Firewall Wizards mailing list archives
Denial Of Service: is it a security issue? (was Re: Ant...)
From: Bennett Todd <bet () rahul net>
Date: Wed, 12 Nov 1997 05:14:22 -0800
On Tue, Nov 11, 1997 at 02:41:55PM +1100, Darren Reed wrote:
In theory, one might adopt a high moral ground and say that so long as the firewall keeps minimises _security_ risks, its doing its job. Now it would appear that the firewall's job is being expanded to include defense/protection against DOS and other attacks, which whilst not a direct security threat, per se, do affect systems availability on the "inside" and protection from them is perceived to be within the domain of the firewall.
I think most of us consider Denial Of Service to be one of the major security topics. Off the top of my head, the biggies are: 1. Data Integrity (protection against modification or deletion) 2. Data Confidentiality (preventing people from reading private data) 3. Availability (preventing Denial Of Service) All of these have strong security implications. In many organizations the above order is the priority ranking. Not all, though; it's likely the case that most ISPs would rank Denial-Of-Service the most severe attack against their public servers. Denial Of Service is in some ways the most interesting security area, since it's generally the easiest to attack (== hardest to defend), and so sometimes the limits to what you can accomplish are set on this front. Another cool aspect of Denial Of Service (DOS) is that fixing such attacks involves hard-core hardening of the systems; anything that can happen accidentally to shoot you down can be provoked deliberately by a sufficiently knowlegeable attacker, so protecting against DOS ends up being a wonderful bugfixing party. Another cool feature is that some attacks of the ``intruder can log in to machines behind the firewall, bypassing its protection'' sort have been attributed to DOS attacks; I'm pretty sure I've heard of firewalls that can be provoked into falling down and turning in to routers. -Bennett
Current thread:
- Antwort: Re: Facts, not Fiction Hartmut . Fehling (Nov 10)
- Re: Antwort: Re: Facts, not Fiction Bennett Todd (Nov 10)
- Re: Antwort: Re: Facts, not Fiction Paul D. Robertson (Nov 12)
- Re: Antwort: Re: Facts, not Fiction Darren Reed (Nov 12)
- Denial Of Service: is it a security issue? (was Re: Ant...) Bennett Todd (Nov 12)