GitHub DDoS Attack Meaning

https://status.github.com/messages

gihubddos

The status messages from the weekend state the problems GitHub had.

We discussed a feint DDoS attack last week on blogpost:

http://oversitesentry.com/ddos-not-only-for-disruption/

 

There are cases of DDoS that PCI compliance asks you to place the risk in a low category:

Risk  level: Severity is low for Denial-of-service attack, abnormal termination

 

So the low risks are when the system cannot be compromised _Directly_ as discussed last week, a low speed DDoS attack can mask other attacks. But DDoS is still not a direct breach. And that is the only reason DDoS is not as high a priority in the scheme of things.

 

I thought I would let you in on hte Secops secret – Don’t spend as much attention on DDoS attacks, insteaad focus on the actual remote execution attacks and escalation of privilege attacks.

 

riskmanagmenthackedmatrix

In my updated risk matrix, the reality is DDoS is not included , as one cannot actually hack a machine with DDoS.

 

This of course does not mean that one can ignore it for a well-publicized  attacks. One has to mitigate

the attack, but again mitigate is not solve for good.

 

Let me know if you have any questions on this issue:

http://oversitesentry.com/contact-us/

 

 

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.