DDoS protection

Discussion:

DDoS protection

k***@gmail.com

2014-06-16 08:16:41 UTC

Hi,

My question is about the DDoS protection appliances. Is it really worth spending $$$$$ buying a DDoS appliance if we already had DDoS subscription from the ISPs?

And apart from Arbor and Fortinet, do we have any other big player in this technology?

PS: we are not evaluating cloud based DDoS protection.

Please advise.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

tdjackey

2014-06-16 11:31:05 UTC

Permalink

Maybe you can try safedog which can protect you from ddos
~

Post by k***@gmail.com
Hi,
My question is about the DDoS protection appliances. Is it really worth spending $$$$$ buying a DDoS appliance if we already had DDoS subscription from the ISPs?
And apart from Arbor and Fortinet, do we have any other big player in this technology?
PS: we are not evaluating cloud based DDoS protection.
Please advise.
Thanks,
KT
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Rob Morin

2014-06-16 18:27:32 UTC

Permalink

I have used Prolexic in the past with very good results..

Rob Morin
Montreal, Canada

Listen to Canada's only 24 hour Lounge Music Station
http://www.theloungesound.ca

Post by tdjackey
Maybe you can try safedog which can protect you from ddos
~

r***@ingvysyabank.com

2014-06-17 10:12:32 UTC

Permalink

What about arbor?

Reagrds
Raju MSN

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Rob Morin
Sent: Tuesday, June 17, 2014 3:36 PM
To: security-***@securityfocus.com
Subject: Re: DDoS protection

I have used Prolexic in the past with very good results..

Rob Morin
Montreal, Canada

Listen to Canada's only 24 hour Lounge Music Station
http://www.theloungesound.ca

Post by tdjackey
Maybe you can try safedog which can protect you from ddos
~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate

In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Please do not print this email unless it is absolutely necessary.

ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them.

ING Vysya Bank Limited, ING Vysya House, #22, MG Road, Bangalore-560001 | Corporate Identity Number : L85110KA1930PLC000124 | Tel/Fax: 080-25005000 / 080-25005555 | www.ingvysyabank.com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Abhishek Kumar (abhkuma7)

2014-06-17 12:50:46 UTC

Permalink

+1

Yes have used Prolexic in the past and appears to be a good solution.

Thanks,
Abhishek

Post by Rob Morin
I have used Prolexic in the past with very good results..
Rob Morin
Montreal, Canada
Listen to Canada's only 24 hour Lounge Music Station
http://www.theloungesound.ca

Post by tdjackey
Maybe you can try safedog which can protect you from ddos
~

Post by k***@gmail.com
Hi,
My question is about the DDoS protection appliances. Is it really
worth spending $$$$$ buying a DDoS appliance if we already had DDoS
subscription from the ISPs?
And apart from Arbor and Fortinet, do we have any other big player in this technology?
PS: we are not evaluating cloud based DDoS protection.
Please advise.
Thanks,
KT
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your
company and how your customers can tell if a site is secure. You will
find out how to test, purchase, install and use a thawte Digital
Certificate on your Apache web server. Throughout, best practices for
set-up are highlighted to help you ensure efficient ongoing management
of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

Kopacsi, Christian

2014-06-16 12:10:32 UTC

Permalink

Radware is a pretty big player in the appliance and in the cloud solution for DDoS.

Sent from my iPhone

------------------------------------------------------------------------------------

Notice: This e-mail message and any attachments are solely for the confidential use of the intended recipient. If you are not the intended recipient, please do not distribute or act in reliance on this message. If you have received this message by mistake, please notify us immediately by return e-mail and promptly delete this message and any attachments from your computer system. Your assistance in correcting this situation is appreciated. Chemical Financial Corporation and affiliated companies.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Dolev Farhi

2014-06-16 18:21:33 UTC

Permalink

same goes for F5 with their recent acquirement of Defense.Net

Post by Kopacsi, Christian
Radware is a pretty big player in the appliance and in the cloud solution for DDoS.
Sent from my iPhone

------------------------------------------------------------------------------------
Notice: This e-mail message and any attachments are solely for the confidential use of the intended recipient. If you are not the intended recipient, please do not distribute or act in reliance on this message. If you have received this message by mistake, please notify us immediately by return e-mail and promptly delete this message and any attachments from your computer system. Your assistance in correcting this situation is appreciated. Chemical Financial Corporation and affiliated companies.
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

PEra (MLS)

2014-06-16 22:17:41 UTC

Permalink

On Mon, 16 Jun 2014 12:10:32 +0000

Post by Kopacsi, Christian
Radware is a pretty big player in the appliance and in the cloud solution for DDoS.

Second that. I had a few projects with them, their DefensePro boxes are
quite nice against large floods and tricky low-volume attacks. Really
nice piece of technology. Never seen how (well) their cloud product
(DefensePipe) integrates with the appliance, though.

Best,
P.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Jácint TÓTH

2014-06-16 12:15:36 UTC

Permalink

Hi,

The answer to the first question is "it depends". At bandwidths that Your ISP can easily handle, the answer is probably no, their equipment is better placed and probably of a higher grade, so it is better to handle the DDoS protection there, and just put some "of sound mind" sort of things on Your end to handle small-scale stuff that may no even trigger detection thresholds at the ISP.

Now on the other hand, if you are in a large hosted environment like a server hotel hooked up directly to an Internet Exchange, or are handling huge amounts of traffic in a datacenter, maybe even function as a traffic concentrator for a larger MAN/WAN/GAN, then it does make sense to have an own solution for the purpose of DDoS protection and maybe firewalling integrated with it. At 10G and higher traffic links and/or several 100s of thousands of RPS on NORMAL traffic, You would probably want to know exactly what You are working with, what's happening to it, and eliminate the delays with having an external entity manage the service.

Cost-wise, You have to measure cost vs. potential risk and loss of income if You don't have these, and this calculation will almost always happen to bring You into the 6-digit range in a year at least (USD), as there are significant costs associated with procuring/implementing/operating/supporting such devices. So if you are far beneath that range budget-wise or traffic-wise, don't bother, go with the managed service of the ISP.

As for the second question, at first thought there is A10 Networks who have several appliances up to N*40Gb bandwidth for both dedicated DDoS protection and integrated into an application firewall/load balancer, and Cisco's Guard XT series is also an option if You are playing in this league. Ctrix's Netscalers are balancers /ALGs that can help You with DDoS-protection for certain protocols, but these are not really dedicated security devices.

If you just want to go for "something", or build something small-scale, then You coul do some testing with say Aache mod_security on an OpenBSD or FreeBSD with pf, these are working fine on a small scale and are cheap to build and maintain, but You'll probably end up managing them Yourself and bear in mind, community support is nothing compared to what a large vendor will provide.

