Cyber security fundamentals (simplified chinese)
•Descargar como PPTX, PDF•
0 recomendaciones•370 vistas
您是否意识到当前您的业务面临的安全威胁? 你准备好应对下一次大规模DDoS攻击了吗? 你能做些什么来准备呢? 知识要点: 网络威胁日益严重 对安全策略的挑战 攻击对业务的影响 保护Web应用程序
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (11)
Similar a Cyber security fundamentals (simplified chinese)
Similar a Cyber security fundamentals (simplified chinese) (20)
Más de Cloudflare
Más de Cloudflare (20)
Cyber security fundamentals (simplified chinese)
- 1. 网络安全基础
- 5. 5 Cloudflare 安全愿景 提供世界一流的可见性、控制和引导式配置,在不以牺牲速度 和性能为代价的前提下,为各种规模、具有不同技术复杂程度 的客户提供保障,确保其互联网资产安全、可靠运行 5
- 6. 2500 万 + 互联网资产 200+ 个城市,遍布 90 多个国家/地区 720 亿 2019 年第 3季度每天阻止的网络威胁 99% 的发达国家联网人口只需 100 毫秒即可登 录我们的网络 注意:数据截止到 2019 年 6 月 28 日。 Cloudflare 拥有庞大的网络规模 机密信息。© Cloudflare, Inc. 版权所有
- 7. 2500 万+ 互联网资产 ~10% 的财富 1000 强公司是我们的付费客户 每天 10 亿 独特的 IP 地址通过 Cloudflare 的网络 跨领域保护和加速 Internet 应用程序 机密信息。© Cloudflare, Inc. 版权所有
- 8. 客户从集成的安全性、性能和可靠性中获益 35% 的性能提升 50% 的 DNS 性能增强 拦截 60% 的恶意流量 每月 WAF 阻止攻 击 41,000 次 在 2 小时内阻止 900,000 次登录尝试 页面加载时间减 少 50%
- 11. 大规模 DNS 洪水 机器 人 DNS 服务器 DNS 服务器 服务器 放大(第 3 和 4 层) HTTP 洪水(第 7 层) 1 2 机器 人 3 机器 人 降低应用程序、网站和 API 的可用性和性能 HTTP 应用程序 应用程序/登录 DDoS 攻击流量的类型
- 12. DDoS 攻击的规模呈指数增长 分布复杂的第 7 层攻击增加 - 可有效绕过传统 DDoS 保护方法。
- 13. 应用程序和 API 漏洞 假网站 访问者 1DNS 欺骗 恶意有效负载 例如:泄漏 PII 和凭证 的 SQLi 注入攻击 3 攻击者 机器人 暴力 4 数据窥探 2
- 14. 物联网攻击 - 新现实 2016 年,大批物联网摄像头僵尸网络 和一次大规模攻击席卷 DNS 服务提供 商。 最近几周以来,我们发现 DDoS 攻击 有了全新的大规模攻击方式,以瘫痪 网络程序。 这些攻击似乎是来自物联网僵尸网络 (比如 Mirai 等等),这个僵尸网络之 前曾经发起过针对 Brian Krebs 的大规 模攻击。 50 Gbps 最多 1 Tbps
- 16. 失去客户信任 和降低品牌价值 因网站故障失去收入 或因恶意流量而增加成本 业务影响 业务影响 ● 100,000 美元:每小时基 础设施故障的平均成本 ● 141 美元:每条含机密或 敏感信息的记录丢失或被 窃取的平均成本 ● 362 万美元:数据泄露的 平均总成本 成本类型: 补救费用(硬件、服务和软件)、失去的收入、未来因客户流失而失去的收入、浪费的营销投入、 品牌负面影响、求助台费用、增加的 IT 工作人员费用、用户生产力的损失 IDC,2015 年 3 月;Ponemon Institute,2017 年 6 月
- 17. Cloudflare DDoS 解决方案 可扩展的便捷式高性能解决方案,可以解决可用性挑战 保持联机 拥有超过 180 多个数据中 心的全球 anycast network 吸收了大量分布 式攻击流量,令客户可以 保持联机状态 保护源站基础设施 检测并缓解边缘处的大规模攻击:第 3 和 第 4 层、 DNS 和第 7 层 识别异常流量 指纹识别 HTTP 请求,通过自动 缓解规则保护网站免遭已知和新 生的僵尸网络 通过控制保护应用程序 Rate Limiting 提供更好的精 细控制,可阻止难以检测的 应用程序层攻击 源站 DDoS 攻击 预测攻击 跨 600 万个网站的共享情报 用于主动阻止已知的 攻击特征 阻止源站攻击 Argo Tunnel 可在源站和 Cloudflare 最近的数据中心之间创 建一个直接的加密隧道,从而保护 原 Web 服务器免受目标攻击
