From owner-freebsd-questions@FreeBSD.ORG Sun Aug 14 00:57:36 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51B5F106566C for ; Sun, 14 Aug 2011 00:57:36 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by mx1.freebsd.org (Postfix) with ESMTP id 267C78FC08 for ; Sun, 14 Aug 2011 00:57:35 +0000 (UTC) Received: by iye7 with SMTP id 7so10072562iye.17 for ; Sat, 13 Aug 2011 17:57:35 -0700 (PDT) MIME-Version: 1.0 Received: by 10.42.161.195 with SMTP id u3mr2520065icx.247.1313283453599; Sat, 13 Aug 2011 17:57:33 -0700 (PDT) Sender: aimass@yabarana.com Received: by 10.231.15.70 with HTTP; Sat, 13 Aug 2011 17:57:33 -0700 (PDT) In-Reply-To: <20110813164052.50af1126@scorpio> References: <20110813164052.50af1126@scorpio> Date: Sat, 13 Aug 2011 20:57:33 -0400 X-Google-Sender-Auth: dhZrjU65imjXWIa5WDB2SuVaJB8 Message-ID: From: Alejandro Imass To: FreeBSD Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: Poll on server attacks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Aug 2011 00:57:36 -0000 On Sat, Aug 13, 2011 at 4:40 PM, Jerry wrote: > On Sat, 13 Aug 2011 15:43:02 -0400 > Alejandro Imass articulated: > [...] > Personally, I prefer: . It is just a > matter of personal taste I guess. > Thanks for the information, they look like a great option. We are still evaluating all our options for block lists, but for sure it's one of the measures we started taking recently. We really avoided for years the idea of blocking any country as such, because it seems that is unfair to the legitimate Internauts in those countries, but sadly it has come down to that. [...] > > About as useful as attempting to build a time machine in my basement. > Works for Stewe Griffin! > Knujon is basically a one man operation that > has made huge strides in discovering criminal activity among registrars, > etcetera. You might want to investigate them further. They are always > looking for help. > That looks very cool. Definitively worth collaborating with! > Just for my own morbid curiosity, what are these "enormous costs" that > you refer to? You are not buying new hard ware I assume. If you are > using FOSS then there is little or no software cost involved. Other > than paying for someone's time, something that would be happening > anyway, what "enormous cost" comes into play? > We're a tiny 10 people operation and we manage about half a dozen servers. We have one dedicate sysadmin, and even so I have to dedicate at least 20% of my time to the security issues. This does not count DB maintenance and overall health checks of the platform. About 50% or more of my admin's time goes into fine tuning our security measures, security patches, etc. - that plus about 20% of my time which I could be doing much more productive stuff. For such a small company to me that is a huge cost! You could say that maybe probably don't have all the security expertise, and that's why we invest so much human time into this, but whichever way it's still a lot of lost money. I think that hiring this out would probably be more expensive and in my experience these security "experts" many time know less than we do - especially when it comes down to our FBSD servers! I can only image how this is affecting companies that are much larger than us. Well that is, if they really take care and analyze attacks and logs, or maybe they hire fewer but more expert security teams... probably, but it's still very costly IMHO. -- Alejandro Imass