Cheers,
--
Jacint

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of ***@gmail.com
Sent: Monday, June 16, 2014 10:17 AM
To: security-***@securityfocus.com
Subject: DDoS protection

Hi,

My question is about the DDoS protection appliances. Is it really worth spending $$$$$ buying a DDoS appliance if we already had DDoS subscription from the ISPs?

And apart from Arbor and Fortinet, do we have any other big player in this technology?

PS: we are not evaluating cloud based DDoS protection.

Please advise.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Kelly Keeton

2014-06-16 14:31:33 UTC

Permalink

Well every vendor of egress technology (firewall or load balancer) offers a form of protection In some way.

I would also argue that your using "cloud protection" by using your ISP.

It's a risk evaluation vs threat possibility discussion here. What is the cost to your business in terms of effect if your offline due to a attack. What is the realistic likelihood of you getting attacked?

If your amazon for example - downtime equals immediate lost revenue and public trust of enterprise quality, that means long term revenue. People also would be more inclined to "hold random" amazon for a mass attack.

If your a provider of garage doors and your website is contact info and a catalog only. Will it matter if your offline for a day? Who cares to attack you?

Also note that you can't prevent large scale ddos - if it's large enough no "appliance" model will save you. And a distributed model might even be taken out.

You actually will be more cost effective and technically easier to use cloud biased concepts (beyond your ISP) so if your serious it's a poor argument to scuff them off (I am assuming your a single site smaller organization)

Kelly Keeton
Sent via mobile device.

Raistlin Majere

2014-06-16 21:15:09 UTC

Permalink

The problem with a machine in front of your firewall is that by the time
the DDoS gets to your machine it's too late, your pipe is full and your
just taking some of the weight of off your FW and servers. Your pipe is
still full and nobody can get to your server. You need protection
upstream, so yes, your ISP or a cloud based service.

RM

Post by Kelly Keeton
Well every vendor of egress technology (firewall or load balancer) offers a form of protection In some way.
I would also argue that your using "cloud protection" by using your ISP.
It's a risk evaluation vs threat possibility discussion here. What is the cost to your business in terms of effect if your offline due to a attack. What is the realistic likelihood of you getting attacked?
If your amazon for example - downtime equals immediate lost revenue and public trust of enterprise quality, that means long term revenue. People also would be more inclined to "hold random" amazon for a mass attack.
If your a provider of garage doors and your website is contact info and a catalog only. Will it matter if your offline for a day? Who cares to attack you?
Also note that you can't prevent large scale ddos - if it's large enough no "appliance" model will save you. And a distributed model might even be taken out.
You actually will be more cost effective and technically easier to use cloud biased concepts (beyond your ISP) so if your serious it's a poor argument to scuff them off (I am assuming your a single site smaller organization)
Kelly Keeton
Sent via mobile device.

Sable, Amol

2014-06-16 13:18:40 UTC

Permalink

Hi Kartik,

Greetings!

DDS vs IPS (for DoS protection aspect only)

The following capabilities are essential as part of any DoS Defense solution. I'm trying to add my comments for IPS in the same area.

1. Detect and mitigate rate-based and protocol attacks
--> Hard to comment on ability of IPS boxes here. I feel, DDS are more focused on the problem than IPS

2. Resistant to known evasion techniques
--> Based on my observation, IPS vendors are continually improving on detecting attacks combining evasion techniques

3. Be highly resilient and stable and provide legitimate access to protected resources while under DDoS attack
-->IPS boxes undergo rigorous stress testing these days

4. Ability to operate at layer 3
--> An IPS monitors traffic at Layer 3 and Layer 4 to ensure that their headers, states, and so on are those specified in the protocol suite. However, the IPS sensor analyzes at Layer 2 to Layer 7 the payload of the packets for more sophisticated embedded attacks that might include malicious data. This deeper analysis lets the IPS identify, stop, and block attacks that would normally pass through a traditional firewall devices, even DDS devices

If anti DDoS solutions are really solving the purpose needs to be evaluated. May be some benchmark reports will help. Some vendors are providing such reports for both - IPS appliances as well as DDS devices. That would be a good starting point.

I'd not buy DDS unless it is an absolute necessity and there are no budget constraints.

The question is really good. Let's see what other's views are.

Regards,
Amol

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of ***@gmail.com
Sent: 16 June 2014 13:47
To: security-***@securityfocus.com
Subject: DDoS protection

Hi,

My question is about the DDoS protection appliances. Is it really worth spending $$$$$ buying a DDoS appliance if we already had DDoS subscription from the ISPs?

And apart from Arbor and Fortinet, do we have any other big player in this technology?

PS: we are not evaluating cloud based DDoS protection.

Please advise.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Dolev Farhi

2014-06-16 18:25:43 UTC

Permalink

look for F5's solution, they have recently acquired Defense.Net for DDoS
solutions.

a***@gmail.com

2014-06-17 11:05:44 UTC

Permalink

If your ISP can clean everything for you, there will be no need to buy anti-DDOS devices and put inside your network. Unless you are going to prevent outbound DDOS from within your network.

If you are looking for anti-DDOS devices, Radware DefensePro can do good job for you according to my experience. They provide both signature and behavior based DDOS protection. And you can write your own signature when needed.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Claudiu Hulea

2014-06-18 12:48:18 UTC

Permalink

Arbor Networks.

Try to mitigate the risks to ISP. Arbor is standard for many ISPs.

Post by a***@gmail.com
If your ISP can clean everything for you, there will be no need to buy anti-DDOS devices and put inside your network. Unless you are going to prevent outbound DDOS from within your network.
If you are looking for anti-DDOS devices, Radware DefensePro can do good job for you according to my experience. They provide both signature and behavior based DDOS protection. And you can write your own signature when needed.
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Jean-Marc Dupuis

2014-06-18 12:48:05 UTC

Permalink

The problem with that is an ISP can only block approximately 88% of malware otherwise it starts blocking legitimate traffic. Therefore there is additional care that needs to be taken by organizations to ensure that they are working within their acceptable risk tolerance.

----------------original message-----------------
From: ***@gmail.com
To: security-***@securityfocus.com
Date: Tue, 17 Jun 2014 11:05:44 GMT
-------------------------------------------------

Post by a***@gmail.com
If your ISP can clean everything for you, there will be no need to buy anti-DDOS
devices and put inside your network. Unless you are going to prevent outbound
DDOS from within your network.
If you are looking for anti-DDOS devices, Radware DefensePro can do good job for
you according to my experience. They provide both signature and behavior based
DDOS protection. And you can write your own signature when needed.
--------------------------------------------------------------------
----
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how your
customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6b
e442f727d1
--------------------------------------------------------------------
----
--
This email was Virus checked by Astaro Security Gateway.

