[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Pros and Cons of Cloud Computing in dealing with DDoS
- Subject: Pros and Cons of Cloud Computing in dealing with DDoS
- From: rdobbins at arbor.net (Roland Dobbins)
- Date: Fri, 6 Nov 2009 10:29:15 +0700
- In-reply-to: <003801ca5e7a$9b5c9f00$d215dd00$@com>
- References: <002101ca5e42$bddeace0$399c06a0$@com> <[email protected]> <003101ca5e4b$cbe74550$63b5cff0$@com> <[email protected]> <003801ca5e7a$9b5c9f00$d215dd00$@com>
On Nov 6, 2009, at 7:46 AM, Stefan Fouant wrote:
> So if I'm hearing you correctly, you're saying that no matter how
> much infrastructure you have to potentially absorb the problem,
> there is nothing you can do because the bad guys are always going to
> have more bandwidth at
> their disposal.
What I'm saying is that one can't simply rely on bandwidth capacity/
connection capacity/tps scaling/etc. on their own to always 'eat' the
problem traffic; rather that there's a full spectrum of things one
must do in order to be able to maintain availability in the face of
attack, starting with fundamental architecture at layer-7 and moving
down the model, taking special care to try and avoid design choices
which lead to blocking behaviors and/or open up amplification vectors
(some of these simply can't be avoided due to protocol semantics, of
course).
I'm also saying that threats to availability aren't something one can
always assume one will be able to handle alone; engaging with the
larger opsec community is key.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625