Internet is a very important and inseparable part of everyday life. Emails mean communication, web presentations can sell services and stored files mean information. All these elements provide for both business contacts and entertainment.
However, what are you going to do if someone attacks your servers or slows down or entirely stops your business for several weeks, for example? And what if sensitive data on the server are compromised as a result of such an attack?
Denial of Service (DoS attacks) and Distributed Denial of Service (DDoS attacks) are one of the today's threats. It is relatively simple and inexpensive to organize them while efficient protection is technically complicated and usually also costly. (D)DoS attacks can target virtually anyone; their severity and frequency are constantly growing.
Do not let these attacks on your infrastructure harm your reputation, the trust of your clients and your profits. In cooperation with Coolhousing, a trustworthy operator participating in the FENIX project, your infrastructure will be safe.
Benefits of Placing Your Server in DC Coolhousing
- proactive monitoring and behavioral analysis of data streams,
- permanent protection, service fee independent of the number of attacks,
- no additional charge for harmful data transfers,
- data stream event detection and real-time detection of various attack types,
- state-of-the-art technology to analyse data streams and suppress various types of attacks,
- the secure FENIX network will ensure legitimate traffic even in the most critical situations,
- detailed and clear statistics analysing data stream from the client section.
The attack mitigation and Anti-DoS/DDoS protection service utilizes top RadWare DefensePro elements, membership in the FENIX secure network project and many years of experience of the Coolhousing admins. Do not experiment - place yourselves in the hands of professionals with many years of experience!
| Anti-DDoS | Anti-DDoS BASIC |
Action price! Only until end of year 2016! STANDARD |
Anti-DDoS BUSINESS |
| Lowering attractiveness for attackers, grey zone |  |
|
|
| Participation in the FENIX secure network | |
|
|
| 8×5 support |  |
|
|
| 24×7 support | |
|
|
| Unlimited count of mitigation attacks in range level #1 | |
|
|
| Unlimited count of mitigation attacks in range level #2 | |
|
|
| Unlimited count of mitigation attacks in range level #3 | |
|
|
| Protection against overloading of connections | |
|
|
| Service fee independent of the number of attacks | |
|
|
| No charge for harmful data transfers | |
|
|
| Event detection and sending of notifications | |
|
|
| Notification of authorized contacts via email | |
|
|
| Notification of authorized contacts via phone (SMS) | |
|
|
| Monthly summary report | |
|
|
| Price per IPv4/IPv6 | for free | € 18,50 /month |
on demand |
| Anti-DDoS BASIC | |
|---|---|
| Lowering attractiveness for attackers, grey zone | |
| Participation in the FENIX secure network | |
| 8×5 support | |
| 24×7 support | |
| Unlimited count of mitigation attacks in range level #1 | |
| Unlimited count of mitigation attacks in range level #2 | |
| Unlimited count of mitigation attacks in range level #3 | |
| Protection against overloading of connections (Connection limit) | |
| Service fee independent of the number of attacks | |
| No charge for harmful data transfers | |
| Event detection and sending of notifications | |
| Notification of authorized contacts via email | |
| Notification of authorized contacts via phone (SMS) | |
| Monthly summary report | |
| Price per IPv4/IPv6 | for free |
| Anti-DDoS STANDARD | |
|---|---|
| Lowering attractiveness for attackers, grey zone | |
| Participation in the FENIX secure network | |
| 8×5 support | |
| 24×7 support | |
| Unlimited count of mitigation attacks in range level #1 | |
| Unlimited count of mitigation attacks in range level #2 | |
| Unlimited count of mitigation attacks in range level #3 | |
| Protection against overloading of connections (Connection limit) | |
| Service fee independent of the number of attacks | |
| No charge for harmful data transfers | |
| Event detection and sending of notifications | |
| Notification of authorized contacts via email | |
| Notification of authorized contacts via phone (SMS) | |
| Monthly summary report | |
| Price per IPv4/IPv6 | € 18,50 /month |
| Anti-DDoS BUSINESS | |
|---|---|
| Lowering attractiveness for attackers, grey zone | |
| Participation in the FENIX secure network | |
| 8×5 support | |
| 24×7 support | |
| Unlimited count of mitigation attacks in range level #1 | |
| Unlimited count of mitigation attacks in range level #2 | |
| Unlimited count of mitigation attacks in range level #3 | |
| Protection against overloading of connections (Connection limit) | |
| Service fee independent of the number of attacks | |
| No charge for harmful data transfers | |
| Event detection and sending of notifications | |
| Notification of authorized contacts via email | |
| Notification of authorized contacts via phone (SMS) | |
| Monthly summary report | |
| Price per IPv4/IPv6 | on demand |
Grey zone
By deploying RadWare DefensePro we have created a so-called "grey zone" in our data center, which is in fact a security perimeter into which potential attackers cannot see. They do not know what lies within the perimeter, which on its own lowers the risk that your server will become a target.