--
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

k***@gmail.com

2014-06-18 04:49:17 UTC

Permalink

Hi,

Thanks for your replies.

Noted the points raised by Jacint and Kelly Keeton. I appreciate that.

May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?

As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.

Although we're small, We're an organization playing with ($,¥,,£) exchanges and heavily regulated by the Government.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Mikhail A. Utin

2014-06-18 13:43:26 UTC

Permalink

As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of ***@gmail.com
Sent: Wednesday, June 18, 2014 12:49 AM
To: security-***@securityfocus.com
Subject: Re: Re: DDoS protection

Hi,

Thanks for your replies.

Noted the points raised by Jacint and Kelly Keeton. I appreciate that.

May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?

As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.

Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonweal

Sardina, Dominick

2014-06-20 13:14:32 UTC

Permalink

KT, try www.sucuri.net

They provide a great anti-ddos service.

Myself, I prefer an outside service from the ISP or a company like Sucuri or Cloudflare, although I lean more towards Sucuri.

Regards,
Dominick

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of ***@gmail.com
Sent: Wednesday, June 18, 2014 12:49 AM
To: security-***@securityfocus.com
Subject: Re: Re: DDoS protection

Hi,

Thanks for your replies.

Noted the points raised by Jacint and Kelly Keeton. I appreciate that.

May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?

As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.

Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

-----------------------------------------
The information contained in this e-mail, including any
attachment(s), is intended solely for use by the named
addressee(s). If you are not the intended recipient, or a person
designated as responsible for delivering such messages to the
intended recipient, you are not authorized to disclose, copy,
distribute or retain this message, in whole or in part, without
written authorization from PSEG. This e-mail may contain
proprietary, confidential or privileged information. If you have
received this message in error, please notify the sender
immediately. This notice is included in all e-mail messages leaving
PSEG. Thank you for your

Lance Lassetter

2014-06-18 15:10:49 UTC

Permalink

What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site

Kellstr

2014-06-19 16:50:52 UTC

Permalink

Disclaimer: I work for a company which offers a DDoS Protection Service.

The advantage of a service "in the cloud" is that if an attack exceeds
your circuit bandwidth the provider will be able to drop the malicious
traffic. That cannot be done at your premise. Both Arbor and Radware
offer strong appliances that can clean up smaller attacks at your
premise and can send a signal to the provider if they support that
service. You can block traffic using IPS's but keep in mind they are
not designed for a volumetric attack and may be overwhelmed.

On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Mikhail A. Utin

2014-06-20 14:40:00 UTC

Permalink

Hello World,
It was interesting discussion, but some people missed that the company in question is SMALL. Do you guys think anybody will waste DDoS resources to target a small company? And pay for that? So far I have not seen such paranoid hackers.

Mikhail Utin, CISSP

________________________________________
From: ***@securityfocus.com [***@securityfocus.com] On Behalf Of Kellstr [***@gmail.com]
Sent: Thursday, June 19, 2014 12:50 PM
To: security-***@securityfocus.com
Subject: Re: Re: DDoS protection

Disclaimer: I work for a company which offers a DDoS Protection Service.

The advantage of a service "in the cloud" is that if an attack exceeds
your circuit bandwidth the provider will be able to drop the malicious
traffic. That cannot be done at your premise. Both Arbor and Radware
offer strong appliances that can clean up smaller attacks at your
premise and can send a signal to the provider if they support that
service. You can block traffic using IPS's but keep in mind they are
not designed for a volumetric attack and may be overwhelmed.

On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

--
Laws alone cannot secure freedom of expression; in order that every
man present his views without penalty there must be spirit of
tolerance in the entire population. - Albert Einstein

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Sardina, Dominick

2014-06-20 18:47:43 UTC

Permalink

Mikhail , size doesn’t matter.

Just because an entity is small does not mean they will also be exempt from a DDOS.

That’s like saying, security through obscurity is a good practice and hidden assets will never be discovered. Tisk tisk....dont think that way.

As far as the cloud, the cloud will NEVER BE SECURE.

Regards,
Dominick

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Mikhail A. Utin
Sent: Friday, June 20, 2014 10:40 AM
To: Kellstr; security-***@securityfocus.com
Subject: RE: Re: DDoS protection

Hello World,
It was interesting discussion, but some people missed that the company in question is SMALL. Do you guys think anybody will waste DDoS resources to target a small company? And pay for that? So far I have not seen such paranoid hackers.

Mikhail Utin, CISSP

________________________________________
From: ***@securityfocus.com [***@securityfocus.com] On Behalf Of Kellstr [***@gmail.com]
Sent: Thursday, June 19, 2014 12:50 PM
To: security-***@securityfocus.com
Subject: Re: Re: DDoS protection

Disclaimer: I work for a company which offers a DDoS Protection Service.

The advantage of a service "in the cloud" is that if an attack exceeds your circuit bandwidth the provider will be able to drop the malicious traffic. That cannot be done at your premise. Both Arbor and Radware offer strong appliances that can clean up smaller attacks at your premise and can send a signal to the provider if they support that service. You can block traffic using IPS's but keep in mind they are not designed for a volumetric attack and may be overwhelmed.

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
---------------------------------------------------------------------
--- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
442f727d1
---------------------------------------------------------------------
---
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential and privileged information for the use of
the designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is
prohibited. If you have received this communication in error, please
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

--
Laws alone cannot secure freedom of expression; in order that every man present his views without penalty there must be spirit of tolerance in the entire population. - Albert Einstein

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

-----------------------------------------
The information contained in this e-mail, including any
attachment(s), is intended solely for use by the named
addressee(s). If you are not the intended recipient, or a person
designated as responsible for delivering such messages to the
intended recipient, you are not authorized to disclose, copy,
distribute or retain this message, in whole or in part, without
written authorization from PSEG. This e-mail may contain
proprietary, confidential or privileged information. If you have
received this message in error, please notify the sender
immediately. This notice is included in all e-mail messages leaving
PSEG. Thank you for your cooper

Jess Vermont

2014-06-23 01:32:12 UTC

Permalink

What difference does size make? And who's to say that they aren't just going to target an affiliated company of the "small' company and use the 'small' company as a pivot point, if possible, into affiliated systems... remember the Target hack here in the States? They hit a 'small' company (granted it wasn't DDOS but small doesn't preclude you from being targeted, so to speak) and used that affiliation of systems as an entry point into the Target network... so, no, nobody is safe because they are 'small.' Actually I could see that being more of an issue if anything... why go after the 'big guys' with 'big resources' when you can hit a 'little guy' who clearly can't sustain an attack of such magnitude... it's not the size of the company that matters, it's the value of the data they store or the systems they provide access to...

