| ||
This section provides a summary of components that may contribute to unreliable connectivity given certain conditions (see Table 4-1). These unreliable conditions may be exploited by attackers , or they may just happen by accident . Either way, failure of these components creates a denial of service (DoS) against your network. Typically, DoS is an event caused when protocols are exploited that create availability problems by means of overloading, confusing, or crashing routing and systems infrastructure within a network. However, a failure of an Internet circuit, border router, firewall, or critical DNS and e-mail systems can create a DoS event as well. If these components fail, and you have no redundancy, you will experience denial of service to some degree.
Component | Condition | Effect |
---|---|---|
Border router | No or minimal access control lists | Directed SYN-flood may crash router or severely degrade service |
Internet gateway | Single router, single ISP | Hardware/software failure, or ISP outage causes complete outage (DoS) |
Multihomed routing (multiple circuits and/or ISPs) | Improper routing configuration or routing policy | Lack of redundancy through Internet gateways |
Circuit bandwidth | Limited or unmonitored bandwidth | Packet loss, latency, severely degraded service |
Critical DNS/mail servers | Physically located on a common LAN segment | Failure of circuit, border router, and possibly firewall may cause complete failure of these servers |
Spare router/switch chassis and interface cards | Hardware fails, and you do not have replacements for critical elements | Potentially complete outage while you await shipping or purchase of new equipment |
| ||