[119082] in North American Network Operators' Group
Re: Pros and Cons of Cloud Computing in dealing with DDoS
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Nov 6 04:53:03 2009
To: "Stefan Fouant" <sfouant@shortestpathfirst.com>
From: Florian Weimer <fweimer@bfk.de>
Date: Fri, 06 Nov 2009 09:52:19 +0000
In-Reply-To: <003101ca5e4b$cbe74550$63b5cff0$@com> (Stefan Fouant's message of
"Thu\, 5 Nov 2009 14\:11\:35 -0500")
Cc: 'Jeffrey Lyon' <jeffrey.lyon@blacklotus.net>,
'NANOG list' <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* Stefan Fouant:
> Obviously the cloud is no different than any other infrastructure insofar=
as
> implementing protection mechanisms.
It's different in one aspect, though: you don't know with whom you're
sharing your toothbrush. To some extent, this is true for other
infrastructure as well (even your dedicated Internet connectivity
eventually joins shared infrastructure, which is precisely the point,
of course). But virtualization makes those risks very difficult to
estimate.
Some companies have already suffered from this because they completely
outsourced their authoritative DNS service to dedicated DNS service
providers. Only very few customers of those providers were attacked,
but the impact was felt across larger parts of their customer base.
(The obvious thing to do is to use both external DNS and DNS on your
network, so you stay up even if your external DNS goes down. I
suppose a similar model could be used for many in-the-cloud services.)
--=20
Florian Weimer <fweimer@bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstra=DFe 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
