by Anton Chuvakin | September 11, 2012 | 3 Comments
Finally my Denial of Service paper is up on the site: “Denial of Service: A Comparison of Defense Approaches” Abstract: “Denial of service (DoS) attacks are back in focus due to Anonymous and other hacktivist attackers over the last few years. Malicious DoS attacks for financial gain are also on the rise. This assessment compares [...]
Category: announcement Denial of Service security Tags: Denial of Service, DoS, security
by Anton Chuvakin | June 6, 2012 | Comments Off
In order to bring substance to a discussion of denial of service attacks, I cooked a brief attack taxonomy: Crash / non-resource attack DoS vulnerability exploitation for crashing or otherwise degrading IT capabilities. Resource consumption attack Network resource exhaustion of all available upload/download bandwidth across the link that connects the organization to the Internet or [...]
Comments Off
Category: Denial of Service security Tags: Denial of Service, DoS, security
by Anton Chuvakin | May 29, 2012 | 4 Comments
Here is something else interesting about Denial of Service defense approaches: you cannot do it alone. Think about it: it is more profound than it sounds. You can protect from buffer overflows and SQL injections on your own. And, yes, occasionally you’d need a patch from a 3rd party (such as your software vendor), but [...]
Category: collective Denial of Service security Tags: data sharing, Denial of Service, DoS, security
by Anton Chuvakin | May 15, 2012 | 2 Comments
In the past, I used to cringe when I heard that somebody offers "DoS detection" capability. After all, detection of a successful DoS attack should be trivial: you have no service, it has been "denied." I am happy to report that I was wrong. DoS detection is a sneaky little problem today. First, you might [...]
Category: Denial of Service security Tags: Denial of Service, DoS, security
by Anton Chuvakin | May 3, 2012 | 8 Comments
…definition. As I am working on my research project related to denial of service mitigation, I come across the concept of “application DoS.” Sadly, just as many things in security industry, labeled with "application something" (application security monitoring anybody?), this one is not clearly defined. This lack of clarity leads to missed requirements and misplaced [...]
Category: application Denial of Service security Tags: Denial of Service, DoS, security
by Anton Chuvakin | April 26, 2012 | 3 Comments
In his 2006 piece “Beyond Denial of Service: Is Availability a Security Issue?”, Eric Maiwald (from our SRMS team) stated: “Managing the availability of systems, applications, data, and networks is just as much a part of risk management as is the managing of integrity and confidentiality. Yet, in many organizations, availability is not considered a [...]
Category: Denial of Service security Tags: Denial of Service, DoS, security
