Website Attacks with John Graham-Cumming and Evan Johnson

Website attacks are very common. They are often not personal, but they can create a mess for website operators. As website owners and operators, we need website privacy and security especially if we are collecting data and personal information.

As I was making more money from my business in 2015, the need for better performance became an issue. I also needed to be able to keep my site up 24/7 and not have to deal with outages. My website started getting sustained 500-bit denial service attacks. I realized very quickly that this was not my expertise, but that is when I began my partnership with Cloudflare.

Cloudflare provides services that increase the security performance of over 26 million internet properties around the world from individual blogs to governments to Fortune 500 companies. Cloudflare offers services to accelerate internet applications and mobile experiences, mitigate DDoS attacks, prevent customer data breaches, stop malicious bot abuse, and more.

Our guests on today's show are John Graham and Evan Johnson. John Graham is a British software engineer and the current CTO at Cloudflare. Evan is a Product Security Manager at Cloudflare.

We talk about attacks on websites, distributed denial of service attacks, and how to protect your own website. If you want to keep your website up and running without skipping a beat, this is a must-listen episode.

Show Notes:

• [00:58] - Chris is a Cloudflare customer and shares how he became a Cloudflare customer. He shares his history of working with Cloudflare.
• [03:05] - In 2015 Chris started getting sustained 500-bit denial services attacks. He realized it was not his expertise and he needed help with this.
• [04:23] - John and Evan share the risks that Cloudflare helps website owners protect against.
• [05:53] - What things should we worry about as website operators?
• [07:09] - Evan is recommending businesses move more of their applications to the edge with workers with Cloudflare Workers. It has real security benefits.
• [08:29] - The big benefit of Cloudflare Workers is that there is no back-end server to overwhelm. It just moves the application to all of their servers.
• [10:38] - Often hackers are using automated tools to scan websites, so you really want to limit the ability for that scanner to see something. Then they will just move on.
• [11:39] - Anyone that has a database should prepare for the contingency if you get your database breached. Know your legal obligations in dealing with that especially if you are storing personally identifiable information.
• [14:01] - With Cloudflare, you can identify a problem and have it blocked almost immediately.
• [14:58] - It is really hard to patch your website fast enough. So a WAF can give you some breathing room while you patch the back end systems. Everyone should have a WAF, it is an extra layer that can really, really help. A WAF is a web application firewall.
• [17:16] - If you are connected to the public internet and you provide a service or website Cloudflare can protect that.
• [18:13] - Use a good password and have two-factor identification.
• [21:11] - Cloudflare Workers is super flexible and easy to write since you use Javascript.
• [21:46] - John shares how Cloudflare is able to offer free DDos services to their users.
• [23:12] - Cloudflare believes that your data is your data. They analyze it for you to provide your analytics and to look for attacks but they don't use your data.
• [24:34] - Cloudflare is a way to get a level of protection for an inexpensive price.
• [26:40] - With your back-end servers, you want to make sure you orange cloud things. Cloudflare is seeing the requests and it is being proxied through their network.
• [28:09] - With Cloudflare's new project Magic Transit they can take over the IP space and become your network. The traffic comes to Cloudflare so they can run the services they provide and then pass the good traffic back on to you.
• [30:30] - Cloudflare tries to take things that are expensive and complex and make them easy to use and cheap so that everyone gets access to these cool tools.
• [32:16] - People started to realize that they are using the internet for absolutely everything from banking to dating and it really matters that they protect that and use things that are trustworthy.
• [32:51] - If there is one password and two-factor you are going to use, put it on your personal email because if someone breaks into your personal email they can probably reset the password on every other service you use. Secure your email first.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Cloudflare
• Cloudflare on Facebook
• Cloudflare on Twitter
• Cloudflare on LinkedIn
• Cloudflare on YouTube
• Cloudflare on Instagram