As of March 6, 2023, the total number of online attacks in Vietnam in 2022 has decreased by 33.8% compared to 2021. A total of 41,989,163 cases were detected and prevented (according to the latest report from Kaspersky Security Network). Although the number of offline attacks has decreased, according to the latest statistics, Vietnam still ranks 49th in the world in terms of the total number of online attacks in recent years.

Statistics on cyber attacks in Vietnam for the period 2020 – 2022

In this article, CMC Telecom experts introduce to businesses the distributed denial-of-service (DDoS) prevention solution from AWS.

Reasons why businesses should use DDoS prevention solutions from AWS

DDoS is an attack method in which hackers will send a series of access requests to the target system. This will cause overload and hinder normal system operations. Hackers using botnets cause major disruption and damage to network systems and services.

With the above problems and vulnerabilities, CMC Telecom recommends that businesses research and apply two AWS services to combat and minimize the impact of DDoS: AWS Shield and AWS WAF (Web Application Firewall).

AWS Shield is a managed service that helps protect against DDoS attacks, keeping applications running on AWS secure. AWS WAF is a service that helps businesses defend against botnets and common web attacks that can impact availability, security, or consume system resources. A botnet is a computer network made up of computers infected with malware and controlled by hackers. Hackers can use botnets to carry out distributed denial of service (DDoS) attacks.

With AWS Shield, the service is classified into 2 versions. First is AWS Shield Standard, a free version available to all AWS customers. AWS Shield Standard provides basic network and transport layer protection (Layers 3 and 4) to help prevent and limit the impact of DDoS attacks by detecting and blocking attack traffic before it causes impact. affect the system. The second is the AWS Shield Advanced edition, which offers a higher level of protection, beyond the features available in Standard. The Advanced version allows both detection and mitigation of complex DDoS attacks, and provides near real-time monitoring when integrating with AWS WAF – web application firewall (Layer 7). In addition, with the Advanced version, customers will have access to AWS Shield Response Team (SRT) – a team of security experts, providing 24/7 direct customer support.

AWS Shield Advanced

Common web application protection reference diagram

AWS recommends that users use a combination of services to both prevent and minimize damage caused by DDoS attacks. Specifically, the AWS Shield Advanced service, a comprehensive DDoS protection center. CloudFront – AWS’s CDN service helps increase the speed and scalability of web content delivery. When combined with AWS Shield Advanced, CloudFront redirects web traffic through Shield’s protection system to prevent and limit the impact of DDoS attacks right at the network layer. Amazon Route 53 service helps manage AWS domain names and DNS, which can distribute web traffic to destination servers across different geographies. This enhances DNS system anti-DDoS protection through traffic dispersion and ensures application availability.

The model describes how CloudFront works

Besides, WAF also provides an additional layer of protection by using available Rule sets or creating custom rule sets to detect, identify, and prevent suspicious behaviors and types of DDoS attacks.

Reference architecture for protecting applications operating over TCP/UDP protocols (Layers 3 and 4)

Reference diagram for protecting applications operating over the TCP/UDP protocol

With experience deploying and accompanying AWS for many years, CMC Telecom encourages businesses to use Amazon Route 53 in combination with AWS Global Accelerator. This is an AWS service that helps improve response times and increase user traffic for applications running on AWS. Global Accelerator uses AWS’s global network infrastructure to optimally route traffic to application endpoints, minimizing latency and increasing scalability. This combination can optimize DDoS attack prevention for many types of applications from Games, IoT, Voice IP and web applications that need static IP addresses.

In addition, when integrated with Elastic Load Balancer (ELB), Global Accelerator not only helps distribute load effectively but also creates anti-DDoS protection. Because ELB is a service provided by Amazon Web Services (AWS), to automatically distribute network traffic to multiple servers, drives, or other services in the same cloud environment. ELB provides automatic scaling and traffic distribution, helping to improve application performance and availability.

For web applications, using ELB in combination with AWS WAF web access control list (web ACL) using a set of rules will greatly reduce the risk of being attacked.

Currently in Vietnam, CMC Telecom is a senior service partner of AWS. At the same time, this business also owns the AWS Migration Competency capability with recognition and certification of professional capacity and experience that can meet the needs of services and solutions on AWS Cloud.