Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Denial of service

From: samos () nsco network com (Randy Samos)
Date: Thu, 20 Aug 1998 07:28:57 -0500 (CDT)


David C Niemi wrote:

On Tue, 18 Aug 1998, Ted Doty wrote:

I personally don't think that you can protect yourself from Denial Of
Service attacks in an Internet environment, since there are so many
autonomous domains of control.

...

If your network positively has to be up for mission critical applications,
don't connect it to the Internet.


Nowadays a lot of companies have mission-critical applications which
*depend on* the Internet.  And for good business reasons, like making or
saving a lot of money.  Does this mean they expect to have 100% uptime for
these applications? 

*snip*

What (I believe) Ted was trying to say, is that a Dos attack is impossible
to prevent 100% through technological means and that if you *depend* on 
being up 100% of the time, don't risk a Dos attack by connecting to the 
Internet. While you may be able to decrease your vulnerability, you can't 
eliminate it.

For instance, you'd probably want to air gap the network that connects a
hospital operating room to the lab.

Certainly, there are business that have come to rely on an Internet
connection. A router manufacturer that claims enormous revinue through
'e-commerce' (gawd, I hate that term) might suffer a little from a
Dos, but they'd be able to recover. For them, it's clearly worth the
risk.

And risk is what it all boils down to. Do I and my company derive enough
benefit from an Internet connection to risk downtime from a Dos attack?

Randy Samos                                     
StorageTek
http://www.network.com
Previous By Date Next
Previous By Thread Next

Current thread: