RE: Re: DDoS protection

[Jess Vermont <jvermont () scottrade com>]

What difference does size make? And who's to say that they aren't just going to target an affiliated company of the 
"small' company and use the 'small' company as a pivot point, if possible, into affiliated systems... remember the 
Target hack here in the States? They hit a 'small' company (granted it wasn't DDOS but small doesn't preclude you from 
being targeted, so to speak) and used that affiliation of systems as an entry point into the Target network... so, no, 
nobody is safe because they are 'small.' Actually I could see that being more of an issue if anything... why go after 
the 'big guys' with 'big resources' when you can hit a 'little guy' who clearly can't sustain an attack of such 
magnitude... it's not the size of the company that matters, it's the value of the data they store or the systems they 
provide access to... 

Peace,

jvermont

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sardina, Dominick
Sent: Friday, June 20, 2014 1:48 PM
To: security-basics () securityfocus com
Subject: RE: Re: DDoS protection

Mikhail , size doesn’t matter. 

Just because an entity is small does not mean they will also be exempt from a DDOS.

That’s like saying, security through obscurity is a good practice and hidden assets will never be discovered.   Tisk 
tisk....dont think that way.

As far as the cloud, the cloud will NEVER BE SECURE. 


Regards,
Dominick 



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mikhail A. Utin
Sent: Friday, June 20, 2014 10:40 AM
To: Kellstr; security-basics () securityfocus com
Subject: RE: Re: DDoS protection

Hello World,
It was interesting discussion, but some people missed that the company in question is SMALL. Do you guys think anybody 
will waste DDoS resources to target a small company? And pay for that? So far I have not seen such paranoid hackers.

Mikhail Utin, CISSP


________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of Kellstr [kellstr () gmail com]
Sent: Thursday, June 19, 2014 12:50 PM
To: security-basics () securityfocus com
Subject: Re: Re: DDoS protection

Disclaimer: I work for a company which offers a DDoS Protection Service.

The advantage of a service "in the cloud" is that if an attack exceeds your circuit bandwidth the provider will be able 
to drop the malicious traffic. That cannot be done at your premise. Both Arbor and Radware offer strong appliances that 
can clean up smaller attacks at your premise and can send a signal to the provider if they support that service. You 
can block traffic using IPS's but keep in mind they are not designed for a volumetric attack and may be overwhelmed.

On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter <lancelassetter () gmail com> wrote:
> What about Suricata or Snort IDS in IPS mode?
>
> On Jun 18, 2014 8:43 AM, "Mikhail A. Utin" <mutin () commonwealthcare org> wrote:
> > As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client 
> > side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against 
> > server side.
> > Mikhail
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com 
> > [mailto:listbounce () securityfocus com] On Behalf Of 
> > kartik.netec () gmail com
> > Sent: Wednesday, June 18, 2014 12:49 AM
> > To: security-basics () securityfocus com
> > Subject: Re: Re: DDoS protection
> >
> > Hi,
> >
> > Thanks for your replies.
> >
> > Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
> >
> > May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting 
> > the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to 
> > detect them. or if there are other benefits owning an In-house product?
> >
> > As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a 
> > latency of milliseconds count.
> >
> > Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
> >
> > Thanks,
> > KT
> >
> > ---------------------------------------------------------------------
> > --- Securing Apache Web Server with thawte Digital Certificate In 
> > this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
> > it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
> > 442f727d1
> > ---------------------------------------------------------------------
> > ---
> >
> >
> > CONFIDENTIALITY NOTICE: This email communication and any attachments 
> > may contain confidential and privileged information for the use of 
> > the designated recipients named above. If you are not the intended 
> > recipient, you are hereby notified that you have received this 
> > communication in error and that any review, disclosure, 
> > dissemination, distribution or copying of it or its contents is 
> > prohibited. If you have received this communication in error, please 
> > reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and 
> > any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our 
> > Internet web site at http://www.commonwealthcare.org.



--
Laws alone cannot secure freedom of expression; in order that every man present his views without penalty there must be 
spirit of tolerance in the entire population. - Albert Einstein

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged 
information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby 
notified that you have received this communication in error and that any review, disclosure, dissemination, 
distribution or copying of it or its contents is prohibited. If you have received this communication in error, please 
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any 
attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet 
web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


-----------------------------------------
The information contained in this e-mail, including any
attachment(s), is intended solely for use by the named
addressee(s).  If you are not the intended recipient, or a person
designated as responsible for delivering such messages to the
intended recipient, you are not authorized to disclose, copy,
distribute or retain this message, in whole or in part, without
written authorization from PSEG.  This e-mail may contain
proprietary, confidential or privileged information. If you have
received this message in error, please notify the sender
immediately. This notice is included in all e-mail messages leaving
PSEG.  Thank you for your cooperation.
All e-mail sent to and from this address will be retained by the Scottrade corporate e-mail system and is subject to 
review by someone other than the recipient. E-mail transmissions may not be secure; contact us at 1-800-619-SAVE for 
more information.