Peace,

jvermont

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Sardina, Dominick
Sent: Friday, June 20, 2014 1:48 PM
To: security-***@securityfocus.com
Subject: RE: Re: DDoS protection

Mikhail , size doesn’t matter.

Just because an entity is small does not mean they will also be exempt from a DDOS.

That’s like saying, security through obscurity is a good practice and hidden assets will never be discovered. Tisk tisk....dont think that way.

As far as the cloud, the cloud will NEVER BE SECURE.

Regards,
Dominick

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Mikhail A. Utin
Sent: Friday, June 20, 2014 10:40 AM
To: Kellstr; security-***@securityfocus.com
Subject: RE: Re: DDoS protection

Hello World,
It was interesting discussion, but some people missed that the company in question is SMALL. Do you guys think anybody will waste DDoS resources to target a small company? And pay for that? So far I have not seen such paranoid hackers.

Mikhail Utin, CISSP

________________________________________
From: ***@securityfocus.com [***@securityfocus.com] On Behalf Of Kellstr [***@gmail.com]
Sent: Thursday, June 19, 2014 12:50 PM
To: security-***@securityfocus.com
Subject: Re: Re: DDoS protection

Disclaimer: I work for a company which offers a DDoS Protection Service.

The advantage of a service "in the cloud" is that if an attack exceeds your circuit bandwidth the provider will be able to drop the malicious traffic. That cannot be done at your premise. Both Arbor and Radware offer strong appliances that can clean up smaller attacks at your premise and can send a signal to the provider if they support that service. You can block traffic using IPS's but keep in mind they are not designed for a volumetric attack and may be overwhelmed.

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
---------------------------------------------------------------------
--- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
442f727d1
---------------------------------------------------------------------
---
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential and privileged information for the use of
the designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is
prohibited. If you have received this communication in error, please
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

--
Laws alone cannot secure freedom of expression; in order that every man present his views without penalty there must be spirit of tolerance in the entire population. - Albert Einstein

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

-----------------------------------------
The information contained in this e-mail, including any
attachment(s), is intended solely for use by the named
addressee(s). If you are not the intended recipient, or a person
designated as responsible for delivering such messages to the
intended recipient, you are not authorized to disclose, copy,
distribute or retain this message, in whole or in part, without
written authorization from PSEG. This e-mail may contain
proprietary, confidential or privileged information. If you have
received this message in error, please notify the sender
immediately. This notice is included in all e-mail messages leaving
PSEG. Thank you for your cooperation.
All e-mail sent to and from this address will be retained by the Scottrade corporate e-mail system and is subject to review by someone other than the recipient. E-mail transmissions may not be secure; contact us at 1-800-619-SAVE for more information.

Hartley, Christopher J.

2014-06-20 14:47:50 UTC

Permalink

This is a little confusing; “cloud”, “on-premise” etc… weird.

By “Cloud,” it seem like we mean “by provider” (makes sense).

On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).

So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.

I don’t think it’s a problem that requires spending significant money.

Chris

Post by Kellstr
Disclaimer: I work for a company which offers a DDoS Protection Service.
The advantage of a service "in the cloud" is that if an attack exceeds
your circuit bandwidth the provider will be able to drop the malicious
traffic. That cannot be done at your premise. Both Arbor and Radware
offer strong appliances that can clean up smaller attacks at your
premise and can send a signal to the provider if they support that
service. You can block traffic using IPS's but keep in mind they are
not designed for a volumetric attack and may be overwhelmed.
On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Wagner, Brett

2014-06-20 16:56:55 UTC

Permalink

IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.

It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.

OK I will now get off my soapbox.
-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Hartley, Christopher J.
Sent: Friday, June 20, 2014 10:48 AM
To: Kellstr
Cc: security-***@securityfocus.com
Subject: Re: DDoS protection

This is a little confusing; “cloud”, “on-premise” etc… weird.

By “Cloud,” it seem like we mean “by provider” (makes sense).

On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).

So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.

I don’t think it’s a problem that requires spending significant money.

Chris

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
--------------------------------------------------------------------
---- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6b
e442f727d1
--------------------------------------------------------------------
----
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential and privileged information for the use of
the designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is
prohibited. If you have received this communication in error, please
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

Kellstr

2014-06-20 17:46:17 UTC

Permalink

We have seen some ridiculously large attacks against small customers.
These attacks are dirt cheap to use against anyone connected to the
Internet. If the amount of malicious traffic exceeds your circuit
bandwidth there is little you can do from your end. Flowspec would
only be useful if you had a very small pool of sources or could put a
very specific rule in place.

My favorite filter is a rate limiter that basically says if a single
src IP exceeds X Mbps/Y pps it's blackholed for some amount of time.
After than it gets re-evaluated. If the traffic from the IP obeys the
rules of behavior that IP can interact with the site. And that's
something that would be difficult to accomplish with sending out
FlowSpec rules. By creating filters that define proper behavior I
don't have to play whack-a-mole against the attacker blocking each new
src IP or vector they use. There will always be some tuning that needs
to be done, these guys will find new ways to attack. But if you can
enforce good behavior rules on visitors to a site you can really
reduce the attack vectors.

Ultimately, if you have resources on the Internet you need to evaluate
the risks involved. Can you take down time? If so, how long? Do you
need a full-blown DDoS Solution or would a CDN (like Akamai) provide
enough of a buffer? And don't forget to diversify the datacenters your
resources are located in. Maybe you never take an attack but your
neighbor in the next cage does. Doesn't matter, your still down.

Kelly

On Fri, Jun 20, 2014 at 12:56 PM, Wagner, Brett

Post by Wagner, Brett
IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.
It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.
OK I will now get off my soapbox.
-----Original Message-----
Sent: Friday, June 20, 2014 10:48 AM
To: Kellstr
Subject: Re: DDoS protection
This is a little confusing; “cloud”, “on-premise” etc… weird.
By “Cloud,” it seem like we mean “by provider” (makes sense).
On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).
So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.
I don’t think it’s a problem that requires spending significant money.
Chris

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
--------------------------------------------------------------------
---- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6b
e442f727d1
--------------------------------------------------------------------
----
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential and privileged information for the use of
the designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is
prohibited. If you have received this communication in error, please
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

Sardina, Dominick

2014-06-20 18:49:29 UTC

Permalink

Brett, I have to agree 100%.

