Exposing Weaknesses in Connectivity

This section provides a summary of components that may contribute to unreliable connectivity given certain conditions (see Table 4-1). These unreliable conditions may be exploited by attackers , or they may just happen by accident . Either way, failure of these components creates a denial of service (DoS) against your network. Typically, DoS is an event caused when protocols are exploited that create availability problems by means of overloading, confusing, or crashing routing and systems infrastructure within a network. However, a failure of an Internet circuit, border router, firewall, or critical DNS and e-mail systems can create a DoS event as well. If these components fail, and you have no redundancy, you will experience denial of service to some degree.

Table 4-1: Network Components and Conditions Leading to Unreliable Connectivity

Component

Condition

Effect

Border router

No or minimal access control lists

Directed SYN-flood may crash router or severely degrade service

Internet gateway

Single router, single ISP

Hardware/software failure, or ISP outage causes complete outage (DoS)

Multihomed routing (multiple circuits and/or ISPs)

Improper routing configuration or routing policy

Lack of redundancy through Internet gateways

Circuit bandwidth

Limited or unmonitored bandwidth

Packet loss, latency, severely degraded service

Critical DNS/mail servers

Physically located on a common LAN segment

Failure of circuit, border router, and possibly firewall may cause complete failure of these servers

Spare router/switch chassis and interface cards

Hardware fails, and you do not have replacements for critical elements

Potentially complete outage while you await shipping or purchase of new equipment



Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net