Pros and Cons of Cloud Computing in dealing with DDoS

Florian Weimer fweimer at bfk.de
Fri Nov 6 09:52:19 UTC 2009


* Stefan Fouant:

> Obviously the cloud is no different than any other infrastructure insofar as
> implementing protection mechanisms.

It's different in one aspect, though: you don't know with whom you're
sharing your toothbrush.  To some extent, this is true for other
infrastructure as well (even your dedicated Internet connectivity
eventually joins shared infrastructure, which is precisely the point,
of course).  But virtualization makes those risks very difficult to
estimate.

Some companies have already suffered from this because they completely
outsourced their authoritative DNS service to dedicated DNS service
providers.  Only very few customers of those providers were attacked,
but the impact was felt across larger parts of their customer base.

(The obvious thing to do is to use both external DNS and DNS on your
network, so you stay up even if your external DNS goes down.  I
suppose a similar model could be used for many in-the-cloud services.)

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99




More information about the NANOG mailing list