Comment by lpcvoid
5 hours ago
That's lazy engineering and I don't think we as technical, rational people should make that our way of working. I know the saying, but I disagree with it. My fuckups, my problem, but at least I can avoid fuckups actively if I am in charge.
How do you mitigate large scale DDoS?
I don't, since my stuff is reachable only within the company network/VPN. If I needed to though, I would consult the BSI list of official DDOS mitigation services [0] and evaluate each one before deciding. I would not auto-pick Cloudflare.
[0] (German) https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Si...
When the solution you pick inevitably has downtime too you’re in the same boat.
DDoS mitigation is one of those areas that an on-prem solution just isn’t well suited to solve.
2 replies →
The problem is the people that sign our checks usually aren't technical, rational people.
The system isn't designed for technical, rational decision making.
That's fair, yeah, and I agree it's not always feasible - but if you have any influence over technical direction at your org, I encourage what I wrote above. Otherwise yeah, let the pea counters in the C-Levels dig their own grave.