Regards,
Dominick

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Wagner, Brett
Sent: Friday, June 20, 2014 12:57 PM
To: Hartley, Christopher J.; Kellstr
Cc: security-***@securityfocus.com
Subject: RE: DDoS protection

IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.

It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.

OK I will now get off my soapbox.
-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Hartley, Christopher J.
Sent: Friday, June 20, 2014 10:48 AM
To: Kellstr
Cc: security-***@securityfocus.com
Subject: Re: DDoS protection

This is a little confusing; “cloud”, “on-premise” etc… weird.

By “Cloud,” it seem like we mean “by provider” (makes sense).

On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).

So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.

I don’t think it’s a problem that requires spending significant money.

Chris

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
--------------------------------------------------------------------
---- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6b
e442f727d1
--------------------------------------------------------------------
----
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential and privileged information for the use of
the designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is
prohibited. If you have received this communication in error, please
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

Phillip Lofaso

2014-06-23 14:47:35 UTC

Permalink

My apologies for the mass email, but can someone please tell me how to unsubscribe from this group? I am no longer working in this field.

Thank you.

**************
Phillip A. LoFaso
Marketing Director
PRI Healthcare Solutions | Haymarket Media, Inc.
140 East Ridgewood Avenue Suite 176N | Paramus, NJ 07652
O: 201-799-4889
E: ***@haymarketmedia.com

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Sardina, Dominick
Sent: Friday, June 20, 2014 2:49 PM
To: security-***@securityfocus.com
Subject: RE: DDoS protection

Brett, I have to agree 100%.

Regards,
Dominick

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Wagner, Brett
Sent: Friday, June 20, 2014 12:57 PM
To: Hartley, Christopher J.; Kellstr
Cc: security-***@securityfocus.com
Subject: RE: DDoS protection

IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.

It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.

OK I will now get off my soapbox.
-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Hartley, Christopher J.
Sent: Friday, June 20, 2014 10:48 AM
To: Kellstr
Cc: security-***@securityfocus.com
Subject: Re: DDoS protection

This is a little confusing; “cloud”, “on-premise” etc… weird.

By “Cloud,” it seem like we mean “by provider” (makes sense).

On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).

So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.

I don’t think it’s a problem that requires spending significant money.

Chris

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
--------------------------------------------------------------------
---- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6b
e442f727d1
--------------------------------------------------------------------
----
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential and privileged information for the use of
the designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is
prohibited. If you have received this communication in error, please
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

-----------------------------------------
The information contained in this e-mail, including any attachment(s), is intended solely for use by the named addressee(s). If you are not the intended recipient, or a person designated as responsible for delivering such messages to the intended recipient, you are not authorized to disclose, copy, distribute or retain this message, in whole or in part, without written authorization from PSEG. This e-mail may contain proprietary, confidential or privileged information. If you have received this message in error, please notify the sender immediately. This notice is included in all e-mail messages leaving PSEG. Thank you for your cooperation.

This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender by replying to this e-mail.

Replies to this email may be monitored by the Haymarket Group
for operational or business reasons.

Whilst every endeavour is taken to ensure that e-mails are free from
viruses, no liability can be accepted and the recipient is requested
to use their own virus checking software.

www.haymarket.com

Haymarket Media Group Limited
Registered in England no. 267189
Registered Office: Teddington Studios, Broom Road, Teddington, Middlesex, TW11

Mikhail A. Utin

2014-06-23 16:02:23 UTC

Permalink

Hello,
Yes, all has been known for a while. I got two presentations discussing partially "cloud" matter at OWASP AppSec DC 2012 and DeepSec 2012 and 2013.
You can check both for presentations or ask me personally.
Basically, all "clouds" are simply application hosting web sites. And technically a "cloud" is a datacenter. Whether such app is a virtual network or Mom&Dad Pizza shop HTML site does not matter.
So named "cloud computing concept" has nothing in common with computing, and not a concept at all. Models are useless and in such case as "Community Cloud" and "Hybrid Cloud" is legal nonsense, simply because a service provider cannot have legal binding relationship (aka a contract) with a community, which is not a legal entity.
I tried to dig out where "cloud" came from. It is an invention of IBM circle companies hosting site reselling IBM services. And in essence is the replacement of Google and next IBM funded academic cluster project "Academia Cluster Computing Initiative" or ACCI, see: Let a Thousand servers bloom – Google official post, Posted by Christophe Bisciglia, October 8, 2007 http://googleblog.blogspot.com/2007/10/let-thousand-servers-bloom.html
IBM circle guys replaced "cluster" with "cloud" and renamed ACCI as "Academia Cloud Computing Initiative". Bingo! Next they needed something looking like science in a form of "models".
However, guys violated Google intellectual property rights on the original ACCI project name.

Regards

Mikhail

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Sardina, Dominick
Sent: Friday, June 20, 2014 2:49 PM
To: security-***@securityfocus.com
Subject: RE: DDoS protection

Brett, I have to agree 100%.

Regards,
Dominick

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Wagner, Brett
Sent: Friday, June 20, 2014 12:57 PM
To: Hartley, Christopher J.; Kellstr
Cc: security-***@securityfocus.com
Subject: RE: DDoS protection

IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.

It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.

OK I will now get off my soapbox.
-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Hartley, Christopher J.
Sent: Friday, June 20, 2014 10:48 AM
To: Kellstr
Cc: security-***@securityfocus.com
Subject: Re: DDoS protection

This is a little confusing; “cloud”, “on-premise” etc… weird.

By “Cloud,” it seem like we mean “by provider” (makes sense).

On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).

So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.

I don’t think it’s a problem that requires spending significant money.

Chris

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
--------------------------------------------------------------------
---- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6b
e442f727d1
--------------------------------------------------------------------
----
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential and privileged information for the use of
the designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is
prohibited. If you have received this communication in error, please
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

-----------------------------------------
The information contained in this e-mail, including any attachment(s), is intended solely for use by the named addressee(s). If you are not the intended recipient, or a person designated as responsible for delivering such messages to the intended recipient, you are not authorized to disclose, copy, distribute or retain this message, in whole or in part, without written authorization from PSEG. This e-mail may contain proprietary, confidential or privileged information. If you have received this message in error, please notify the sender immediately. This notice is included in all e-mail messages leaving PSEG. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.c

Marios Stylianou

2014-06-25 10:56:40 UTC

Permalink

You can try Incapsula services.

