# Azure Distributed Denial of Service protection

## There are 2 tiers:

Basic:

* Automatically enabled for free as part of the Azure platform.<br>
* Always-on traffic monitoring.<br>
* Real-time mitigation of common network-level attacks.<br>
* Azure’s global network is used to distribute and mitigate attack traffic across regions.<br>

Standard:

* Provides additional mitigation capabilities, such as logging and alerting, for some extra money.<br>
* Dedicated traffic monitoring and machine learning algorithms.<br>
* Protects against:<br>
  * Volumetric attacks - Flood the network layer with a substantial amount of seemingly legitimate traffic.<br>
  * Protocol attacks - Exploiting a weakness in the layer 3 and layer 4 protocol stack.<br>
  * Resource (application) layer attacks - Target web application packets to disrupt the transmission of data between hosts.

*I space them all out because it was just easier to read and didn't look as crammed.*