Home page logo
/

basics logo Security Basics mailing list archives

Re: AWS and security
From: ShiYih Lye <shiyih.lye () my offgamers com>
Date: Wed, 11 Jul 2012 11:17:45 +0800

hi Sean,

I think using which vendor's colocation will have nothing to do with
the rates of viral infestation, ddos and script kiddy attacks on
servers. I don't think your server will be attacked 'more' due to you
host in vendor X compare with vendor Y.

But for the experience of ddos, amazon AWS might have the bigger
bandwidth in terms of router and perimeter firewall, compare with
other vendor who use a physical one. When you're being attacked with a
large flood of packets, your server upstream router might not
responsive before it even reach to the firewall, and then your server.
If the vendor have a stronger bandwidth to sustain that, it may give a
better room for you to tackle the attack, but of course it will be
another story whether your server able to handle that.

In our pass experience when we host the server in a physical hardware,
the ddos traffic force our vendor to null route us at the upstream
router because it's too much for them to handle it. And in another
occasion, the ddos collapse the perimeter firewall and we not even
able to connect to it to see how much traffic is hitting it. We then
shift the servers into AWS, and eventually amazon is able to take up a
relatively bigger bandwidth of attack. We then only do enhancement at
the server end to mitigate the ddos attack.

However do notice there are many types of ddos, the one I'm mentioning
is only when they use a huge request flood to paralyze your device.
Different type of ddos attack may give totally different experience,
so you might want to view more comment before deciding that.

Lye

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault