Network Security

Network Security Attacks

Denial-of-Service Attacks

DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for service.

The premise of a DoS attack is simple: send more requests to the machine than it can handle. There are toolkits available in the underground community that make this a simple matter of running a program and telling it which host to blast with requests. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 10 requests per second, and the attacker is sending 30 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests (hits on the web site running there, for example).

Such attacks were fairly common in late 1996 and early 1997, but are now becoming less popular.

Some things that can be done to reduce the risk of being stung by a denial of service attack include

• Not running your visible-to-the-world servers at a level too close to capacity
• Using packet filtering to prevent obviously forged packets from entering into your network address space. Obviously forged packets would include those that claim to come from your own hosts, addresses reserved for private networks as defined in RFC 1918, and the loopback network (127.0.0.0).
• Keeping up-to-date on security-related patches for your hosts' operating systems.

Unauthorized Access

TBD

Security Solutions

Firewalls

TBD

Virtual Private Networks

TBD

External Links

• Introduction to Network Security
• Top 75 Security Tools
• InfoSec News Updated daily security news.