Chapter 10 Case Project 10-1

Chapter 10 Case Project 10-1 - Look for Unwelcome Hosts...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 10 Case Project 10-1 The main thing that makes DoS attacks so hard to fend off is that, at least on the surface, they look like valid traffic. The basic difference between legitimate visits and attacks is the intent -- along with the volume, frequency, and source of the traffic. Normal traffic to a mail server might come in spurts and waves, but an attack against sendmail entails a barrage of messages in close proximity -- so close that the service cannot keep up with the volume and crashes or hangs. In fact, a DoS attack will likely bring the system itself to a halt. If the server doesn't run out of swap space, it will probably run out of process space or network connections. It's also likely to suffer from network congestion problems. In addition to the difficulty of differentiating attacks from normal traffic, it is hard to effectively slow down or control the traffic comprising the attack. Some things that can be done to prevent a DoS attack would be: Monitor Hosts with a High Number of Failed Flows and/or New Flows
Background image of page 1
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Look for Unwelcome Hosts Restrict the Bandwidth Used by Violating Hosts Limit the Rate of New Traffic Flows to or from One Host Case Study 10-4 Since the company is small, cost may be a significant factor. However, since they are working on a groundbreaking project, it is possible that many people would be interested in stealing it, so the more difficult their security is to breach, the better. And since the company is made up of people who are comfortable with technology, a very restrictive security system would not be too difficult for them to learn and bear with. Physical security could probably be kept fairly minimal. Since all the employees will know each other, a security guard probably isn't necessary, although keeping the servers behind lock and key will be a must. Rotating passwords and/or a token/PIN system, encrypted hard drives on all workstations, and maybe even some biometrics could be useful....
View Full Document

Ask a homework question - tutors are online