Security Basics mailing list archives
Re: AWS and security
From: ShiYih Lye <shiyih.lye () my offgamers com>
Date: Wed, 11 Jul 2012 11:17:45 +0800
hi Sean, I think using which vendor's colocation will have nothing to do with the rates of viral infestation, ddos and script kiddy attacks on servers. I don't think your server will be attacked 'more' due to you host in vendor X compare with vendor Y. But for the experience of ddos, amazon AWS might have the bigger bandwidth in terms of router and perimeter firewall, compare with other vendor who use a physical one. When you're being attacked with a large flood of packets, your server upstream router might not responsive before it even reach to the firewall, and then your server. If the vendor have a stronger bandwidth to sustain that, it may give a better room for you to tackle the attack, but of course it will be another story whether your server able to handle that. In our pass experience when we host the server in a physical hardware, the ddos traffic force our vendor to null route us at the upstream router because it's too much for them to handle it. And in another occasion, the ddos collapse the perimeter firewall and we not even able to connect to it to see how much traffic is hitting it. We then shift the servers into AWS, and eventually amazon is able to take up a relatively bigger bandwidth of attack. We then only do enhancement at the server end to mitigate the ddos attack. However do notice there are many types of ddos, the one I'm mentioning is only when they use a huge request flood to paralyze your device. Different type of ddos attack may give totally different experience, so you might want to view more comment before deciding that. Lye ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- AWS and security Sean Simpson (Jul 09)
- Re: AWS and security Warner Tabor (Jul 10)
- RE: AWS and security Mikhail A. Utin (Jul 10)
- Re: AWS and security Warner Tabor (Jul 10)
- Message not available
- Message not available
- Message not available
- Re: AWS and security Warner Tabor (Jul 16)
- KMS Jude Cwalenski (Jul 16)
- Re: KMS Florian Rommel (Jul 16)
- RE: KMS Michael Sturtz (Jul 16)
- Re: KMS Ansgar Wiechers (Jul 16)
- Message not available
- Re: KMS Ansgar Wiechers (Jul 16)
- RE: AWS and security Mikhail A. Utin (Jul 10)
- Re: AWS and security Warner Tabor (Jul 10)
- <Possible follow-ups>
- Re: RE: AWS and security savvy95 (Jul 10)