- 18. 行业旧版清理 vs.Cloudflare 永远在线 18 行业旧版清理 - 传播时间过长(达 300 秒) - 异步路由 - 大大增加延迟 - 通常需要手动干预 永远在线 - 零传播时间 - 同步路由 - 不增加延迟 - 即时自动缓解,无需切换
- 19. 面向安全应用程序的 Cloudflare 解决方案 攻击 攻击者试着伪造 DNS 信息来拦截 客户凭据 窥探客户输入的未经加密的敏 感数据 以暴力方式攻破登录页面 通过各种形式和 API 注入恶 意负载 弹性 DNS 和 DNSSEC 可阻 止伪造的信息 通过 SSL/TLS 进行加密来阻 止窥探 通过 Rate Limiting 提供登 录保护 通过 WAF 阻止热门 OWASP 和新 生的应用程序级攻击 ● 分层防御,以 抗御更复杂的攻击者 ● 单控制平面,符合更加稳健 和灵活的安全策略 ● 学习跨 600 万个网站的攻击 资料,保证您的安全 1. 2. 3. 4. CLOUDFLARE 解决方案
- 20. Cloudflare Rate Limiting 精准 DDoS 防护措施 • 通过稳健配置选项实现高精度拒绝服务保护 保护客户数据 • 保护敏感的客户信息免受暴力登录攻击 API 保护 • 设置 API 使用限制,确保可用性并防止滥用。 成本保护 • 设置仅允许良好流量通过的阈值,避免因流 量峰值或攻击而产生不可预测的成本。 每个与流量模式匹配的 IP 地址的请求 20© 2018 Cloudflare Inc.保留一切权利。
- 21. 新一代 Cloudflare Bot Management 一键启用 ● 仅需点击一次,即可使用 Cloudflare 推荐的机器人得分阙值部署规则 ● 无需使用第三方 JavaScript 控制和可配置性 ● 按照路径或 URI 模式、请求方式和机器人得分阙值制定的范域规则 ● 选择缓解方式,如日志、CAPTCHA 或阻止 丰富的分析和日志 ● 采用深入视图的时间序列图表 ● 记录机器人管理规则、行动以及针对每个请求的丰富的请求元数据 通过利用来自超过 2000 万个互联网资产的情报来检测和缓解恶意机器人。您单击一下,即可实现所有 这些功能。
- 22. Cloudflare Bot Management 方式 机器学习 Cloudflare 的机器学习培训基于 每天 4250 亿个请求,涵盖超过 2000 万互联网资产,从而为每个请 求创建可靠的 “bot score(机器人 得分)”。 行为分析 通过行为分析检测特定于站点的 流量中的异常,并对每个请求与 基线的差异进行评分。 自动白名单 由于并非所有机器人程序都是 坏的,因此该解决方案会自动 维护并更新“好”机器人的白名单, 例如属于搜索引擎的爬虫机器 人。 Mobile SDK 移动 SDK 保护移动应用程序 API 免遭机器人的冒充攻击和 仿真攻击。 22 检测 保护
- 23. Rate Limiting SSL L3/4 DDoS 保 护 ` 我们保护端对端流量,提供分层防御 请求 通过! Bot Management WAFDNS/DNSSEC Argo Tunnel 2323 L7 DDoS 保护 Orbit Spectrum 扩展 WorkersAccess 控制
Notas del editor
- Hi Everyone A very warm welcome to all of you who’s joining us across countries in APAC. We are all excited to be here with you as this will be giving you a beginner's take on Cybersecurity and how it impacts your business. We will now share the latest trends around this subject so that you know what to look out for and some practical tips on how to mitigate your risks, so we hope you stick around till the end. Thank you again for joining us with this session.
