Security Basics mailing list archives
Re: DDoS protection
From: "Hartley, Christopher J." <hartley.87 () osu edu>
Date: Fri, 20 Jun 2014 14:47:50 +0000
This is a little confusing; “cloud”, “on-premise” etc… weird. By “Cloud,” it seem like we mean “by provider” (makes sense). On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….). So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec. I don’t think it’s a problem that requires spending significant money. Chris On Jun 19, 2014, at 12:50 PM, Kellstr <kellstr () gmail com> wrote:
Disclaimer: I work for a company which offers a DDoS Protection Service. The advantage of a service "in the cloud" is that if an attack exceeds your circuit bandwidth the provider will be able to drop the malicious traffic. That cannot be done at your premise. Both Arbor and Radware offer strong appliances that can clean up smaller attacks at your premise and can send a signal to the provider if they support that service. You can block traffic using IPS's but keep in mind they are not designed for a volumetric attack and may be overwhelmed. On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter <lancelassetter () gmail com> wrote:What about Suricata or Snort IDS in IPS mode? On Jun 18, 2014 8:43 AM, "Mikhail A. Utin" <mutin () commonwealthcare org> wrote:As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side. Mikhail -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of kartik.netec () gmail com Sent: Wednesday, June 18, 2014 12:49 AM To: security-basics () securityfocus com Subject: Re: Re: DDoS protection Hi, Thanks for your replies. Noted the points raised by Jacint and Kelly Keeton. I appreciate that. May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product? As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count. Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government. Thanks, KT ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.-- Laws alone cannot secure freedom of expression; in order that every man present his views without penalty there must be spirit of tolerance in the entire population. - Albert Einstein ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: DDoS protection, (continued)
- Re: DDoS protection Claudiu Hulea (Jun 18)
- Re: DDoS protection Jean-Marc Dupuis (Jun 18)
- Re: Re: DDoS protection kartik . netec (Jun 18)
- RE: Re: DDoS protection Mikhail A. Utin (Jun 18)
- RE: Re: DDoS protection Sardina, Dominick (Jun 20)
- RE: Re: DDoS protection Lance Lassetter (Jun 19)
- Re: Re: DDoS protection Kellstr (Jun 20)
- RE: Re: DDoS protection Mikhail A. Utin (Jun 20)
- RE: Re: DDoS protection Sardina, Dominick (Jun 20)
- RE: Re: DDoS protection Jess Vermont (Jun 23)
- Re: Re: DDoS protection Kellstr (Jun 20)
- Re: DDoS protection Hartley, Christopher J. (Jun 20)
- RE: DDoS protection Wagner, Brett (Jun 20)
- Re: DDoS protection Kellstr (Jun 20)
- RE: DDoS protection Sardina, Dominick (Jun 23)
- RE: DDoS protection Phillip Lofaso (Jun 23)
- RE: DDoS protection Mikhail A. Utin (Jun 23)
- RE: DDoS protection Marios Stylianou (Jun 25)
- Re: DDoS protection Comp Pycho (Jun 25)
- RE: DDoS protection Mikhail A. Utin (Jun 25)
- Re: DDoS protection Comp Pycho (Jun 25)