To understand AWS Security services, you need to know the basics of internet/cloud security threats and practices.
DDoS (Distributed Denial of Service)
The attack attempts to make your application unavailable to end-users by large packet floods or a massive number of requests.
- It can be done by using reflection and amplification techniques or by using botnets.
Layer 4 DDoS Attack
- Also known as an SYN flood. An attacker rapidly initiates a connection to a server without finalizing the connection.
- The packet that the attacker sends is the SYN packet, a part of TCP’s three-way handshake used to establish a connection – SYN, SYN-ACK, ACK -.
- There is only a finite number of open current TCP connections. By sending many SYN packets at the same time, it consumes all of the allowed TCP connections.
Amplification DDoS Attack
- Amplification attacks are used to magnify the bandwidth that is sent to a victim using NTP, SNMP, or DNS.
- Network Time Protocol (NTP) is an internet protocol used to synchronize with computer clock time sources in a network.
- An NTP amplification attack is a reflection-based volumetric DDoS attack in which an attacker exploits an NTP server functionality (small request size and large response size – 556.9 amplification factor) in order to overwhelm a targeted server with an amplified amount of UDP traffic.
Layer 7 DDoS Attack
- An attacker sends a flood of GET or POST requests to the server, usually through a botnet or compromised computers.
PII – Personally Identifiable Information
PII is any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, credit card number, date and place of birth, mother’s maiden name, or bio-metric records.
- Personal data could be used in identity theft and financial fraud.