CDN Services: Inside the 24/7 DDoS Security CenterBack
What’s the Most Valuable Aspect of CDN Services? You Might be Surprised!
When DDoS protection becomes mainstream of website security, the key to market competitiveness lies in a team that works 24 hours in the Security Operations Center (SOC) and Network Operations Center (NOC) to monitor, analyze, respond and reply in person to all cybersecurity issues – the Customer Success Service (hereafter known as CSS).
The MVP of CDN Service: 24h Security Center (SOC+NOC)
The internet enables enterprises to provide immediate convenience to customers, but it also brings along cybersecurity challenges. Recent strict regulations have required businesses offering sensitive services to enhance their cybersecurity measures, highlighting the grave impact of network attacks on national security. Unstable network connections, personal data breaches, and fraud have harmed the reputation and performance of numerous well-known companies, regardless of their products.
When considering various types of cyber attacks, whether motivated by political threats, financial extortion, or business rivalry, they all inflict varying degrees of harm on enterprises. Among these, the most prevalent and difficult-to-prevent form of network attack is the distributed denial-of-service attack (DDoS attack).
Even individuals without technical backgrounds can easily find tutorials online and launch DDoS attacks, making them quite common. For enterprises, ensuring fast and uninterrupted services has become the most important requirement in the online business competition.
What you may not realize is that the core of guaranteeing “Fast and Uninterrupted Services” in CDN lies with a dedicated technical team called Customer Success Service (CSS), who operates 24/7 in the Surveillance center.
Customized CDN Service: Project-based Operations
The CSS team goes beyond just blocking attacks; they focus on every aspect of website daily management to provide customers with refined and customized services that meet their needs instantaneously.
The CSS team, available round the clock, handles a wide range of maintenance tasks. They perform basic CDN platform operations, troubleshoot domain configuration issues, investigate client-side anomalies, and monitor domain status. Operating in a project-based manner, they offer real-time recommendations and assistance to ensure optimal connection quality and uninterrupted service for customers’ websites.
CDN Service Value: Practical Attack Mitigation Experience
Strengthening website security is a necessary yet costly endeavor. Small and medium-sized companies face resource constraints when it comes to establishing a dedicated website security department. Managing hundreds of thousands of domains increases the vulnerability to network attacks and overwhelms existing internal resources. The following outlines the task of the CSS team in a CDN service, providing a glimpse into the daily operations of managing a vast number of domains in a security center.
- DNS Record Configuration
Assisting with DNS record configuration based on customer requirements, such as mapping CNAME to ApeiroCDN.
- Bulk Domain Configuration
Real-time batch configuration, removal and modification of domains, consultation for API documentation and operation.
- SSL Certificate Generation
Our CDN platform provides Sectigo SSL certificate generation and supports customers’ own certificate uploads. In addition to automatic verification and reapplication of certificates for domains mapping to ApeiroCDN, the CSS team also assists customers in periodic verification of self-uploaded certificates, monitoring domain status (registration status, domain expiration, CNAME resolution), ensuring compliance with certificate generation requirements, and resolving certificate-related issues for worry-free domain usage.
- Deploy WAF Rules
The CSS team is a hands-on group with practical experience in combatting network attacks. Through continuous recording and growth, the team has developed a set of widely applicable foundational defense rules. When customers are in the initial stages of using CDN and have not yet established their own dedicated WAF rules, the CSS team assists in configuring basic defense measures. By observing behavioral patterns and continuously refining the selection process, the team builds a customized WAF rule library for each individual client.
Tailored recommendations are provided based on customer requirements for different APP Profile (domain classification systems) grouping.
- Origin Policy Evaluation and Allocation of Server Traffic
Origin policy refers to the process where, if a requested resource is not cached on the CDN node, the CDN node needs to fetch the resource from the origin server. For certain specific domains, different policy strategies are formulated based on the user’s location. In addition to region-based strategies, CSS team also supports IP Hash, Round Robin, Weight, and other methods, and they need to assess and select the most suitable strategy.
- Diverse and Specialized High-port Encrypted Access
The domain configuration supports multiple ports. In general, the port for encrypted access is port 443, but in special situations (e.g. CN block of port 443) the CSS team will need to assist in configuration of other ports.
- Websocket function supported and optimization on-demand
When the websocket function is supported by default in all domains configured on the CDN, the CSS will need to optimize the websocket of specific routes based on the customer’s needs.
- Assist in cache setting, no waiting for website updates
The CSS team is required to support real-time modification at all times, whether’ it’s modifying the caching time, path or file types, and the modification will need to effective immediately. This is drastically different from the canned system responses and long periods waiting time effective changes that are so common in other systems. The CSS ensures that the customer do not need to wait for modifications to website information or configurations.
- Domain redirection can be operated on CDN
If the customer has specific needs such as redirecting Domain A to B, redirecting to specific ports and paths, and where the origin server settings cannot be modified by the customer, the CSS can assist with the redirection through WAF rules on CDN.
‘‘Real-time’’ Monitoring, Analysis and Alert Notification on CDN
The CDN platform can be configured with advanced customized monitoring dashboards to satisfy the need for daily monitoring and analysis. The CSS team can also retrieve detailed information from professional alert and monitoring dashboards to satisfy the needs of the customers. In required, the team can also supply independent resource, storing the logs from a single customer group. With third-party data collection, chart reports and the analytical capabilities of the CSS team, customers can rest easy.
