Remediation Actions Against Layer 7 DDoS Attacks
Question
A retail organization has deployed its web application servers within AWS cloud infrastructure.
This organization is a part of AWS Shield Advanced and is experiencing an attack on its web servers.
The operations team has confirmed that DDoS alarms in Amazon CloudWatch are indicating layer 7 attacks.
Management is looking for a way forward to remediate these attacks. Which is the correct statement for possible actions against these attacks?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D.
If an organization is a part of AWS Shield Advanced and is facing layer 7 attacks, they can contact the AWS support center which can engage DDoS experts or AWS Shield Response Team to mitigate the DDoS attacks.
Option A is incorrect as network ACLs are automatically added in the case of layer 3 and 4 attacks and not for layer 7 attacks.
Option B is incorrect as this is required only when the organization is not a part of AWS Shield advanced support.
Option C is incorrect as AWS automatically addresses layer 3 and 4 attacks and not layer 7 attacks.
For more information on AWS Shield, refer to the following URL,
https://docs.aws.amazon.com/waf/latest/developerguide/ddos-responding.htmlThe correct answer for possible actions against layer 7 attacks in the scenario described in the question is option D, "Contact AWS Support centre to engage AWS Shield Response Team."
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS from DDoS attacks. It provides two versions of the service, AWS Shield Standard and AWS Shield Advanced. AWS Shield Standard provides automatic protection to all AWS customers, while AWS Shield Advanced offers additional protection features and resources.
In this scenario, the retail organization is a part of AWS Shield Advanced and is experiencing a layer 7 DDoS attack. Layer 7 attacks target the application layer of the web server, which includes the HTTP protocol, and they are difficult to detect and mitigate as they mimic legitimate traffic.
AWS Shield Advanced provides advanced protection against layer 7 attacks, including a 24/7 DDoS response team that helps customers with the investigation and remediation of DDoS attacks. Customers can engage the AWS Shield Response Team by contacting AWS Support.
Option A is incorrect because AWS does not automatically deploy network ACLs to mitigate layer 7 attacks. Network ACLs are not effective against layer 7 attacks as they operate at the network layer, which does not have visibility into the application layer.
Option B is incorrect because while AWS WAF (Web Application Firewall) can be used to mitigate layer 7 attacks, creating user-created AWS WAF ACLs may not be effective against sophisticated attacks. Also, the retail organization is experiencing an attack, so remediation of the attack should be handled by AWS Shield Response Team.
Option C is incorrect because AWS security group rules are not designed to mitigate layer 7 attacks. Security groups operate at the instance level, providing inbound and outbound network filtering to control the traffic that reaches the instances.
Therefore, the best option for the retail organization in this scenario is to engage the AWS Shield Response Team by contacting AWS Support.
