Denial Of Service: is it a security issue? (was Re: Ant...)

[Bennett Todd <bet () rahul net>]

On Tue, Nov 11, 1997 at 02:41:55PM +1100, Darren Reed wrote:
> In theory, one might adopt a high moral ground and say that so long as
> the firewall keeps minimises _security_ risks, its doing its job. Now
> it would appear that the firewall's job is being expanded to include
> defense/protection against DOS and other attacks, which whilst not a
> direct security threat, per se, do affect systems availability on the
> "inside" and protection from them is perceived to be within the domain
> of the firewall.

I think most of us consider Denial Of Service to be one of the major
security topics. Off the top of my head, the biggies are:

  1. Data Integrity (protection against modification or deletion)

  2. Data Confidentiality (preventing people from reading private data)

  3. Availability (preventing Denial Of Service)

All of these have strong security implications. In many organizations
the above order is the priority ranking. Not all, though; it's likely
the case that most ISPs would rank Denial-Of-Service the most severe
attack against their public servers.

Denial Of Service is in some ways the most interesting security area,
since it's generally the easiest to attack (== hardest to defend), and
so sometimes the limits to what you can accomplish are set on this
front. Another cool aspect of Denial Of Service (DOS) is that fixing
such attacks involves hard-core hardening of the systems; anything that
can happen accidentally to shoot you down can be provoked deliberately
by a sufficiently knowlegeable attacker, so protecting against DOS ends
up being a wonderful bugfixing party.

Another cool feature is that some attacks of the ``intruder can log in
to machines behind the firewall, bypassing its protection'' sort have
been attributed to DOS attacks; I'm pretty sure I've heard of firewalls
that can be provoked into falling down and turning in to routers.

-Bennett