Real-time Alert Notification
If any of the following issues occurs, the CSS team will need to address the problem as soon as it is first detected, as well as to report back the causes and progress.
- When latency from CDN to origin server occurs
- When a large amount of error codes occurs
- When a sudden surge of traffic occurs
Defensive CDN Services: DDoS attack Mitigation
There are mainly two types of DDoS attacks:
- Bandwidth exhaustion: overwhelm the network bandwidth so users cannot connect to the target system normally.
- Resource exhaustion: occupies the memory and processor resources to prevent the target system from handling legitimate requests.
DDoS attacks aim to disrupt networks and systems by overwhelming them with a large volume of legitimate or forged requests. These attacks can be categorized as L3, L4, and L7 based on the OSI model, requiring different mitigation strategies.
Tb-level Scrubbing Center for L3/L4 DDoS Attacks
The WAF defense of the CDN is designed to handle L7 attacks, but since L3 and L4 DDoS attacks also exist, how should they be handled? A CDN service provider not only requires a CSS team that is concentrated on surveillance of L7, but also one that maintains real-time communication with (self-owned) network provider. After detecting a L3 or L4 attack on website, the (self-owned) network provider will automatically switch the network to the cleaning center for scrubbing, and notify the CSS team. Within minutes of receiving the alert, the CSS team will notify the customers and provide a list of affected domains.
- UDP Flooding
- TCP Flooding
- ICMP Flooding
WAF Rule Configuration: Handling L7 DDoS Attacks
The CSS team conducts signature observation on abnormal traffic from specific sources, monitoring the header information contained in specific request behaviors and use this information to set up WAF rules. Information such as host, URI, accept-language, accept-encoding and referrer can be arranged and combined to create the most effective defense against each attack.
- Smart Captcha: we provide gesture-based verification for some pages that do notsupport the verification function against common brute-force decryption attacks.
- Block Period: CDN will implement speed restriction on the URI refreshing behavior from specific header contents and place IPs with abnormal behaviors into “Block Period”.
- Deny: Blocking based on IP sources. If specific header content is identified as abnormal, blocking can be directly set to prevent clients (users) with specific header information from accessing.
ApeiroCDN offers support for multi-functional and highly flexible defensive action deployment. It can be configured not only based on specific header information but also for more refined deployment scenarios. For example:
- Request headers without the “accept-encoding” are blocked.
- Request headers with the “accept-encoding” and the value is “gzip”, along with specific request behavior (e.g., host with uri:/) and exceeding speed limitations (e.g., 5 refreshes in 30 seconds), can trigger actions such as bucketing, blocking, or verification.
Together with real-time monitoring by the CSS team, the attack traffic can be observed within minutes after its initialization, and defensive measures can be deployed to intercept the attack traffic with the CDN.
Resilient Network Routing: Uninterrupted Acceleration During Attacks
The CSS team not only implements blocking rules for defense but also closely monitors the status of other domains for their customers. For example, when a targeted domain experiences excessive traffic, causing bandwidth limitations that affect other domains, the CSS team promptly observes the impact on bandwidth and switches the attacked domain to a defensive network. By providing reliable backup network switching services, other domains on the CDN can maintain accelerated access and a stable browsing experience, unaffected by attacks on a single domain.
Real-time CDN Troubleshooting & Issue Resolution
The value of a 24/7 CSS team is to provide immediate and effective assistance upon discovery of abnormal feedbacks, breaking the industry norm of replying with default system messages. The assistance could include troubleshooting issues with domain usage, network anomalies and user anomalies.
- Usage of different commands to verify domain status
- Familiar with usage of multiple testing tools to troubleshoot issues
The issue of website blockage by the Great Firewall of China, which is common in the Asian markets, can be deduced and confirmed through a variety of tools to determine whether the issue lies with IP Block or Domain Block. The CSS Team can provide real-time IP switch service and resolve the issue perfectly for customers in mere minutes.
- Solid knowledge on Http Code
When the CSS team receives the error feedback, it can immediately determine the impact of the issue and approach to deal with the problem based on the returned error code. The team will handle the situation immediately and provide a simple to understand description of the issue to the customer.
- Find the root causes of the website component display issue easily with browser developer tools
- Use the Http code returned by the component to determine the common issues of webpage freezing upon loading and visiting abnormalities– is the issue due to the network of the domain or anomaly with the display of components.
- Some domains require configuration of cross-origin resource sharing (CORS) to maintain smooth access. The CSS team can help customers to configure WAF rules through the platform in real-time ensure that the domains can function normally when executing the cross-domain requests.
In today’s digital landscape, user experience during website visits greatly influences their desire to access and revisit a platform. The crisis management and responsiveness in times of issues directly impact user perception and trust in a business platform, ultimately affecting user retention.
By choosing ApeiroCDN, you gain access to high-speed website acceleration services in the Asia region, coupled with CSS’s extensive experience in customer service and management. This combination effectively enhances user retention rates and website data security, allowing you to focus on growing your business without any hindrances, moving forward with confidence.