- My name is Sophie and I am the Customer Success Manager for APAC. Cloudflare is growing really fast in our region and I’m the day to day contact window for the enterprise customers, responsible for new customer onboarding, service consultancy, QBR , on-site customer engagement and customer event planning and coordination. And help to drive digital platforms and educational events like this. On today’s webinar we have Gaurav Mallawat , our Solutions Engineer based in Singapore, Gaurav is a very senior engineer team lead and has been with Cloudflare for almost four years. He will share contents from a more technical point of view. Hey Gaurav , would you like to introduce yourself? Thank you Gaurav for the introduction and we’re all looking forward to diving into your content. But before we start, I would like to go over some housekeeping items. Since there are so many of you on the call. If you do have any questions, we are going to hold that off until the end of the presentation. Please write your questions on the Q&A section in your console on the right hand side. We will go through these Questions at the end of the webcast. Also, a recording of this webinar will be available on the Cloudflare Channel and the slides will be shared with you. This session will take around 30 minutes of your time. But we will stay online after that to answer your questions. And here we go!
- “On today’s webinar we will cover these 3 main things How does the threat landscape look like? What are challenges to a successful security strategy How can you protect your web content from these threats? We will end with the Q&A so please make sure you ask your questions on the chat and we will answer them at the end.
- The next 30 minutes is packed with useful tips and insights. Before we get into that, let me take a few steps back to talk about what Cloudflare does. As you can see from our Mission Statement, Cloudflare is helping build a better internet. How do we do that? What is it that we do? In simple terms we help build a better internet by making your websites more secure, more reliable and faster. And why are these so important? Because if your website goes down or it’s slow to load, for any reason, it will have a negative impact to your business and cause the revenue lost. And we make it our business that that will never happen
- So diving into Cybersecurity, In a nutshell, this is our philosophy on how we tackle this issue for our customers. world-class visibility, controls, and guided configurations 20M customers world wide - huge variety - some tech some not We will not sacrifice speed and performance for security. We are complete but not complex
- So how can Cloudflare help to grow your business? Cloudflare’s network has the breadth and scale that organizations need to run their Internet applications. As of today, our network covers 194 cities and 90 plus countries. What this means is that we have a very robust, holistic view on global security threats so that we can better help companies mitigate risks as they happen around the world. With this Global Anycast Network we will ensure that your websites always stays up and deliver faster content to your customers so that you can focus on what you do best and that is growing your business. Our network offers scale, performance that helps organizations like yours deliver superior application experience while keeping their environments secure.
- We are for everyone. There are benefits from having a diverse set of customers and we have over 20 million Internet properties on our network across geographies, industry verticals, non-profits, and government agencies
- There are number of customers that have realized benefits from the integrated security, performance, and reliability. Here are some examples.
