Security Basics mailing list archives

Re: AWS and security

From: ShiYih Lye <shiyih.lye () my offgamers com>
Date: Wed, 11 Jul 2012 11:17:45 +0800

hi Sean,

I think using which vendor's colocation will have nothing to do with
the rates of viral infestation, ddos and script kiddy attacks on
servers. I don't think your server will be attacked 'more' due to you
host in vendor X compare with vendor Y.

But for the experience of ddos, amazon AWS might have the bigger
bandwidth in terms of router and perimeter firewall, compare with
other vendor who use a physical one. When you're being attacked with a
large flood of packets, your server upstream router might not
responsive before it even reach to the firewall, and then your server.
If the vendor have a stronger bandwidth to sustain that, it may give a
better room for you to tackle the attack, but of course it will be
another story whether your server able to handle that.

In our pass experience when we host the server in a physical hardware,
the ddos traffic force our vendor to null route us at the upstream
router because it's too much for them to handle it. And in another
occasion, the ddos collapse the perimeter firewall and we not even
able to connect to it to see how much traffic is hitting it. We then
shift the servers into AWS, and eventually amazon is able to take up a
relatively bigger bandwidth of attack. We then only do enhancement at
the server end to mitigate the ddos attack.

However do notice there are many types of ddos, the one I'm mentioning
is only when they use a huge request flood to paralyze your device.
Different type of ddos attack may give totally different experience,
so you might want to view more comment before deciding that.

Lye

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

AWS and security Sean Simpson (Jul 09)
- Re: AWS and security Warner Tabor (Jul 10)
  - RE: AWS and security Mikhail A. Utin (Jul 10)
    - Re: AWS and security Warner Tabor (Jul 10)
  - Message not available
    - Message not available
    - Message not available
    - Re: AWS and security Warner Tabor (Jul 16)
    - KMS Jude Cwalenski (Jul 16)
    - Re: KMS Florian Rommel (Jul 16)
    - RE: KMS Michael Sturtz (Jul 16)
    - Re: KMS Ansgar Wiechers (Jul 16)
    - Message not available
    - Re: KMS Ansgar Wiechers (Jul 16)
- Re: AWS and security ShiYih Lye (Jul 10)
- <Possible follow-ups>
- Re: RE: AWS and security savvy95 (Jul 10)