1

I am have today a dedicated server with these specs:

Intel Core i5 750, 2x120GB (ssd + raid), Windows Server 2008 Web, 200Mbps Network, 24 Gb DD3

And I would like to know what are the best thing I can do to prevent a DDoS Attack, since I know this will be a real threat by the importance of the files that will be archived in it.

Today I have apache listening port 80 and RDC listening port 3389. But the security is beeing made only by Windows Firewall.

So, any thoughts on what would be good to prevent from DDoS attacks?

2 Answers2

0

Make sure you keep your system up to date. Apache recently patched a nasty DoS condition. Also you should test for SSL DDoS. To help mitigate this issue disable SSL renegotiation and consider using a light weight SSL cipher suite.

If DDoS is still a problem consider look at Cisco's Anti-DDoS hardware.

Rook
  • 2,615
  • 5
  • 26
  • 34
0

One word: Nothing. Point.

A DDoS must either be dealt with with enough hardware (hard) or by making things easer for the hardware - but as you don't run a router in fron that you have control over, you are already finished.

One thing you can do is get rid of Apache and use IIS - which is more efficient so the server can handle more.

DDOS protection normally works by the routers diverting the traffic away - but again, you talk of a single server, not even a load balancer in front.

tombull89
  • 2,958
  • 8
  • 39
  • 52
TomTom
  • 50,857
  • 7
  • 52
  • 134
  • Hi Tom, I'm just wondering what makes IIS more efficient than Apache? I thought IIS had a greater footprint for both CPU and memory but am happy to be corrected. This would of course be the simplest way to host ASP or .net pages but for PHP or other application servers I thought Apache was better. – Dan Nov 16 '11 at 09:01
  • 1
    THe fact that Apache pre 3.0 is generally not considered to be particularly ressource effective. IIS in general made great progress with 7 and 7.5 and has very efficient php posting. On opt, apadche is another component to update. Memory foootprint IIS is geenrally not high - for peope running a dedicated server for websites, not a hobby blog. Higher zero load, better scaalbility - for example not having tos of processes around. – TomTom Nov 16 '11 at 09:50