nanog mailing list archives
Re: D/DoS mitigation hardware/software needed.
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Tue, 5 Jan 2010 05:47:05 +0000
On Jan 5, 2010, at 12:39 PM, Stefan Fouant wrote:
The trick is to try to automate as much around the process as possible - I've worked in environments where just making little changes to incident handling response methods reduced the time to mitigate an attack from hours to minutes, all the while still requiring an operator to press the "big red button" to offramp and enable the mitigation.
Concur 100% - and when the end-customer is under attack and screaming, this reduction in time to detect/classify/traceback/mitigate makes all the difference. Your very salient comments highlight the paramount importance of preparation as the key enabling phase of the six-phase security incident-handling methodology: 1. Preparation. 2. Detection/identification. 3. Classification. 4. Traceback. 5. Reaction. 6. Post-mortem (feeding lessons learned back into the Preparation phase). ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
Current thread:
- Re: D/DoS mitigation hardware/software needed., (continued)
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 05)
- Message not available
- Re: D/DoS mitigation hardware/software needed. Hank Nussbacher (Jan 06)
- Re: D/DoS mitigation hardware/software needed. Graeme Fowler (Jan 06)
- Re: D/DoS mitigation hardware/software needed. Rob Shakir (Jan 06)
- Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
- Re: D/DoS mitigation hardware/software needed. John Kristoff (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 05)