- Talk Track: Three factors are leading many of our customers to experience a growing exposure to security threats: Greater attack surface results from three common trends: Applications publishing more public APIs Companies are moving more applications, including production-level workloads, to the cloud Increasing third-party integrations Attackers are stronger. Here are three ways: Greater volume, greater distribution, including IoT devices as sources Greater motivation through success of holding companies for ransom Shifting to harder to detect and block “application” layer attacks A greater attack surface area along with stronger attackers would, alone, be a big concern. But at the same time, there is Greater scrutiny for security incidents: Governments are applying greater scrutiny over privacy and data issues Media reports of breaches and cybersecurity incidents have increased Individual consumers more are educated and aware with high-profile reporting (a combination of #1 and #2) Questions: Do any of these actually sound familiar for your business? Do you believe your exposure is decreasing, increasing or is the same? In what ways? Background Reading - you can build this into your talk track: Companies are facing increased pressures to strengthen their security posture. Three forces contributing to the pressure are: Attack surface area increases from applications exposing more public APIs, the increase in SaaS adoption, and the integration with more third-party applications Attackers are stronger, more sophisticated, and highly motivated Heightened public and government scrutiny of data, privacy, and security Attackers are increasing their frequency and volume of Distributed Denial of Service (DDoS) attacks. By leveraging botnets and the millions of Internet-of-Things (IoT) devices online, they are able to wage highly distributed volumetric attacks with greater ease and impact. In addition to higher volumes, attackers are shifting their focus from the network layer to the application layer. Application-layer or "Layer 7" attacks are harder to detect, often require fewer resources to bring down a website or application, and can disrupt operations with greater impact. Attackers are able to monetize their attempts to bring down sites or steal sensitive data, for example, by holding sites for ransom. As a result, because of the successful ransom payouts by their enterprise targets, the attackers are more motivated, organized and pervasive.
- Talk Track: In light of this growing exposure to security risks, what are those primary threats you may encounter? We spent time talking with OUR customers across different verticals to truly understand the most common fears. These match what industry analysts are reporting: Site is unavailable because of denial of service attack Customer data is compromised, (e.g. breached or stolen) Increasingly, abusive bot activity For each of these broad types of threats, we’ll quickly go into more detail about what those types of threats or attacks could look like. Questions: Which, if any, of these are most important for you? For the others, do you anticipate they could become problems or think they won’t impact your business? And if so, why? If there was a pre-call…”I know you shared initial concerns about DDoS, what about data compromise?”
- Talk Track: This slide gives examples of the types of DDoS attack. We could dive deeper with the rest of your team and our security team, as well. The important take-away is that these attacks are layered. In other words, a DDoS can attack different parts of your infrastructure. Volumetric DNS Flood: volumetric DNS queries against your DNS servers to make the DNS server unavailable Amplification: using a DNS to amplify requests and overload yours server over UDP HTTP Flood: volumetric HTTP attack to bring down the application All of those attacks impacts availability and performance of of websites, applications and API’s. Questions: This is often a good, in-depth slide to share with broader audience, for example if you have a security or infrastructure team. Would you be interested in that? Which have you experienced in the past, if any? How did you respond to them if you did?
- Talk Track: When it comes to compromise of sensitive customer data, you may be most familiar with malware. While that’s a very visible form of attack right now, we should consider there are other common, just not as media-hyped, forms of customer data theft. The take-away for this slide is that attackers can take advantage of different vulnerabilities. DNS Spoofing: visitors are directed to a fake site instead of your site A compromised DNS record, or "poisoned cache," can return a malicious answer from the DNS server, sending an unsuspecting visitor to an attacker's site. This enables attackers to steal user credentials to then take-over legitimate accounts. Data Snooping: sensitive data like visitor’s credentials or credit cards are snooped over the wire Attackers can intercept or "snoop" on customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers. Brute Force: attackers are repeatedly trying credentials to take over an account Attackers can wage "dictionary attacks" by automating logins with dumped credentials to "brute force" their way through a login-protected page. Malicious Payload: SQL-injection, cross-site scripting, remote file inclusion that results in ex-filtrated data Malicious payloads exploit an application vulnerability. The most common forms are SQL injections, cross-site scripting, and remote file inclusions. Each of these can exfiltrate sensitive data by running malicious code on the application. The risk is that sensitive customer data, such as credit card information, might get compromised.