Mindbets

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Mikhail A. Utin
Sent: Monday, June 23, 2014 7:02 PM
To: Sardina, Dominick; security-***@securityfocus.com
Subject: RE: DDoS protection

Hello,
Yes, all has been known for a while. I got two presentations discussing partially "cloud" matter at OWASP AppSec DC 2012 and DeepSec 2012 and 2013.
You can check both for presentations or ask me personally.
Basically, all "clouds" are simply application hosting web sites. And technically a "cloud" is a datacenter. Whether such app is a virtual network or Mom&Dad Pizza shop HTML site does not matter.
So named "cloud computing concept" has nothing in common with computing, and not a concept at all. Models are useless and in such case as "Community Cloud" and "Hybrid Cloud" is legal nonsense, simply because a service provider cannot have legal binding relationship (aka a contract) with a community, which is not a legal entity.
I tried to dig out where "cloud" came from. It is an invention of IBM circle companies hosting site reselling IBM services. And in essence is the replacement of Google and next IBM funded academic cluster project "Academia Cluster Computing Initiative" or ACCI, see: Let a Thousand servers bloom – Google official post, Posted by Christophe Bisciglia, October 8, 2007 http://googleblog.blogspot.com/2007/10/let-thousand-servers-bloom.html
IBM circle guys replaced "cluster" with "cloud" and renamed ACCI as "Academia Cloud Computing Initiative". Bingo! Next they needed something looking like science in a form of "models".
However, guys violated Google intellectual property rights on the original ACCI project name.

Regards

Mikhail

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Sardina, Dominick
Sent: Friday, June 20, 2014 2:49 PM
To: security-***@securityfocus.com
Subject: RE: DDoS protection

Brett, I have to agree 100%.

Regards,
Dominick

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Wagner, Brett
Sent: Friday, June 20, 2014 12:57 PM
To: Hartley, Christopher J.; Kellstr
Cc: security-***@securityfocus.com
Subject: RE: DDoS protection

IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.

It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.

OK I will now get off my soapbox.
-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On Behalf Of Hartley, Christopher J.
Sent: Friday, June 20, 2014 10:48 AM
To: Kellstr
Cc: security-***@securityfocus.com
Subject: Re: DDoS protection

This is a little confusing; “cloud”, “on-premise” etc… weird.

By “Cloud,” it seem like we mean “by provider” (makes sense).

On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).

So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.

I don’t think it’s a problem that requires spending significant money.

Chris

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
--------------------------------------------------------------------
---- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6b
e442f727d1
--------------------------------------------------------------------
----
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential and privileged information for the use of
the designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is
prohibited. If you have received this communication in error, please
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

-----------------------------------------
The information contained in this e-mail, including any attachment(s), is intended solely for use by the named addressee(s). If you are not the intended recipient, or a person designated as responsible for delivering such messages to the intended recipient, you are not authorized to disclose, copy, distribute or retain this message, in whole or in part, without written authorization from PSEG. This e-mail may contain proprietary, confidential or privileged information. If you have received this message in error, please notify the sender immediately. This notice is included in all e-mail messages leaving PSEG. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Comp Pycho

2014-06-25 12:52:25 UTC

Permalink

Cloud computing is an IBM concept that was blow up by NIST. NIST pushed this "Cloud" BS for external parties to make money. The cloud is nothing but a data center. The secure clouds are data centers which have gone through the FedRamp certification program for security compliance.

Do what you know
-Dame Dash

Post by Marios Stylianou
You can try Incapsula services.
Mindbets
-----Original Message-----
Sent: Monday, June 23, 2014 7:02 PM
Subject: RE: DDoS protection
Hello,
Yes, all has been known for a while. I got two presentations discussing partially "cloud" matter at OWASP AppSec DC 2012 and DeepSec 2012 and 2013.
You can check both for presentations or ask me personally.
Basically, all "clouds" are simply application hosting web sites. And technically a "cloud" is a datacenter. Whether such app is a virtual network or Mom&Dad Pizza shop HTML site does not matter.
So named "cloud computing concept" has nothing in common with computing, and not a concept at all. Models are useless and in such case as "Community Cloud" and "Hybrid Cloud" is legal nonsense, simply because a service provider cannot have legal binding relationship (aka a contract) with a community, which is not a legal entity.
I tried to dig out where "cloud" came from. It is an invention of IBM circle companies hosting site reselling IBM services. And in essence is the replacement of Google and next IBM funded academic cluster project "Academia Cluster Computing Initiative" or ACCI, see: Let a Thousand servers bloom – Google official post, Posted by Christophe Bisciglia, October 8, 2007 http://googleblog.blogspot.com/2007/10/let-thousand-servers-bloom.html
IBM circle guys replaced "cluster" with "cloud" and renamed ACCI as "Academia Cloud Computing Initiative". Bingo! Next they needed something looking like science in a form of "models".
However, guys violated Google intellectual property rights on the original ACCI project name.
Regards
Mikhail
-----Original Message-----
Sent: Friday, June 20, 2014 2:49 PM
Subject: RE: DDoS protection
Brett, I have to agree 100%.
Regards,
Dominick
-----Original Message-----
Sent: Friday, June 20, 2014 12:57 PM
To: Hartley, Christopher J.; Kellstr
Subject: RE: DDoS protection
IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.
It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.
OK I will now get off my soapbox.
-----Original Message-----
Sent: Friday, June 20, 2014 10:48 AM
To: Kellstr
Subject: Re: DDoS protection
This is a little confusing; “cloud”, “on-premise” etc… weird.
By “Cloud,” it seem like we mean “by provider” (makes sense).
On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).
So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.
I don’t think it’s a problem that requires spending significant money.
Chris

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
--------------------------------------------------------------------
---- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6b
e442f727d1
--------------------------------------------------------------------
----
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential and privileged information for the use of
the designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure,
dissemination, distribution or copying of it or its contents is
prohibited. If you have received this communication in error, please
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
-----------------------------------------
The information contained in this e-mail, including any attachment(s), is intended solely for use by the named addressee(s). If you are not the intended recipient, or a person designated as responsible for delivering such messages to the intended recipient, you are not authorized to disclose, copy, distribute or retain this message, in whole or in part, without written authorization from PSEG. This e-mail may contain proprietary, confidential or privileged information. If you have received this message in error, please notify the sender immediately. This notice is included in all e-mail messages leaving PSEG. Thank you for your cooperation.
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Comp Pycho

2014-06-25 14:23:58 UTC

Permalink

The concept of cloud computing did not get popular until NIST made it a standard and ordered the gov't to move 30% of their IT infrastructure to the cloud. Cloud was a concept of IBM sine 1984 it was not coined cloud computing by them but the concept is theirs. FedRamp is always based off the latest NIST controls so I don't understand your claim with that. FedRamp is a govt wide program that standardizes approach to security assessment, authorization and continuous monitoring for cloud products and services. This is from the GSA website whom provide the service by definitions it shoulda like a compliance standard. It applies the NIST 800- 53 controls.

