Protection Level and Cleansing Threshold

Last updated: 2021-09-28 15:53:26

    This guide describes protection levels that DDoS Edge Defender provides in different scenarios and how to set them in the console.

    Use Cases

    DDoS Edge Defender provides three available protection levels for you to adjust protection policies against different DDoS attacks. The details are as follows:

    Protection LevelProtection ActionDescription
    Loose
  • Filters SYN and ACK data packets with explicit attack attributes.
  • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
  • Filters UDP data packets with explicit attack attributes.
  • This cleansing policy is loose and only defends against explicit attack packets.
  • We recommend choosing this protection level when normal requests are blocked. Complex attack packets may pass through the security system.
  • Note:

    • If you need to use UDP in your business, please contact Tencent Cloud Technical Support to customize an ideal policy for not letting the level Strict affect normal business process.
    • The level Medium is chosen by default for your DDoS Edge Defender instance. You can set the DDoS protection level for your business needs and also the cleansing threshold. Attack traffic will be cleansed when it is detected higher than the threshold you set.

    Prerequisites

    You have successfully purchased a DDoS Edge Defender instance and set the object to protect.

    Directions

    1. Log in to the DDoS Edge Defender Console, click Protection Policy on the left sidebar, and then select the tab DDoS Protection.
    2. Select an Edge Defender instance ID, such as "edge-xxxxxxx".
    3. Set the protection level and cleansing threshold in the DDoS Protection section on the right.
      Note:

      If you have a clear concept about the threshold, set it as required. Otherwise leave it to the default value. The DDoS protection system will automatically learn through AI algorithms and calculate the default threshold for you.

    Parameter Description:

    • Level
      If the protection is enabled, the level Medium is chosen by default for your DDoS Edge Defender instance. You can adjust the DDoS protection level for your business needs.
    • Cleansing Threshold
      • This indicates a value to trigger cleansing. Cleansing will not be triggered by the traffic below the threshold you set even though it is found malicious.
      • If the protection is enabled, your DDoS Edge Defender instance will use the default cleansing threshold after your business is connected, and the system will generate a baseline based on historical patterns of your business traffic. You can also set the cleansing threshold for your business needs.