A secure democratic Net is a fundamental right

So there will be that new flaw that will be exploited in x weeks time or will be reactivated (I think hackers are now researching their old TCP DDOS stuff all over again) and what can I do. What I should do are these things, even if they should have been done before, but maybe you have now a reason to get the responsability (easy) and money (difficult) to realise them. These solutions don't have to cost much money although (except for the firewall if you have an important business).

* Back behind the firewall : get everything out of DMZ and behind firewalls and reverse proxies. So even if the reverse proxy falls, the machine itselt stays up. And a machine is always safer behind a firewall than in something called a DMZ or whatever. And the most important internal machines go behind an internal firewall. These firewalls should be stateful and a Snort or other (H)IDS or packetinspector is needed

* Limit the connections : if the machine is not public, it is private and it should have as less connections as possible. You can use firewall logs for that. One trick here is for network administrators is to limit the connections for DNS, mail and special applications to specifically defined machines and to drop all the other connections.

* Backups of everything : backups of networkdrivers for all the critical machines as it seems they become corrupted after an attack. If this would be coupled with real crashes and infections and breakdowns than the backup itself of all the data becomes even more critical.¨

* Keep things standby if your site is very important you will have to sign cold standy contracts. This is to say that when your site goes down another one goes up and you only pay extra for the hours or days that your site is up. Or you integrate your site in a major hosting platform like Google, Microsoft or a hoster with a (virtualised) network of hosting sites. You will standby hardware if one goes out and you need to be back up immediately

* Monitor Everything : you will need more human monitoring and analysis and a real-time and longterm integrated analysis of your logs. Even the lowest level of attacks can now become very dangerous. They will need good contacts with your ISP or with the service firms to be able to block the attacker. You will need also to set up a disponibility watch to be sure that everything is up all the time with an alerting system if something goes down

* Resource Allocation control  I will be looking at are tools to control resource allocation on servers and pc's and particulary those that can block everything above a limit

And when the patches or workarounds or resource allocation tools start coming in, you will have to patch and install everything, even if the developers and managers and all the rest of them are protesting. You now have a very strong argument. Do you want your machine to crash after 10 small connections, that is to say every 5 minutes ?