亚马逊AWS 技术白皮书：提供分布式拒绝服务 (DDoS) 弹性的 AWS 最佳实践.pdf

AWS Best Practices for DDoS Resiliency June 2015 Amazon Web Services – AWS Best Practices for DDoS Resiliency June 2015 © 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. Page 2 of 24 Amazon Web Services – AWS Best Practices for DDoS Resiliency June 2015 Contents Abstract 3 Introduction 3 Distributed Denial of Service Attacks 4 Mitigation Techniques 6 Minimize the Attack Surface Area 7 Be Ready to Scale and Absorb the Attack 8 Safeguard Exposed Resources 15 Learn Normal Behavior 20 Create a Plan for Attacks