Defend Against Denial-of-Service Attacks in Office 365

Introduction

Microsoft delivers a trustworthy infrastructure for more than 200 cloud services hosted in a global cloud infrastructure of more than 100 datacenters. These include:

  • Microsoft Azure
  • Microsoft Bing
  • Microsoft Dynamics 365
  • Microsoft Office 365
  • Microsoft OneDrive
  • Skype
  • Xbox Live

As a global organization with a significant Internet presence and many prominent Internet properties that provide cloud services, Microsoft is a large, common target for hackers and other malicious individuals. The network communication layer between clients and the Microsoft Cloud is one of the biggest targets of malicious attacks. In fact, Microsoft is continuously and persistently under some form of network-based cyberattack. In line with this, Microsoft uses defense-in-depth security principles to protect its cloud services and networks. Without reliable and persistent mitigation systems that defend against these attacks, Microsoft's cloud services would be offline and unavailable to customers.

Definition and Symptoms of Denial-of-Service Attacks

One way to attack network services is to create many requests against service hosts to overwhelm the network and servers to deny service to legitimate users. This is referred to as a denial-of-service (DoS) attack. When the attack is performed by multiple actors, endpoints, and/or vectors, it is referred to as a distributed denial-of-service (DDoS) attack. Although the means, motives, and targets vary, DoS and DDoS attacks generally consist of efforts to prevent an Internet site or service from functioning correctly or at all, either temporarily or indefinitely.

The United States Computer Emergency Readiness Team (US-CERT) defines symptoms of DoS attacks to include:

  • Unusually slow network performance (when opening files or accessing Internet sites)
  • Unavailability of a Web site
  • Inability to access a Web site
  • Dramatic increase in received spam
  • Disconnection of a wireless or wired Internet connection
  • Long-term loss of access to the Web or any Internet services