Our ISP where we host our servers has notified us that our servers are frequently being hit by DOS / DDOS and other cyber attacks. They have recommended that I put our web server behind a firewall to stop these attacks and they suggested a few options. Some costing thousands of dollars and other less expensive options.
In looking at our options, I am going to try the Website Firewall by Sucuri. We already use Sucuri for website monitoring and server side monitoring for viruses and Malware. Sucuri came in handy in the past in securing and hardening the security on the servers.
According to Sucuri there CloudProxy Website Firewall offers a powerful security layer to your site, blocking attacks before they can reach your site. It prevents infections and reinfections, specially on sites that are running outdated or insecure software. It includes a full web application firewall protection, virtual patching, IPS (intrusion prevention system) and log monitoring.
In addition Sucuri’s DDoS Protection service can detect and block the following types of DDoS attacks. Note that Sucuri proxies Web requests, so network layer DDoS attacks are never relayed to the client’s origin servers. Therefore, Sucuri’s DDoS protection can mitigate all network level attacks.
Hopefully this works as at this time we can not afford a few thousand dollars on a commercial grade firewall, not to mention the addition monthly fee we would need to pay for the space the firewall machine would take up in the ISP's rack.
So I will sign up for a one month trial and see how it goes. If you notice anything odd please let me know.
Thanks for your understanding and THANKS for being SatelliteGuys!
In looking at our options, I am going to try the Website Firewall by Sucuri. We already use Sucuri for website monitoring and server side monitoring for viruses and Malware. Sucuri came in handy in the past in securing and hardening the security on the servers.
According to Sucuri there CloudProxy Website Firewall offers a powerful security layer to your site, blocking attacks before they can reach your site. It prevents infections and reinfections, specially on sites that are running outdated or insecure software. It includes a full web application firewall protection, virtual patching, IPS (intrusion prevention system) and log monitoring.
In addition Sucuri’s DDoS Protection service can detect and block the following types of DDoS attacks. Note that Sucuri proxies Web requests, so network layer DDoS attacks are never relayed to the client’s origin servers. Therefore, Sucuri’s DDoS protection can mitigate all network level attacks.
- TCP SYN+ACK
- Slowloris
- DNS Flood
- TCP FIN
- Spoofing
- NXDomain
- TCP RESET
- ICMP
- Mixed SYB + UDP + ICMP + UDP Flood
- TCP ACK
- IGMP
- Ping of Death
- TCP ACK + PSH
- HTTP Flood
- Smurf
- TCP Fragment
- Brute Force
- Reflected ICMP & UDP
- UDP
- Connection Flood
- As well as other attacks
Hopefully this works as at this time we can not afford a few thousand dollars on a commercial grade firewall, not to mention the addition monthly fee we would need to pay for the space the firewall machine would take up in the ISP's rack.
So I will sign up for a one month trial and see how it goes. If you notice anything odd please let me know.
Thanks for your understanding and THANKS for being SatelliteGuys!
:
