[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Can A Web Site Be Reliably Defended Against DoS Attacks?
> That seems to say that in no case should one risk > any resource of critical value by putting it > on the web because eleven men so inclined can > always do it harm and this isn't a cost vs > benefit issue. No, security is a risk-management issue. If a dozen men can take me down for a day, and my daily revenue is $10/day, then it's not worth spending more than $10 to fix the problem. > the overwhelming majority of defense in in the > social behavior of those outside one's own control, > that is, ensuring a system cannot be used to host > an attack. Yup. Unfortunately, the dominant desktop platform makes it very difficult to ensure this. Esp when you consider how many VCR clocks still blink 12:00. Consider it a case study as to why security and the Internet should not just be grafted on to an existing product that had no concept of "them," just "us." > Is that really the case? I read that Microsoft > was able to defend their servers this time > although SCO could not. The virus was pointed at specific IP addresses (doing DNS lookups would have been too costly and obvious, I think). Microsoft didn't defend, but they "ducked" by going to a new IP address. SCO failed to defend themselves because they added a new name that pointed to the same IP address. That was stupid and pointless. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|