Security Basics
RE: Re: DDoS protection Jun 18 2014 03:10PM
Lance Lassetter (lancelassetter gmail com) (1 replies)
Re: Re: DDoS protection Jun 19 2014 04:50PM
Kellstr (kellstr gmail com) (2 replies)
Re: DDoS protection Jun 20 2014 02:47PM
Hartley, Christopher J. (hartley 87 osu edu) (1 replies)
This is a little confusing; ?cloud?, ?on-premise? etc? weird.

By ?Cloud,? it seem like we mean ?by provider? (makes sense).

On-premise is the best way to detect an attack imo, since the victim network knows what?s good and what?s not (or should?.).

So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.

I don?t think it?s a problem that requires spending significant money.

Chris

On Jun 19, 2014, at 12:50 PM, Kellstr <kellstr (at) gmail (dot) com [email concealed]> wrote:

> Disclaimer: I work for a company which offers a DDoS Protection Service.
>
> The advantage of a service "in the cloud" is that if an attack exceeds
> your circuit bandwidth the provider will be able to drop the malicious
> traffic. That cannot be done at your premise. Both Arbor and Radware
> offer strong appliances that can clean up smaller attacks at your
> premise and can send a signal to the provider if they support that
> service. You can block traffic using IPS's but keep in mind they are
> not designed for a volumetric attack and may be overwhelmed.
>
> On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter
> <lancelassetter (at) gmail (dot) com [email concealed]> wrote:
>> What about Suricata or Snort IDS in IPS mode?
>>
>> On Jun 18, 2014 8:43 AM, "Mikhail A. Utin" <mutin (at) commonwealthcare (dot) org [email concealed]> wrote:
>>>
>>> As you indicated " Although we're small, We're an organization playing with ($,¥,?,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
>>> Mikhail
>>>
>>> -----Original Message-----
>>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of kartik.netec (at) gmail (dot) com [email concealed]
>>> Sent: Wednesday, June 18, 2014 12:49 AM
>>> To: security-basics (at) securityfocus (dot) com [email concealed]
>>> Subject: Re: Re: DDoS protection
>>>
>>> Hi,
>>>
>>> Thanks for your replies.
>>>
>>> Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
>>>
>>> May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
>>>
>>> As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
>>>
>>> Although we're small, We're an organization playing with ($,¥,?,£) exchanges and heavily regulated by the Government.
>>>
>>> Thanks,
>>> KT
>>>
>>> ------------------------------------------------------------------------

>>> Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>> ------------------------------------------------------------------------

>>>
>>>
>>> CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
>>> and privileged information for the use of the designated recipients named above. If you are
>>> not the intended recipient, you are hereby notified that you have received this communication
>>> in error and that any review, disclosure, dissemination, distribution or copying of it or its
>>> contents is prohibited. If you have received this communication in error, please reply to the
>>> sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
>>> and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
>>> please visit our Internet web site at http://www.commonwealthcare.org.
>>>
>
>
>
> --
> Laws alone cannot secure freedom of expression; in order that every
> man present his views without penalty there must be spirit of
> tolerance in the entire population. - Albert Einstein
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>
>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
RE: DDoS protection Jun 20 2014 04:56PM
Wagner, Brett (Brett Wagner bowheadsupport com) (2 replies)
RE: DDoS protection Jun 20 2014 06:49PM
Sardina, Dominick (Dominick Sardina pseg com) (2 replies)
RE: DDoS protection Jun 23 2014 04:02PM
Mikhail A. Utin (mutin commonwealthcare org) (1 replies)
RE: DDoS protection Jun 25 2014 10:56AM
Marios Stylianou (styllosmarios gmail com) (1 replies)
Re: DDoS protection Jun 25 2014 12:52PM
Comp Pycho (computer pycho gmail com) (1 replies)
RE: DDoS protection Jun 25 2014 01:36PM
Mikhail A. Utin (mutin commonwealthcare org)
RE: DDoS protection Jun 23 2014 02:47PM
Phillip Lofaso (Phillip Lofaso prihcs com)
Re: DDoS protection Jun 20 2014 05:46PM
Kellstr (kellstr gmail com)
RE: Re: DDoS protection Jun 20 2014 02:40PM
Mikhail A. Utin (mutin commonwealthcare org) (1 replies)
RE: Re: DDoS protection Jun 20 2014 06:47PM
Sardina, Dominick (Dominick Sardina pseg com) (1 replies)
RE: Re: DDoS protection Jun 23 2014 01:32AM
Jess Vermont (jvermont scottrade com)


 

Privacy Statement
Copyright 2010, SecurityFocus