FENIX Project
The FENIX project originated at the Czech peering node NIX.CZ in 2013 as a response to intensive DoS attacks which targeted major Czech media, banks and mobile operators in March of that year. The aim of the project is to ensure availability of Internet services for at least the most important service and content providers participating in this activity in case of a DoS attack. With Coolhousing, you too can join the Czech internet elite.
The grey zone and FENIX membership are a standard part of all housing services offered by Coolhousing.
Protection of level #1
Basic level of protection, which follows from observance of network standards and analysis of data stream. If you have connection to our network, Coolhousing will provide you basic protection against the most common types of DdoS attacks such as TCP SYN Flood, ICMP Flood, UDP Flood.
DoS Shield is also includes, which provides protection against DoS scripts (DoS tools) and other global security rules.
Protection of level #2
Very advanced level of protection, based on behavioral analysis of flow in real time, providing full protection against the ten leading DdoS attacks. The solution includes antiscanning protection before vertical and horizontal scanning of network (ping-sweep) and selfdistributed malware.
Servers are also protected before brute-force attacks (so called Server cracking protection) and HTTP Mitigator protects web servers against attacks of HTTP flood type.
The protection of level #2 is possible to define exactly according to customer´s needs and his server/service. The reason is that the protection was really effective and was the right benefits for customer.
Protection of level #3
The most highest level of protection againts attacks of DNS flood type (BDoS DNS) and especially the detailed security rules define according to customer´s needs and his services, applications and operating system.
The solution includes Intrusion Prevention System (IPS) – system which works on the basis of regularly updated signatures defined according to customers´s services, for detection and prevention of intersection monitoring network and activities of operating system to undesirable activity.
The high level offers expanded SYN Flood protection and especially protection against flooding of connections (so called Connection limit).
DoS, DDoS, and BDoS Attacks
The difference between DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks rests merely in the number of machines the attack originates from. In classic DoS attacks only one machine is involved while in DDoS at least two machines participate. Current DDoS attacks consist of tens or hundreds of thousands of stations in a single attack.
Denial of Service means preventing availability of services. This may involve exploiting a weak spot in an application when, after a certain string has been sent, the server stops communicating. It can also originate by exploiting an application bug, reaching system, network adapter or application limits, or a shortage of system resources, such as CPU, memory, hard drive space or IO operations. DoS occurs every time the attack causes server unavailability.
Taking the system out of service may not be the true intention of the attacker, though. We also recognize Brain Denial-of-Service (BDoS) attacks. An administrator dealing with server overload will usually pay less attention to the rest of the system, which does not show any abnormal behaviour. His brain capacity focuses on the problem at hand. The attacker may take advantage of this and accomplish his true goal in the part of the infrastructure neglected by the administrator, such as stealing sensitive information by breaching the server protection using another, less obvious type of attack.
Preventing Attacks
The Anti-DDoS service uses devices from the Radware DefensePro family. These are network devices providing reliable real-time prevention of DoS/DDoS/BDoS attacks, ensuring security and protection of the network and applications.
They can quickly and accurately distinguish between three behaviour categories: legitimate (normal) traffic, harmful (attack) traffic, and unusual traffic emerging from normal traffic. The service provides two types of protection.
- The data stream behavioural analysis function lowers the DoS/DDoS/BDoS risk by detecting signs of malicious behaviour in real time, with no need for human intervention.
- The DoS shield function prevents known DoS/DDoS/BDoS attacks.
The Anti-DDoS service does not substitute a firewall or handle incorrectly configured devices or applications and weak password points! Based on analysis, the service recognizes general attack symptoms, removing them from the data stream and thus contributing substantially to lowering the risk of protection breach or clogging by malicious traffic.
