Security Basics mailing list archives

Re: DDoS protection

From: Raistlin Majere <raistlin () majere net>
Date: Mon, 16 Jun 2014 17:15:09 -0400

The problem with a machine in front of your firewall is that by the time
the DDoS gets to your machine it's too late, your pipe is full and your
just taking some of the weight of off your FW and servers. Your pipe is
still full and nobody can get to your server. You need protection
upstream, so yes, your ISP or a cloud based service.

RM


On 06/16/2014 10:31 AM, Kelly Keeton wrote:

Well every vendor of egress technology (firewall or load balancer) offers a form of protection In some way. 

I would also argue that your using "cloud protection" by using your ISP. 

It's a risk evaluation vs threat possibility discussion here. What is the cost to your business in terms of effect if 
your offline due to a attack. What is the realistic likelihood of you getting attacked?

If your amazon for example - downtime equals immediate lost revenue and public trust of enterprise quality, that 
means long term revenue. People also would be more inclined to "hold random" amazon for a mass attack. 

If your a provider of garage doors and  your website is contact info and a catalog only. Will it matter if your 
offline for a day? Who cares to attack you?

Also note that you can't prevent large scale ddos - if it's large enough no "appliance" model will save you. And a 
distributed model might even be taken out. 

You actually will be more cost effective and technically easier to use cloud biased concepts (beyond your ISP) so if 
your serious it's a poor argument to scuff them off (I am assuming your a single site smaller organization)  

Kelly Keeton
Sent via mobile device.

On Jun 16, 2014, at 1:16 AM, kartik.netec () gmail com wrote:

Hi,

My question is about the DDoS protection appliances. Is it really worth spending $$$$$ buying a DDoS appliance if we 
already had DDoS subscription from the ISPs?

And apart from Arbor and Fortinet, do we have any other big player in this technology?

PS: we are not evaluating cloud based DDoS protection.

Please advise.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: DDoS protection, (continued)
- Re: DDoS protection tdjackey (Jun 16)
  - Re: DDoS protection Rob Morin (Jun 17)
    - RE: DDoS protection rajumsn (Jun 18)
    - Re: DDoS protection Abhishek Kumar (abhkuma7) (Jun 18)
- Re: DDoS protection Kopacsi, Christian (Jun 16)
  - Re: DDoS protection Dolev Farhi (Jun 17)
  - Re: DDoS protection MLS (Jun 17)
- RE: DDoS protection Jácint TÓTH (Jun 16)
- RE: DDoS protection Sable, Amol (Jun 16)
- Re: DDoS protection Kelly Keeton (Jun 16)
  - Re: DDoS protection Raistlin Majere (Jun 17)
- Re: DDoS protection Dolev Farhi (Jun 17)
- Re: DDoS protection alphaone . tw (Jun 18)
  - Re: DDoS protection Claudiu Hulea (Jun 18)
  - Re: DDoS protection Jean-Marc Dupuis (Jun 18)
- Re: Re: DDoS protection kartik . netec (Jun 18)
  - RE: Re: DDoS protection Mikhail A. Utin (Jun 18)
  - RE: Re: DDoS protection Sardina, Dominick (Jun 20)
- RE: Re: DDoS protection Lance Lassetter (Jun 19)
  - Re: Re: DDoS protection Kellstr (Jun 20)
    - RE: Re: DDoS protection Mikhail A. Utin (Jun 20)

(Thread continues...)