[afnog] [AfrISPA.Discuss] Securing our network

Global One Solution malabow at gmail.com
Sun Apr 27 22:37:05 UTC 2008 

Now Surge,

I am sure you know well, ACL alone does not protect you ANYTHING, unless you
willing to block legitimate traffic. You are really in the mercy of your
ISP. If your ISP is not placing the ACL in the edge router, what good your
ACL will do?  all the hacker need is a way to flood your link, and they can
take you tout of service. so let's say you even place CiscoGuard(which i
agree it's expensive) and i m not saying this is the solution, but even if
you place some intelligent device in behind your CE router, you will not be
given the opportunity to study the health of the packet, since the hackers
goal is just to take you out of service.  I am really advocate a VERY close
relationship between the *customer *and *ISP*.  RTB (Remote Trigger
Blockhole) is also another feature that kind of helps clients

Good feedback Thank you



On Sun, Apr 27, 2008 at 5:37 PM, Serge Vondandamo <
serge.vondandamo at orange.fr> wrote:

>  Please, leverage your existing Network infrastructure to protect your
> business against DoS or DDOS attacks. Some simple but well designed ACLs on
> Routers, switches; etc can help you better than a Ciscoguard (very costly by
> the way).
>
>
>
> Serge Vondandamo
>
> CISSP, CEH, CCNA
>
> Sr. Security Analyst
>
>
>  ------------------------------
>
> *De :* Discuss-owner at afrispa.org [mailto:Discuss-owner at afrispa.org] *De la
> part de* Global One Solution
> *Envoyé :* dimanche 27 avril 2008 20:54
> *À :* afnog at afnog.org
> *Cc :* discuss at afrispa.org
> *Objet :* [AfrISPA.Discuss] Securing our network
>
>
>
> I am sure some of you have seen an article in www.bbcnews.com under the
> Technology,  title: "*hackers warn high street chains*,"  What is Africa
> doing about security,  specially the government, and the ISP's.  Can anyone
> from local ISP share how they fight or if there is such a community where
> African ISP share knowledge and experience, DoS attack is getting advance,
> and hard to stop. I know in the US, we try our best to stop, in advance, but
> deploying tools like Ciscoguard, and other tools, that kind of pre-detects
> the health of the packet, We all though V6 would provide more security, but
> it seems that is not case.  I would like to hear how other fight this nasty
> fight.
>
> Here is the article i am talking about.
>
> http://news.bbc.co.uk/2/hi/technology/7366995.stm
>  * *
>
>
> --
> Liban Mohamed
> Global One Solution
> www.globalonesolutions.net
> malabow at gmail.com
>



-- 
Liban Mohamed
Global One Solution
www.globalonesolutions.net
malabow at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20080427/33e76c01/attachment-0002.html>

More information about the afnog mailing list