RE: Re: DDoS protection

["Sardina, Dominick" <Dominick.Sardina () pseg com>]

Mikhail , size doesn’t matter. 

Just because an entity is small does not mean they will also be exempt from a DDOS.

That’s like saying, security through obscurity is a good practice and hidden assets will never be discovered.   Tisk 
tisk....dont think that way.

As far as the cloud, the cloud will NEVER BE SECURE. 


Regards,
Dominick 



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mikhail A. Utin
Sent: Friday, June 20, 2014 10:40 AM
To: Kellstr; security-basics () securityfocus com
Subject: RE: Re: DDoS protection

Hello World,
It was interesting discussion, but some people missed that the company in question is SMALL. Do you guys think anybody 
will waste DDoS resources to target a small company? And pay for that? So far I have not seen such paranoid hackers.

Mikhail Utin, CISSP


________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of Kellstr [kellstr () gmail com]
Sent: Thursday, June 19, 2014 12:50 PM
To: security-basics () securityfocus com
Subject: Re: Re: DDoS protection

Disclaimer: I work for a company which offers a DDoS Protection Service.

The advantage of a service "in the cloud" is that if an attack exceeds your circuit bandwidth the provider will be able 
to drop the malicious traffic. That cannot be done at your premise. Both Arbor and Radware offer strong appliances that 
can clean up smaller attacks at your premise and can send a signal to the provider if they support that service. You 
can block traffic using IPS's but keep in mind they are not designed for a volumetric attack and may be overwhelmed.

On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter <lancelassetter () gmail com> wrote:
> What about Suricata or Snort IDS in IPS mode?
>
> On Jun 18, 2014 8:43 AM, "Mikhail A. Utin" <mutin () commonwealthcare org> wrote:
> > As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client 
> > side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against 
> > server side.
> > Mikhail
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com 
> > [mailto:listbounce () securityfocus com] On Behalf Of 
> > kartik.netec () gmail com
> > Sent: Wednesday, June 18, 2014 12:49 AM
> > To: security-basics () securityfocus com
> > Subject: Re: Re: DDoS protection
> >
> > Hi,
> >
> > Thanks for your replies.
> >
> > Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
> >
> > May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting 
> > the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to 
> > detect them. or if there are other benefits owning an In-house product?
> >
> > As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a 
> > latency of milliseconds count.
> >
> > Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
> >
> > Thanks,
> > KT
> >
> > ---------------------------------------------------------------------
> > --- Securing Apache Web Server with thawte Digital Certificate In 
> > this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
> > it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
> > 442f727d1
> > ---------------------------------------------------------------------
> > ---
> >
> >
> > CONFIDENTIALITY NOTICE: This email communication and any attachments 
> > may contain confidential and privileged information for the use of 
> > the designated recipients named above. If you are not the intended 
> > recipient, you are hereby notified that you have received this 
> > communication in error and that any review, disclosure, 
> > dissemination, distribution or copying of it or its contents is 
> > prohibited. If you have received this communication in error, please 
> > reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and 
> > any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our 
> > Internet web site at http://www.commonwealthcare.org.



--
Laws alone cannot secure freedom of expression; in order that every man present his views without penalty there must be 
spirit of tolerance in the entire population. - Albert Einstein

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged 
information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby 
notified that you have received this communication in error and that any review, disclosure, dissemination, 
distribution or copying of it or its contents is prohibited. If you have received this communication in error, please 
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any 
attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet 
web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


-----------------------------------------
The information contained in this e-mail, including any
attachment(s), is intended solely for use by the named
addressee(s).  If you are not the intended recipient, or a person
designated as responsible for delivering such messages to the
intended recipient, you are not authorized to disclose, copy,
distribute or retain this message, in whole or in part, without
written authorization from PSEG.  This e-mail may contain
proprietary, confidential or privileged information. If you have
received this message in error, please notify the sender
immediately. This notice is included in all e-mail messages leaving
PSEG.  Thank you for your cooperation.