Poly-layered shield – how 1&1 protects customers from DDoS attacks
Effective protection is achieved through the use of multiple layers. This applies to the entire 1&1 security system, including our network, dedicated protection mechanisms and web server. We continuously keep a thorough eye on our systems and activate our DDoS shield depending on the situation. But what happens on each security layer?
Level 1: Connection to the internet
The first layer surveys our internet connection. 1&1 operates from many points of data exchange. Locally, we receive specific traffic from other providers and forward it via our Wide Area Network (WAN) to 1&1 Data Centers. This specifies our spoofing filters—which act as barriers from packages sent from fake IP addresses—and pushes the bandwidth and performance of our infrastructure. By using this mechanism we are able to instantly detect false traffic claiming to originate from Google IPs. This allows us to intercept additional traffic before it intrudes our data centers. The advantage of this is obvious: The earlier we are able to block a DDoS attack, the less data has to be transferred to 1&1 Data Centers at the end of the day.
Level 2: in-house developed DDoS protection solutions
At 1&1, we use our own systems to protect our infrastructure from DDoS attacks, which can be set up in order to protect hosting servers if needed. Incoming traffic is therefore distributed and thoroughly screened for 23 criteria, such as origin, performance difference, etc. Depending on the results, requests are either forwarded or blocked. Since DDoS attacks can differ from one another, our filter and validation systems work in accordance with the respective situation, enabling our system to learn from past incidents and adapt to attacks. This knowledge allows us to react faster and more efficiently to prevent future attacks.
Level 3: Applications and web server
It can be hard for an external system to detect attacks aimed at applications. These attacks are executed using small bandwidth but can still cause significant damage. Therefore, we protect our web hosting server with additional tools like mod security rules, which differentiate between specific kinds of “malicious” and “good” traffic.
Hosting nuanced DDoS protection is of the essence as many customers share a web server. In case a customer is attacked, not only is an individual user protected, but so are the other customers using the same web server.
If you want to learn more about how 1&1 protects customers from DDoS attacks and other online threats, be sure to visit our security page.