DDOS, CDN’s and SRI
DDOS Attack Mitigation With CDN’s
A DDOS attack involves flooding the targeted website with traffic to overload it’s capacity and results with the website going offline. Criminals might use a DDOS attack to extort the web service for money by holding the service for ransom. If the ransom is paid, then the attacker stops the traffic flooding (attack), allowing the service to become usable again.
A content delivery network (CDN) helps protect from DDOS attacks because it has the experience, equipment, and infrastructure to filter and absorb incoming traffic. For example, if CTemplar receives a DDOS attack that we are not able to handle, we will switch to using Cloudflare.
CDN Security Concerns
Using a Content Delivery Networks (CDN) allows enhanced protection against DDOS attacks, but it has security concerns that did not previously exist. For example, the CDN could serve malicious code (Hacks) intentionally, or as part of the DDOS attackers plan. An attack of this nature could allow an attacker to gain complete access to access and decrypt the data of a single person or a large group of targets.
CTemplar’s Kill Switch
CTemplar only uses a CDN when we receive a DDOS attack that is beyond our ability to absorb and filter ourselves. In rare situations, when we have to switch to use using a CDN, we have enabled Subresource Integrity (SRI). SRI watches and checks the CDN to be sure it’s serving our open source code from Github. If there are any deviations whatsoever, your visit to our website will terminate.