- Talk Track: The third attack: increasingly, bots are becoming more common forms of attack. The three most common we have seen and blocked are: Content scraping: which essentially steals website content and hurts SEO or revenue Check out fraud: the most common is the “sneaker bot” which takes limited inventory and buys before actual customers can get them Account takeover: the result typically of a brute force login to then use a compromised account
- Talk Track: So what happens when you experience one or more of these problems we just discussed? Many of our customers shared with us they have both intangible and tangible costs. You can see some of the potential cost categories and, if you are interested, we can schedule time with your team to get a better handle on the costs if you don’t know details right now. However, for the purposes of this conversation, we’ve found it’s often helpful to think about and to discuss the potential costs. The areas of cost can range, as you can see on the list, from remediation costs to loss of user productivity. It doesn’t need to be accurate. But reviewing these can reveal whether the problem is a one-hundred dollar a month problem, or a one-hundred thousand dollar a month problem. Some questions include: What is the cost for an hour of downtime due to a DDoS in lost customers? What would be the cost if just one customer record were breached in terms of remediation or customer churn? What happens to revenue or your brand when malicious bots abuse your site? Source: IDC, March 2015: “DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified”, Stephen Elliot. This was commissioned by AppDynamics Ponemon Institute, 2017 Internal background reading - Enablement: These are discovery/conversation slides This is very important. You will have a more difficult time ultimately doing the sale or upsell without it unless the customer’s hair is on fire to buy something. On the right hand side are the types of costs to explore with customers. Potential responses from customers and options for responses: If the customer responds: I don’t know “That’s fine. I could imagine the person who would know would be interested. Could we include him in future meetings as a way to help you get the answers?” “I understand. Who would know about these numbers in your organization?” “Sure. Do you think you could make an educated guess? Is this $5 per incident or $50,000 per incident?” We have found that it’s valuable for companies to quickly get a sense of the business impacts you most care about. These two were consistently what customers shared as big concerns, whether they use Cloudflare or not. Which of these are important to you? What connection do you see between these and downtime from DoS and breached customer data? Who in the org care about these impacts? Here are some examples from conversations with existing customers: Trust A financial services customer said lost of trust would directly impact customer and revenue A medical ecommerce customer said losing trust would be “game over” as a business A hospitality company values the brand as key to their business and downtime hurt the brand A media site said losing trust of readers as a news site by being down would impact short-term ad revenues and long-term brand (which impacted advertisers) Trust goes down, Revenue goes down in every case If you had to give a dollar amount of the impact, what would it be? Notes: Are costs critical to the buying decision? Costs could be the increased costs of backend servers during attacks -- For example, the service HaveIbeenPwnd, saw a 5x increase in Azure services due to attacks -- A media company customer saw bandwidth costs increase 1000x from attack traffic Revenue could be the impact during an outage Downtime for many companies, from e-commerce, to SaaS, to ad-driven businesses, can be in the tens of thousands of dollars, due to lost customers, lost ad dollars If you have to pick an area with the biggest potential impact, which would it be? RESEARCH from competitors: The average global cost of data breach per lost or stolen record was $141. However, health care organizations had an average cost of $380 and in financial services the average cost was $245. Media ($119), research ($101) and public sector ($71) had the lowest average cost per lost or stolen record. 2017 Cost of Data Breach Study Global Overview Benchmark research sponsored by IBM Security Independently conducted by Ponemon Institute LLC June 2017 https://www.theatlantic.com/technology/archive/2016/10/a-lot/505025/ https://www.ponemon.org/blog/2014-cost-of-data-breach-united-states https://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdf https://www.corero.com/company/newsroom/press-releases/market-study-indicates-ddos-protection-is-a-high-priority-for-data-centres-hosting-providers-and-network-services-providers/ https://ns-cdn.neustar.biz/creative_services/biz/neustar/www/resources/whitepapers/it-security/ddos/2015-oct-ddos-report.pdf
- Talk Track: Cloudflare’s DDoS Solution has several components. First, our infrastructure scales to address the growing size of DDoS attacks. It does this through an Anycast network which creates a larger surface area to absorb highly distributed attacks. Second, we put in place automatic detection and mitigation. This leverages our visibility across 20M customers and 10% of HTTP traffic. Lastly, we give customers control for those layer 7 attacks which may not look like DDoS attacks to us, but for your environment need to be blocked by on customized rules you create. The big message is: The DDoS solution is: Scalable Easy to Use Fast Our protections are layered: Global Anycast absorbs distributed traffic The Argo tunnel stops attack traffic to the origin server, without the hassle of opening up firewall ports and configuring ACLs Drop at the edge high volume of ¾ and layer 7 traffic Fingerprinting looks at patterns in traffic attributes to respond quickly to dynamic threats Share intelligence across all to proactively identify threats Give granular control to users for harder-to-detect Layer 7 Before we go further, could we talk about which, if any, of these are things you’d like to ask about?
