I should've asked the most important question first -- is this
a technical decision, or a business decision? I mean, forgive me
for pointing out the obvious, but you made an issue of cost in your
Protect thyself how? For DDoS protection to work, the nasty traffic
must be stopped before it gets to my access circuits. Once it gets
close enough for me to do anything about it directly it's too late.
The problem is that I don't know enough about DDoS traffic patterns to
make an accurate assessment of these statements, which is why I asked
the question here. I'll be doing other research on my own, of course,
but I thought I'd check here first.
In this case it's a business decision. I understand that we could
simply weigh the costs of an attack with the costs of preemptively
detecting and mitigating an attack, but in our case we won't lose hard
dollars like an ecommerce site would. We have different reasons for
wanting to have some protection in place before we need it. I look at
it like it's an insurance policy, but I don't want to be ripped off.
It's like I'm getting estimates on building a protective dike around
my house. One contractor tells me that the floodwaters commonly reach
six feet so I should pay him $12,000 to build a wall at least that
high. Another contractor is telling me that he'll build a six-foot
wall for $6,000. Another contractor is telling me that the floodwaters
most likely won't go over two feet and he suggests that I pay him
$1,000 for a three-foot-high wall.
If it turns out that we really do need a six-foot-high wall then so be
it. I'm not the one who pays the bills so it isn't really my decision.
I just want to make sure I have a clearer picture of reality before I
make any suggestions to my boss.