I need your help choosing right product, can you please advice me what to do?
Recently started to search a solution for our web server, which hosts around 3500 sites. It’s ecommerce solution based on Windows OS and IIS Server. So now it needs some serious protection and monitoring. As for protection, I’ve been thinking there must be anything from Mikrotik to cover our needs. But looking at such huge amount of product models, also models from another brands, I’m little bit confused. For instance, I’d like to know from you guys, what do you think, what would be an alternative for this solution offered by a Cisco:?
I can’t find any similar information where it says that the hardware can automatically protect you from DDSO attacks and distinguish themself which traffic is legit and which is illegal. I would like to know if there is an alternative from Mikrotik as I prefer it somehow, more familiar
The thing is, there is no “automatically:” some human somewhere has to identify the DDoS traffic pattern and build a rule to counter it, because these type of attacks evolve constantly. It’s a lot like antivirus: there is no static piece of software that identifies all malware now and in the future.
While I suspect it’s possible to build what you want with RouterOS, especially its queueing and firewalling features, what I doubt is that you’d find the time spent on it to be worthwhile as compared to a packaged commercial solution. That’s why this sort of thing has recurring costs: you’re paying for the people behind the scenes to keep updating the thing as attacks evolve.
Another problem here is that your e-commerce application will be wrapped in TLS. Filtering is best done on decrypted traffic, but I’m not aware of anything in RouterOS that can do that and then reverse-proxy the decrypted version to your back-end servers. RouterOS can terminate the TLS traffic all right, but it can’t do the reverse proxying.
…and if it could, you’d need one big badass of a router to carry the load, or a load-balanced configuration in front of the filtering proxy.
No, best leave this one to the companies that do this all day, every day.