- Talk Track Earlier we discussed four common vectors for attacks to compromise or steal sensitive data. The take-away for this slide is this: when there are multiple vectors, you need a layered defense. To defend against malicious payloads, you need a Web Application Firewall - WAF checks the payload against malicious OWASP on the application To mitigate damage by malicious bots you need to be able move the attack surface closer to the attacker - Cloudflare Workers lets you apply custom security rules and filtering logic at the network edge. This helps in early detection of malicious bots and prevents them from consuming resources To prevent unintended snooping of data, you need easy to manage and deploy encryption - TLS encrypts the content so protects against sniffing To block brute force logins, you need rate-based log-in protection - Rate Limiting checks against threshold volume to protect against DDOS, brute-force or scraping To prevent forged DNS answers that can send customers to a fake site, you need resilient DNS and DNSSEC - DNS tells us the address the request goes to and secure DNS protects against phishing To protect your origin web server from targeted attacks that directly use the server IP address, you need an easy way to expose web servers securely to the internet. The Argo tunnel stops attack traffic, without the hassle of opening up firewall ports and configuring ACLs by ensuring that requests route through Cloudflare’s WAF and unmetered DDoS before reaching the web server All these work seamlessly and are easy to set up and configure through the Cloudflare UI as well as through a rich set of APIs. The high level takeaways are: Multiple attack vectors Cloudflare has layered defense Easy to configure across all services Learn across 9m websites Background Reading - you can build this into your talk track: Reduce risks of data compromise through layered defense Attackers often use several attack vectors when attempting to compromise customer data. To protect themselves, companies need a layered defense. REDUCE SPOOFING THROUGH SECURE DNS Cache poisoning or "spoofing" tricks unsuspecting site visitors to enter sensitive data, such as credit card numbers, into an attacked site. This type of attack occurs when an attacker poisons the cache of a DNS name server with incorrect records. Until the cache entry expires, that name server will return the fake DNS records. Instead of being directed to the correct site, visitors are routed to an attacker's site, allowing the bad actor to extract sensitive data. DNSSEC verifies DNS records using cryptographic signatures. By checking the signature associated with a record, DNS resolvers can verify that the requested information comes from its authoritative name server and not a man-in-the-middle attacker. STOP ATTACK TRAFFIC TO THE ORIGIN WEB SERVER If an attacker knows the server's IP address, they can attack it directly and bypass existing security solutions. To address this problem, most companies use a solution called Origin Protection. We call it BGP Origin Protection, Incapsula calls it IP Protection and Akamai calls it Site Shield. The underlying technology is often a GRE tunnel and it's slow, expensive and only available as an on-demand service. What exactly does Argo Tunnel do? exposes web servers securely to the internet, without opening up firewall ports and configuring ACLs ensures requests route through Cloudflare before reaching the web server, so attack traffic is stopped with Cloudflare’s WAF and Unmetered DDoS mitigation and authenticated with Access Every server has an internal firewall that controls what can connect to that server. The firewall decides what connections can reach the server. (Note: Firewall only controls what can get in, not what can get out). By default, Firewall says no connection can reach the server. Usually you have to change the firewall so that connections to port 443 (HTTPS) can reach the server With Tunnel, you keep the firewall totally locked down. Nothing can get in. The Tunnel client installed and running on the server makes an outbound connection to