, and query operational records for security analysis, audit and compliance, and fault location.
Cloud Trace Service (CTS) keeps track of user activities and resource changes on your cloud resources. It helps you collect, store, and query operational records for security analysis, audit and compliance, and fault location.
-
Data Protection
To prevent data leakage, Anti-DDoS does not store your sensitive user data. It encrypts your data during transmission.
To prevent data leakage, Anti-DDoS does not store your sensitive user data. It encrypts your data during transmission.
-
Service Resilience
Huawei Cloud data centers are deployed around the world. All data centers are running properly. Data centers in two cities are deployed as disaster recovery center for each other.
Huawei Cloud data centers are deployed around the world. All data centers are running properly. Data centers in two cities are deployed as disaster recovery center for each other.
-
Certificates
Huawei Cloud services and platforms have obtained various security and compliance certifications from authoritative organizations, such as International Organization for Standardization (ISO).
Huawei Cloud services and platforms have obtained various security and compliance certifications from authoritative organizations, such as International Organization for Standardization (ISO).
FAQ
FAQ
Videos
AAD Service Introduction
04:08
Getting Started with Anti-DDoS
01:32