Do what you know
-Dame Dash

Some remarks.
1. Cloud Computing, yes, is just about datacenters serving hosting, i.e. application hosting service.
2. First appeared as Amazon AWS
3. CC is not actually IBM own concept as there is no concept in CC at all, see #1
4. NIST actually was far later than other parties in "cloudization" (I claim this term :) )
5. FedRAMP is not certification program at all. Plus, its security controls list is outdated - it is based on NIST SP800-53 R3, pretty outdated version. Current is R4. So, absolutely cannot be used for anything like certification.
Mikhail
-----Original Message-----
Sent: Wednesday, June 25, 2014 8:52 AM
To: Marios Stylianou
Subject: Re: DDoS protection
Cloud computing is an IBM concept that was blow up by NIST. NIST pushed this "Cloud" BS for external parties to make money. The cloud is nothing but a data center. The secure clouds are data centers which have gone through the FedRamp certification program for security compliance.
Do what you know
-Dame Dash

Post by Marios Stylianou
You can try Incapsula services.
Mindbets
-----Original Message-----
Sent: Monday, June 23, 2014 7:02 PM
Subject: RE: DDoS protection
Hello,
Yes, all has been known for a while. I got two presentations discussing partially "cloud" matter at OWASP AppSec DC 2012 and DeepSec 2012 and 2013.
You can check both for presentations or ask me personally.
Basically, all "clouds" are simply application hosting web sites. And technically a "cloud" is a datacenter. Whether such app is a virtual network or Mom&Dad Pizza shop HTML site does not matter.
So named "cloud computing concept" has nothing in common with computing, and not a concept at all. Models are useless and in such case as "Community Cloud" and "Hybrid Cloud" is legal nonsense, simply because a service provider cannot have legal binding relationship (aka a contract) with a community, which is not a legal entity.
I tried to dig out where "cloud" came from. It is an invention of IBM
circle companies hosting site reselling IBM services. And in essence
is the replacement of Google and next IBM funded academic cluster
project "Academia Cluster Computing Initiative" or ACCI, see: Let a
Thousand servers bloom – Google official post, Posted by Christophe
Bisciglia, October 8, 2007
http://googleblog.blogspot.com/2007/10/let-thousand-servers-bloom.html
IBM circle guys replaced "cluster" with "cloud" and renamed ACCI as "Academia Cloud Computing Initiative". Bingo! Next they needed something looking like science in a form of "models".
However, guys violated Google intellectual property rights on the original ACCI project name.
Regards
Mikhail
-----Original Message-----
Sent: Friday, June 20, 2014 2:49 PM
Subject: RE: DDoS protection
Brett, I have to agree 100%.
Regards,
Dominick
-----Original Message-----
Sent: Friday, June 20, 2014 12:57 PM
To: Hartley, Christopher J.; Kellstr
Subject: RE: DDoS protection
IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.
It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.
OK I will now get off my soapbox.
-----Original Message-----
Sent: Friday, June 20, 2014 10:48 AM
To: Kellstr
Subject: Re: DDoS protection
This is a little confusing; “cloud”, “on-premise” etc… weird.
By “Cloud,” it seem like we mean “by provider” (makes sense).
On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).
So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.
I don’t think it’s a problem that requires spending significant money.
Chris

Post by Kellstr
Disclaimer: I work for a company which offers a DDoS Protection Service.
The advantage of a service "in the cloud" is that if an attack
exceeds your circuit bandwidth the provider will be able to drop the
malicious traffic. That cannot be done at your premise. Both Arbor
and Radware offer strong appliances that can clean up smaller attacks
at your premise and can send a signal to the provider if they support
that service. You can block traffic using IPS's but keep in mind they
are not designed for a volumetric attack and may be overwhelmed.
On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
-------------------------------------------------------------------
-
---- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6
b
e442f727d1
-------------------------------------------------------------------
-
----
CONFIDENTIALITY NOTICE: This email communication and any
attachments may contain confidential and privileged information for
the use of the designated recipients named above. If you are not
the intended recipient, you are hereby notified that you have
received this communication in error and that any review,
disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in
error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this
guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--
-----------------------------------------
The information contained in this e-mail, including any attachment(s), is intended solely for use by the named addressee(s). If you are not the intended recipient, or a person designated as responsible for delivering such messages to the intended recipient, you are not authorized to disclose, copy, distribute or retain this message, in whole or in part, without written authorization from PSEG. This e-mail may contain proprietary, confidential or privileged information. If you have received this message in error, please notify the sender immediately. This notice is included in all e-mail messages leaving PSEG. Thank you for your cooperation.
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.
----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this
guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.

Mikhail A. Utin

2014-06-25 13:36:31 UTC

Permalink

Some remarks.
1. Cloud Computing, yes, is just about datacenters serving hosting, i.e. application hosting service.
2. First appeared as Amazon AWS
3. CC is not actually IBM own concept as there is no concept in CC at all, see #1
4. NIST actually was far later than other parties in "cloudization" (I claim this term :) )
5. FedRAMP is not certification program at all. Plus, its security controls list is outdated - it is based on NIST SP800-53 R3, pretty outdated version. Current is R4. So, absolutely cannot be used for anything like certification.

Mikhail

-----Original Message-----
From: Comp Pycho [mailto:***@gmail.com]
Sent: Wednesday, June 25, 2014 8:52 AM
To: Marios Stylianou
Cc: Mikhail A. Utin; <***@pseg.com>; <security-***@securityfocus.com>
Subject: Re: DDoS protection

Cloud computing is an IBM concept that was blow up by NIST. NIST pushed this "Cloud" BS for external parties to make money. The cloud is nothing but a data center. The secure clouds are data centers which have gone through the FedRamp certification program for security compliance.