Cloudflare. That's allowed – remember the firewall only cares about what establishes an inbound connection. Outbound is allowed. Because there is an outbound connection from the server to Cloudflare, Cloudflare can communicate with server. But if anything else tries to connect to the server, the firewall drops the connection. Someone trying to get the origin server’s IP by doing a scan of all IP's will not get a response from the server behind Tunnel – it is like the server is not there, or offline. REDUCE SNOOPING THROUGH ENCRYPTION Attackers can intercept or "snoop" on customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers. In the case of a "man-in-the-middle" attack, the browser thinks it is talking to the server on an encrypted channel, and the server thinks it is talking to the browser, but they are both talking to the attacker who is sitting in the middle. All traffic passes through this man-in-the-middle, who is able to read and modify any of the data. Fast encryption/termination, easy certificate management, and support of the latest security standards enable customers to secure transmission of user data. BLOCK MALICIOUS PAYLOADS THROUGH AUTO-UPDATED, SCALABLE WAF Attackers exploit application vulnerabilities by submitting malicious payloads that can extract sensitive data from the database, the user's browser, or from injecting malware that can compromise targeted systems. A Web Application Firewall (WAF) examines web traffic looking for suspicious activity; it can then automatically filter out illegitimate traffic based on rule sets that you ask it to apply. It looks at both GET and POST-based HTTP requests and applies a rule set, such as the ModSecurity core rule set covering the OWASP Top 10 vulnerabilities to determine what traffic to block, challenge or let pass. It can block comment spam, cross-site scripting attacks and SQL injections. The Cloudflare Web Application Firewall (WAF) updates rules based on threats identified because of its 6M customers, and can protect customers without hurting application performance because of its low-latency inspection and integration with traffic acceleration. REDUCE ACCOUNT TAKE-OVERS THROUGH LOGIN PROTECTION Attackers can wage "dictionary attacks" by automating logins with dumped credentials to "brute force" their way through a login-protected page. Cloudflare enables users to customize rules to identify and block at the edge these hard-to-detect attacks through its rate-limiting rules
- Cloudflare has protected its customers against some of the largest DDoS attacks which ever occurred. In fact, our 10 Tbps global anycast network is 10X bigger than the latest and largest DDoS attack, which allows us to protect all internet assets on our network even against the new, massive IoT-based DDoS attacks. With the addition of Rate Limiting Cloudflare complements the existing services DDoS and Web Application Firewall (WAF) Services. Rate Limiting protects against layer 7 denial-of-service attacks, brute-force password attempts, and other types of abusive behavior targeting the application layer. It provides the ability to configure thresholds and define responses by IP. If traffic from a specific IP exceeds the threshold, than those requests get blocked and timed out for a defined period. Cloudflare does not charge for blocked traffic, so that our customers only pay for good traffic but not attack traffic. Rate Limiting also provides customers to gain analytical insights into endpoints of the website, application, or API, and they can monitor their good and bad traffic. The main benefits of Rate Limiting include: Precise DDoS Mitigation: Rate Limiting provides simple to use but powerful configuration capabilities to protect against denial-of-service attacks Protect Customer Data: Rate Limiting is the right service to protect sensitive customer information against brute force login attacks Enforce Usage Limits: Enforce usage limits on your API endpoints by limiting HTTP requests Cost Protection: Avoid the unpredictable cost of traffic spikes or attacks by setting thresholds which only allow good traffic through.