Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Study options for DDoS attack prevention #1953

Closed
5 tasks
ccsr opened this issue Nov 23, 2016 · 5 comments
Closed
5 tasks

Study options for DDoS attack prevention #1953

ccsr opened this issue Nov 23, 2016 · 5 comments
Assignees
@jawidahmadi
Labels
DevOPS
Milestone
Sprint 37

Comments

@ccsr
Copy link
Member

ccsr commented Nov 23, 2016
edited by jawidahmadi

Study DDoS attack prevention and mitigation for APInf

Definition of done

  • Study options / strategies
  • Document
    • a small description of the problem
    • 2-3 options with pros and cons (options may be tools and/or processes)
  • Document is stored in docs repository

There is a DDoS-prevention document created in our docs repository.
@ccsr ccsr added the EPIC label Nov 23, 2016
@as33ms
Copy link
Contributor

as33ms commented Nov 23, 2016

IMHO, this should be done on the server level rather than at the software level.

@kyyberi
Copy link

kyyberi commented Dec 5, 2016

+agreed. Search for existing solutions instead of building one from scratch.

@bajiat bajiat added the icebox label Dec 21, 2016
@kyyberi
Copy link

kyyberi commented Feb 4, 2017

A little more information about possible strategies http://security.stackexchange.com/questions/73369/how-do-major-sites-prevent-ddos

@kyyberi
Copy link

kyyberi commented Feb 4, 2017

CDN is the most reliable approach.

@bajiat bajiat changed the title DDoS attack prevention Study options for DDoS attack prevention Feb 16, 2017
@bajiat bajiat added DevOPS and removed EPIC labels Feb 16, 2017
@bajiat bajiat added this to the Sprint 37 milestone Feb 20, 2017
@philippeluickx philippeluickx mentioned this issue Feb 21, 2017
Closed
@bajiat
Copy link
Contributor

bajiat commented Mar 8, 2017

@jawidahmadi

First of all, thanks for reading a good number of sources for your research. :)

I know your research text has already been merged, but I still have a few comments to make. Sorry for not being able to read the text sooner.

If there is text that is copy from someone else's text, please mark it as a quotation, if it is longer than 3 words. For instance, this snippet of text is copied from one of your sources: "It is a subtle dance and requires a bit more understanding of the application and its flow," If we copy text from others without marking it as a copy (and giving the source), we are plagiarizing.

I'm wondering about this recommendation in a research document for APInf (API management tool):
"Consider using AWS API gateway as the second stage for your API requests. AWS API gateway provides filtering, throttling, security,auto-scaling and HA for your API."Maybe @brylie can comment, whether this is an ok recommendation or not. I found this as a recommendation to use another tool.

Based on this research, what levels do you think we should be focusing on and are these some concrete first steps?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jawidahmadi jawidahmadi

Labels
DevOPS
Projects
None yet
Milestone
Sprint 37
Development

No branches or pull requests
5 participants
@kyyberi @as33ms @ccsr @bajiat @jawidahmadi