ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Firewalls in front of servers make DDOS attacks worse ?

(1/1)

SKA:
very curious articles & comments:

http://www.itworld.com/security/135495/ddos-attacks-made-worse-firewalls-report-finds

http://www.itworld.com/security/135533/just-say-no-ddos-attacks

SKA

Curt:
some may fail to notice "page 2" of your second link, like I did at first:

CoreIT
by Kevin Fogarty
Security
Just say No to DDOS attacks - Page 2

There are plenty of resources out there with instructions on how to defend against a DDOS attack, rather than just outlasting them.

Ultimately a bot-net made up of thousands of machines will be able to outwork any router or firewall you put on the edge, if you don't make it smart enough not to be fooled by what amount to millions of prank phone calls.

The big risks are not the current ones, however.

Attacks on DNS networks and mobile networks -- both of which are often left unprotected by end-user companies that assume their service providers can take care of it -- are both extremely vulnerable, the report found.

There really are no ready made defences for that, at least on the mobile front, largely because security and management tools are not advanced enough to provide the kind of visibility in them that are taken for granted on wired networks, the report found.

-------------
Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

Sign up for ITworld's Daily newsletter-page 2
--- End quote ---

Did this actually say that security staff in cell/mobile phone companies have no understanding of what security procedures/techs are needed?  :tellme:  :-\

Renegade:
some may fail to notice "page 2" of your second link, like I did at first:

Did this actually say that security staff in cell/mobile phone companies have no understanding of what security procedures/techs are needed?  :tellme:  :-\
-Curt (February 02, 2011, 04:57 AM)
--- End quote ---

No. I don't think so.

Attacks on DNS networks and mobile networks -- both of which are often left unprotected by end-user companies that assume their service providers can take care of it -- are both extremely vulnerable, the report found.

There really are no ready made defenses for that, at least on the mobile front, largely because security and management tools are not advanced enough to provide the kind of visibility in them that are taken for granted on wired networks, the report found.
--- End quote ---

Did I miss something?

I think he's saying that the tools available aren't able to help.

Stoic Joker:
Half of all respondents in 2010 reported a failure due to DDOS, which could have been avoided with either more selective router configuration or by adding a layer of security at the edge of the network that can shed bogus DDOS or other unauthorized traffic before it gets to the firewalls.-bottom page 1 2nd article
--- End quote ---

So... Now "we" need a firewall for the firewall? This almost sounds like they're trying to conjure up the electronic version of the safest way to get shot in the face.

Navigation

[0] Message Index

Go to full version