[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

D/DoS mitigation hardware/software needed.

Subject: D/DoS mitigation hardware/software needed.
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Sun, 10 Jan 2010 03:56:51 +0000
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On Jan 10, 2010, at 10:33 AM, Christopher Morrow wrote:

> separate the portions of the pie... only let the attack break the minimal portion of your deployment. Use the right tool in the right place.

An excellent point.  A Web front-end server should be that - merely the front-end.  Situationally-appropriate functional separation is a key architectural principle.

Combine that with the measures outlined in <http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html>, coupled with a functionally-separated, bulkheaded DNS infrastructure pictured in <http://files.me.com/roland.dobbins/m4g34u>, and one will end up with a much more robust, scalable, and defensible system.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken

References:
- D/DoS mitigation hardware/software needed.
  - From: marquis at roble.com (Roger Marquis)
- D/DoS mitigation hardware/software needed.
  - From: rdobbins at arbor.net (Dobbins, Roland)
- D/DoS mitigation hardware/software needed.
  - From: morrowc.lists at gmail.com (Christopher Morrow)

Prev by Date: D/DoS mitigation hardware/software needed.
Next by Date: JunOS remote DoS code has been posted to FD
Previous by thread: D/DoS mitigation hardware/software needed.
Next by thread: D/DoS mitigation hardware/software needed.
Index(es):
- Date
- Thread