Do what you know
-Dame Dash

Post by Marios Stylianou
You can try Incapsula services.
Mindbets
-----Original Message-----
Sent: Monday, June 23, 2014 7:02 PM
Subject: RE: DDoS protection
Hello,
Yes, all has been known for a while. I got two presentations discussing partially "cloud" matter at OWASP AppSec DC 2012 and DeepSec 2012 and 2013.
You can check both for presentations or ask me personally.
Basically, all "clouds" are simply application hosting web sites. And technically a "cloud" is a datacenter. Whether such app is a virtual network or Mom&Dad Pizza shop HTML site does not matter.
So named "cloud computing concept" has nothing in common with computing, and not a concept at all. Models are useless and in such case as "Community Cloud" and "Hybrid Cloud" is legal nonsense, simply because a service provider cannot have legal binding relationship (aka a contract) with a community, which is not a legal entity.
I tried to dig out where "cloud" came from. It is an invention of IBM
circle companies hosting site reselling IBM services. And in essence
is the replacement of Google and next IBM funded academic cluster
project "Academia Cluster Computing Initiative" or ACCI, see: Let a
Thousand servers bloom – Google official post, Posted by Christophe
Bisciglia, October 8, 2007
http://googleblog.blogspot.com/2007/10/let-thousand-servers-bloom.html
IBM circle guys replaced "cluster" with "cloud" and renamed ACCI as "Academia Cloud Computing Initiative". Bingo! Next they needed something looking like science in a form of "models".
However, guys violated Google intellectual property rights on the original ACCI project name.
Regards
Mikhail
-----Original Message-----
Sent: Friday, June 20, 2014 2:49 PM
Subject: RE: DDoS protection
Brett, I have to agree 100%.
Regards,
Dominick
-----Original Message-----
Sent: Friday, June 20, 2014 12:57 PM
To: Hartley, Christopher J.; Kellstr
Subject: RE: DDoS protection
IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.
It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.
OK I will now get off my soapbox.
-----Original Message-----
Sent: Friday, June 20, 2014 10:48 AM
To: Kellstr
Subject: Re: DDoS protection
This is a little confusing; “cloud”, “on-premise” etc… weird.
By “Cloud,” it seem like we mean “by provider” (makes sense).
On-premise is the best way to detect an attack imo, since the victim network knows what’s good and what’s not (or should….).
So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.
I don’t think it’s a problem that requires spending significant money.
Chris

Post by Kellstr
Disclaimer: I work for a company which offers a DDoS Protection Service.
The advantage of a service "in the cloud" is that if an attack
exceeds your circuit bandwidth the provider will be able to drop the
malicious traffic. That cannot be done at your premise. Both Arbor
and Radware offer strong appliances that can clean up smaller attacks
at your premise and can send a signal to the provider if they support
that service. You can block traffic using IPS's but keep in mind they
are not designed for a volumetric attack and may be overwhelmed.
On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter

Post by Lance Lassetter
What about Suricata or Snort IDS in IPS mode?

Post by Mikhail A. Utin
As you indicated " Although we're small, We're an organization playing with ($,¥,€,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
Mikhail
-----Original Message-----
Sent: Wednesday, June 18, 2014 12:49 AM
Subject: Re: Re: DDoS protection
Hi,
Thanks for your replies.
Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
Although we're small, We're an organization playing with ($,¥,€,£) exchanges and heavily regulated by the Government.
Thanks,
KT
-------------------------------------------------------------------
-
---- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6
b
e442f727d1
-------------------------------------------------------------------
-
----
CONFIDENTIALITY NOTICE: This email communication and any
attachments may contain confidential and privileged information for
the use of the designated recipients named above. If you are not
the intended recipient, you are hereby notified that you have
received this communication in error and that any review,
disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in
error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.

----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this
guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--
-----------------------------------------
The information contained in this e-mail, including any attachment(s), is intended solely for use by the named addressee(s). If you are not the intended recipient, or a person designated as responsible for delivering such messages to the intended recipient, you are not authorized to disclose, copy, distribute or retain this message, in whole or in part, without written authorization from PSEG. This e-mail may contain proprietary, confidential or privileged information. If you have received this message in error, please notify the sender immediately. This notice is included in all e-mail messages leaving PSEG. Thank you for your cooperation.
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.
----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this
guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--

k***@gmail.com

2014-06-23 15:14:39 UTC

Permalink

Guys, thanks a lot for your replies. I appreciate that.

When I say small Org, I meant geographically and the number of employees within the Org. The turnover is humongous. As I said in the earlier posts, a delay/ latency in a millisecond counts when transactions take place (transactions = bread & butter of the Org).

With the replies that I got so far suggests (well, what I understood so far)that having an In-House Anti-DDoS appliance isn't going to provide an edge and there is little we can do on the box when the attack actually happens. The boxes at ISP level are more robust and can handle the situation at their level.

Am I missing any point (technical) here? Is there anything wherein ISP may fail and if the attack should happen we are in position to handle it at the next layer? We do not have a budget constrain, provided we have a solid justification on why an in-house mechanism for DDoS protection.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

m***@bakerross.co.uk

2014-06-23 15:59:41 UTC

Permalink

Hi,

If you do not have any budget restraints why not just have alternative
services set up over two or more different ISP's?
Even further segregate the services.

Mike

-----Original Message-----
From: ***@securityfocus.com [mailto:***@securityfocus.com] On
Behalf Of ***@gmail.com
Sent: 23 June 2014 16:15
To: security-***@securityfocus.com
Subject: Re: RE: Re: DDoS protection

Guys, thanks a lot for your replies. I appreciate that.

When I say small Org, I meant geographically and the number of employees
within the Org. The turnover is humongous. As I said in the earlier posts, a
delay/ latency in a millisecond counts when transactions take place
(transactions = bread & butter of the Org).

With the replies that I got so far suggests (well, what I understood so
far)that having an In-House Anti-DDoS appliance isn't going to provide an
edge and there is little we can do on the box when the attack actually
happens. The boxes at ISP level are more robust and can handle the situation
at their level.

Am I missing any point (technical) here? Is there anything wherein ISP may
fail and if the attack should happen we are in position to handle it at the
next layer? We do not have a budget constrain, provided we have a solid
justification on why an in-house mechanism for DDoS protection.

Thanks,
KT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate. We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------

The contents of this e-mail and any attachments are the property of Baker Ross Limited\Yellow Moon UK Ltd and are intended for the confidential use of the named recipient(s) only. They may be legally privileged and should not be communicated or relied upon by any person without our express written consent. If you are not the addressee please notify the sender immediately. Any files attached to this e-mail will have been checked with virus detection software before transmission. However you should carry out your own virus check before opening any attachment. Baker Ross Limited\Yellow Moon UK Ltd accepts no liability for any loss or damage which may be caused by software viruses. Baker Ross Limited\Yellow Moon UK Ltd may monitor email traffic data and also email content for the purposes of s
ecurity and staff training.Baker Ross Ltd\Yellow Moon UK Ltd cannot guarantee the accuracy or completeness of this email after it is sent from the originator over the internet and accepts no
responsibility for changes made after it was sent. Any opinion expressed in this email is personal to the author and may not necessarily reflect the opinions of Baker Ross Ltd\Yellow Moon UK Ltd.

Baker Ross Limited registered in England, registered number 1604275, VAT Reg No. GB 375 5220 52.
Yellow Moon UK Limited registered in England, registered number 4781729, VAT Reg No. GB 811 5660 50.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------