Stephen, On Tue, Sep 27, 2016 at 1:21 PM, Stephen Loosley <[email protected]> wrote: > The ASD also signed off on the design for the census and the Bureau conducted > live > tests, had load balancing put in place and hired penetration testers.
Did ABS name the "penetration testers"? On Tue, Sep 27, 2016 at 1:21 PM, Stephen Loosley <[email protected]> wrote: > http://www.theregister.co.uk/2016/09/23/ibm_botched_geoblock_designed_to_save_australias_census/ On Tue, Sep 27, 2016 at 1:21 PM, Stephen Loosley <[email protected]> wrote: > A July 2016 Risk Management Plan specified that IBM would be responsible for > DDoS > protection, “with ISP measures of Island Australia (geoblocking international > traffic) a > key measure.” Or in other words, traffic from offshore would be blocked. > > The ABS later “received various assurances from IBM about operational > preparedness > and resilience to DDoS attacks”. The Bureau also conducted meetings with > signals > intelligence agency, the Australian Signals Directorate (ASD), to assess the > risks the > census faced, including DDoS. It came away from that meeting feeling that no > “... new > areas of concern were raised, nor were there any suggestions of potential > mitigations > or additional preparations that were not pursued.” On Tue, Sep 27, 2016 at 1:21 PM, Stephen Loosley <[email protected]> wrote: > Section 9 analyses census night and the incidents that brought the census > down and > confirms that the site was taken down in response to a DDoS. By 9:15PM the > ABS and > IBM were both aware that geoblocking had failed, and why. > > The document goes on to say “ Investigations subsequently identified that IBM > failed to > properly implement geoblocking.” Was IBM's geoip dataset from https://www.maxmind.com/en/geoip2-services-and-databases or another source? -- Regards, Christian Heinrich http://cmlh.id.au/contact _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
