A company is hosting a web application that is sitting behind an Application Load Balancer.
The IT Security team needs to respond to possible layer 7 DDoS attacks in the most efficient time possible.
Which of the following 2 actions can help achieve this?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A and B.
AWS Docs provides the following details.
If DDoS alarms in CloudWatch indicate a possible layer 7 attacks, you have two options.
· Investigate and mitigate the attack on your own: If you determine that activity represents a DDoS attack, you can create your own AWS WAF rules to mitigate the attack.
AWS WAF is included with AWS Shield Advanced at no additional cost.
AWS provides pre-configured templates to get you started quickly.
· If you are an AWS Shield Advanced customer, you also have the option of contacting the AWS Support Center: If you want assistance in applying mitigations, you can contact the AWS Support Center.
Critical and urgent cases are routed directly to DDoS experts.
With AWS Shield Advanced, complex cases can be escalated to the DRT, which has deep experience in protecting AWS, Amazon.com, and its subsidiaries.
Option C is incorrect because AWS Shield is enabled by default and you need to enable AWS Shield Advanced to engage AWS DDoS Response Team (DRT).
Option D is incorrect because GuardDuty detects unauthorized and unexpected activities in your AWS environment.
It does not help to respond to layer 7 DDoS attacks.
For more information on responding to DDoS attacks, please visit the below URL.
https://docs.aws.amazon.com/waf/latest/developerguide/ddos-responding.htmlOption A: Use the AWS WAF service and set up ACLs to respond to the DDoS attacks.
AWS WAF (Web Application Firewall) is a service that helps protect web applications from common web exploits and DDoS attacks. WAF enables the creation of custom rules to block suspicious traffic based on a range of conditions such as IP address, geographic location, and request characteristics. By configuring appropriate WAF rules, the security team can detect and mitigate the DDoS attacks at Layer 7, which targets the application layer.
Option B: Use the AWS Shield Advanced service to protect against the DDoS attacks.
AWS Shield is a managed DDoS protection service that safeguards applications running on AWS. AWS Shield Advanced provides additional protection beyond the basic AWS Shield, such as increased protection from large and sophisticated DDoS attacks, visibility into attacks, and access to AWS DDoS Response Team (DRT) for advanced assistance. AWS Shield Advanced also provides a 24/7 support staffed by AWS DDoS experts.
Option C: Enable AWS Shield and engage the AWS DDoS Response Team (DRT).
AWS Shield Advanced comes with a dedicated team of AWS DDoS experts known as the AWS DDoS Response Team (DRT). They can help the security team in detecting, investigating, and mitigating DDoS attacks in real-time, reducing the impact on the application. When a DDoS attack occurs, the security team can engage the DRT through the AWS Management Console or AWS Support Center.
Option D: Use AWS GuardDuty.
AWS GuardDuty is a threat detection service that continuously monitors the AWS environment for malicious activity and unauthorized behavior. GuardDuty uses machine learning algorithms and threat intelligence feeds to detect various types of threats, including DDoS attacks. GuardDuty can alert the security team of potential attacks so that they can take appropriate actions.
Conclusion:
All the above options are potential solutions to detect and mitigate DDoS attacks. However, AWS Shield Advanced is the most appropriate solution for layer 7 DDoS attacks, as it provides advanced protection and access to the AWS DDoS Response Team. Option A, using AWS WAF, is also a viable solution that can be used in combination with AWS Shield Advanced. Option D, using AWS GuardDuty, is a good proactive measure to detect DDoS attacks.