DDOS and IP spoofing
In the MedStack chain of responsibility diagram, it is illustrated that the cloud provider is responsible for DDOS and IP spoofing mitigation. The following article provides the resources to better understand the security measures implemented by the cloud provider.
A virtual network encompasses your docker environment and cloud services operating via MedStack Control. Protecting this virtual network is Azure's networking security.
In regard to DDOS and IP spoofing mitigation, Azure employs their "DDOS protection basic mitigation" which mitigates attack vectors on OSI layers 3 and 4. This includes:
- Active traffic monitoring and always on protection.
- Automatic attack mitigations
For preventative measures taken on OSI layer 7, MedStack employs a firewall on all Azure virtual networks ensuring all traffic to your environment is routed through the Traefik load balancer and its networking safeguards.