Home/Solutions/Gaming Solutions/Content Details

Introduction (pain point analysis)

As an Ops Lead or Architect in a gaming company, have you ever experienced the following thrilling moments when a new game service goes live or a popular event opens?

  • The server is suddenly down.The game suffered a T-level DDoS flood attack, network bandwidth was instantly hit, players across the network were unable to log in, the gaming experience went to zero, and revenue was interrupted.
  • The login system is down.Attackers use massive proxy IPs to simulate real players, launching high-frequency CC attacks, crowding out login authentication servers, and shutting out normal players.
  • Plug-ins run rampant.Plug-ins such as “Spike”, “Fly”, “Invincible”, etc. seriously disrupt the balance of the game by cracking the game protocols and tampering with client data, leading to the loss of paying players and a drastic reduction in the life cycle of the game. This has led to the loss of paying players and a drastic shortening of the game's life cycle.
  • Data Breaches and Vulnerability Exploitation.Unknown SQL injection or zero-day vulnerabilities in the game's official website, forums, and recharge and payment interfaces lead to user data leakage, posing significant compliance risks and reputational damage.

These security threats not only lead to a sharp decline in user experience and a massive loss of players, but also have a direct impact on the game's core revenue.If you're having sleepless nights over the security of your gaming business, this set of deep protection solutions from AliCloud, which integrates network, application, and business, will provide you with an impenetrable security fortress.

Solution Architecture Diagram and Overview

The diagram below clearly shows how player requests pass through Aliyun's one-stop security protection system and eventually reach the game server:

AliCloud DDoS High Defense + WAF + Game Shield One-Stop Security Solution: Constructing a Full-Link Protection System for Handy Game Business - LikaCloud

The core protection process (Workflow) for this program is as follows:

  1. 1.Network Layer Cleaning.All player traffic is accessed firstDDoS High DefenseIts global cleansing center can withstand Tb-level DDoS attacks, acting like a solid wall to completely isolate flooding attacks from the outside.
  2. 2.Application layer filtering.The cleaned traffic is forwarded to theWAFIt is like a professional security inspector, which performs fine checking of HTTP/HTTPS requests, effectively intercepts application layer attacks such as SQL injection, XSS cross-site, Webshell uploads, etc., and protects the official website and top-up interface security.
  3. 3.Business Layer Protection.Finally, the traffic arrivesGameshieldGameShield. Through intelligent scheduling algorithms, GameShield diverts attack traffic to the empty packet cleaning cluster to ensure that normal players arrive at the real game server. Meanwhile, its protocol proxy module effectively encrypts and verifies game protocols to defend against simulators, memory modification, gas pedals, and other plug-in cheating behaviors.

The value proposition of the architecture is.It is not a simple stack of a single product, but builds a three-layer deep defense system from the network to the business, with layers of filtration and progression, to ensure that only safe and compliant player requests can finally reach the game server, and to safeguard the game's availability, security and fairness in all aspects.

Core Products and Components

component nameplay a roleKey configuration/selection recommendationsWhy choose it
DDoS High Defense (Anti-DDoS Premium)Network Layer Protection Core. It mainly defends against all kinds of network layer and transport layer DDoS attacks, such as SYN Flood, ACK Flood, UDP Flood and other high traffic attacks.-Protection bandwidth.Selection is based on the peak value of the attacks that the business may encounter, and it is recommended that 100G or more be selected initially.
-Cleaning Threshold.Setting a reasonable traffic threshold for triggering cleaning to realize automatic elastic protection.		AliCloud high defense has T-level bandwidth reserves and global cleaning nodes, with excellent protection capability. BGP lines are provided to ensure high-speed access and avoid introducing additional delay.
Web Application Firewall (WAF)Application Layer Protection Core. The main defense against attacks against web applications (such as official websites, forums, API interfaces), such as SQL injection, XSS, CSRF, crawlers and so on.-Protection mode.Initially, you can set it to “Observation Mode”, and then turn on “Interception Mode” after familiarizing yourself with the traffic.
-Rules group.Enable the base protection rule set and customize CC protection rules for gaming services.		Effectively protects against OWASP Top 10 Web threats and avoids data leakage due to Web vulnerabilities. Provides virtual patching to protect against zero-day vulnerabilities before official fixes.
Game ShieldBusiness Layer Protection Core. Deep protection products designed specifically for games, mainly defending against DDoS/CC attacks and external cheats at the game protocol layer.-Access Method.Use IP proxy or domain CNAME to access, transparent to the game client.
-Agreed Agents.Customized encryption and authentication strategies for game protocols to effectively identify and block plug-ins.		Its intelligent scheduling system can completely solve the problem of business-oriented CC attacks. The deep integration of anti-plagiarism ability can realize effective protection without modifying the game code and guarantee the fairness of the game.
Cloud Servers (ECS)Business Computing Core. Normal traffic that is protected and cleansed eventually reaches the ECS instance where the game server is deployed.-Deployment model.It is recommended that different modules of the game (login, battle, chat) be deployed on different ECS to achieve fault isolation.
-Security group.Set strict security group policies to allow inbound traffic only from protection products such as GameShield.		Provides stable, high-performance computing power. Seamlessly integrates with security products to build a secure and reliable game server backend.

Summary of program benefits

  • ? ️ All-link defense in depth.Covering network layer, application layer and business layer, it provides three-dimensional protection without security dead ends.
  • ⚡ T-rated protection.Easily defend against Tb-level high-traffic DDoS attacks, business will never go down, and guarantee stable online games.
  • ? Precision business protection.GameShield's intelligent scheduling and protocol proxy effectively solves the problem of game CC attacks and plug-ins that traditional security products cannot protect against.
  • ? Panoramic situational awareness.Provide multi-dimensional security reports and real-time attack monitoring, attack traffic at a glance, help security operations and maintenance decisions.
  • ? One-stop convenient access.Multiple security capabilities are integrated and configured and managed through a unified console, greatly reducing O&M complexity.

Application Scenarios and Applicable Customers

This solution is ideal for the following business scenarios and customers:

  • Application Scenarios.
    • Game openings/big events.Highly susceptible to DDoS attacks from competitors or hackers, need to be armed in advance.
    • High-revenue games.It has become a focus for hackers and requires a professional solution to secure revenue.
    • Competitive games.Zero tolerance for external cheating requires a strong anti-plug-in capability to maintain fairness in the game.
  • Applicable Customers.
    • All developers and operators of medium to heavy handheld and end-to-end games.
    • Gaming companies that have suffered DDoS attacks or CC attacks that have resulted in loss of business.
    • Teams that have a high demand for game safety and want to raise the overall safety water level to prevent problems before they happen.

Related links

Tags.