2020-07-21T02:07:00Z
ER
Founder and Strategic Business Development with 11-50 employees
  • 1
  • 63

If I have a CDN, do I have to worry about DDoS attacks?

If you have a CDN, does it mean you don't have to worry about DDoS attacks or will hackers still succeed in carrying out DDoS attacks? 

I'm a VAR/System Integrator and I don't see any problem once you have Cloudflare.

2
PeerSpot user
2 Answers
Etienne WEHRLE - PeerSpot reviewer
CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
Real User
Top 5Leaderboard
2021-02-10T08:21:38Z
Feb 10, 2021

Layer 3 or 4 DDoS are absorbed by the CDN as design (IP, TCP ,UDP), the high volume doesn't reach your origin server so you are automatically protected.


But in case of layer 7 DDoS, all application attacks (SQL injections, XSS, Remote file inclusion), you need a Web Application Firewall (WAF) to protect against this kind of threat, the CDN will not "see" and of course not block these attacks (and it's not his role)

Search for a product comparison in CDN
ISRAEL  DIAZ DOMINGUEZ - PeerSpot reviewer
CISO and Head of CyberSecurity at a tech services company with 51-200 employees
User
2020-07-21T13:19:02Z
Jul 21, 2020

CDN is not going to help you to avoid DDoS. The main function of a CDN is to deliver content faster. To mitigate the risk of a DDoS you need a Web Application Firewall (WAF). Todays WAF come with CDN capabilities.

Find out what your peers are saying about Imperva, Cloudflare, Microsoft and others in CDN. Updated: November 2022.
653,522 professionals have used our research since 2012.
Related Questions
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Feb 10, 2021
How do CDNs work to mitigate threats?
See 2 answers
ER
Founder and Strategic Business Development with 11-50 employees
Jun 19, 2020
Because the CDN have normally a WAF, a reverse proxy and a lot of locations to replicate in miliseconds your site. I know Cloudflare better and this is the response can I answer you.
Etienne WEHRLE - PeerSpot reviewer
CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
Feb 10, 2021
Layer 3 or 4 DDoS are absorbed by the CDN as design (IP, TCP ,UDP), the high volume doesn't reach your origin server so you are automatically protected. But in case of layer 7 DDoS, all application attacks (SQL injections, XSS, Remote file inclusion), you need a Web Application Firewall (WAF) to protect against this kind of threat, the CDN will not "see" and of course not block these attacks (and it's not his role)
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Feb 10, 2021
Let the community know what you think. Share your opinions now!
2 out of 4 answers
it_user350457 - PeerSpot reviewer
Director of Product Marketing at Distil Networks
Dec 3, 2015
Of course with CDNs people always think about speed. I see CDNs in a differently. A CDN provides users, and vendors a unique deployment spot based on its location within a network diagram, between the user and the origin web server. Due to this unique location you SHOULD expect more from a CDN than just performance. Why? Because this is the perfect place to layer on ancillary services. Find a CDN vendor who has service you need, in addition to just plain old performance enhancement. CDN vendors offer all sorts of add on services including: DNS Management Malware Detection Bot Detection API Security Web Application Firewalls 2 Factor Authentication Load Balancing Threat Intelligence and Fraud Detection DDoS Protection Etc. If you're implementing a CDN as a net new project, stop and ask yourself "Do I have other projects that I can knock out at the same time?"
it_user675075 - PeerSpot reviewer
VP of Business Development at a marketing services firm with 1-10 employees
May 30, 2017
Downtime overall, ease of deployment, least resistance for buy-in. Is it forward looking and encompassing for future upgrades or requirements with little or no disruption?
Related Articles
Hugh - PeerSpot reviewer
Enterprise Technology Analyst at Journal of Cyber Policy
Jun 11, 2021
Fastly, a content distribution network (CDN), experienced an outage on June 9 that knocked out several high-traffic sites, including The Guardian and The New York Times newspapers, a number of British government sites, Reddit, and Amazon.com. The company attributed the outage to a bug in software Fastly was using to upgrade a client’s infrastructure. The company apologized for the problem in a ...
See 1 comment
Etienne WEHRLE - PeerSpot reviewer
CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
Jun 11, 2021
"Imperva Incapsula’s stability is what stood out for a vice president of global IT security at an insurance company. He noted, “The stability of the solution is very good. I've never heard of any outages that I'm aware of. It doesn't crash or freeze. There aren't bugs or glitches. It's reliable.”"  -> 05/03/2021 https://status.imperva.com/inc... -> 10/03/2021 https://status.imperva.com/inc... It's almost right, but even that don't happen often, it happens (and both outage had a huge impact)
Moderator
davidstrom - PeerSpot reviewer
Owner at David Strom Inc.
Related Articles
Hugh - PeerSpot reviewer
Enterprise Technology Analyst at Journal of Cyber Policy
Jun 11, 2021
Putting the Fastly Outage in Perspective
Fastly, a content distribution network (CDN), experienced an outage on June 9 that knocked out se...
Download Free Report
Download our free CDN Report and find out what your peers are saying about Imperva, Cloudflare, Microsoft, and more! Updated: November 2022.
DOWNLOAD NOW
653,522 professionals have used our research since 2012.