[Owasp-natal] TÚcnicas bem atuais - Defending Against DoS Attacks [New Paper] and Index of Posts

Noilson Caio caiogore em gmail.com
Quinta Dezembro 6 11:06:05 UTC 2012


We are pleased to put the finishing touches on our Denial of Service (DoS)
research and distribute the paper. Unless you have had your head in the
sand for the last year, you know DoS attacks are back with a vengeance,
knocking down sites both big and small. It is no longer viable to ignore
the threat, so we all need to think about what to do when we inevitably
become a target.

[image: Defending Against DoS
Attacks]<https://securosis.com/assets/library/main/DoS-TitlePage_big.png>

This excerpt from the paper’s introduction should give you a feel for what
we’re talking about.

For years security folks have grumbled about the role compliance has
assumed in driving investment and resource allocation in security. It has
become all about mandates and regulatory oversight driving a focus on
protection, ostensibly to prevent data breaches. We have spent years in the
proverbial wilderness, focused entirely on the “C” (Confidentiality) and
“I” (Integrity) aspects of the CIA triad, largely neglecting “A”
(Availability). Given how many breaches we still see every week, this
approach hasn’t worked out too well.

Regulators pretty much only care whether data leaks out. They don’t care
about the availability of systems – data can’t leak if the system is down,
right? Without a clear compliance-driven mandate to address availability
(due to security exposure), many customers haven’t done and won’t do
anything to address availability. Of course attackers know this, so they
have adapted their tactics to fill the vacuum created by compliance
spending. They increasingly leverage availability-impacting attacks to both
cause downtime (costing site owners money) and mask other kinds of attacks.
These availability-impacting attacks are better known as Denial of Service
(DoS) attacks.

We focus on forward-looking research at Securosis. So we have started
poking around, talking to practitioners about their DoS defense plans, and
we have discovered a clear knowledge gap around the Denial of Service
attacks in use today and the defenses needed to maintain availability.
There is an all too common belief that the defenses that protect against
run of the mill network and application attacks will stand up to a DoS.
That’s just not the case, so this paper will provide detail on the attacks
in use today, suggest realistic defensive architectures and tactics, and
explain the basic process required to have a chance of defending your
organization against a DoS attack.

Direct Download (PDF): Defending Against Denial of Service (DoS)
Attacks<https://securosis.com/assets/library/reports/Securosis_Defending-Against-DoS_FINAL.pdf>


-- 
Noilson Caio Teixeira de Ara˙jo
Linux Professional Institute Certification  2 - LPI000182893
ITV3F ITIL Foundation Certificate in IT Service Management (Syllabus 2011)
- EXIN063638
Novell Certified Linux Administrator (CLA) - 10111916
Novell Data Center Technical Specialist

http://ncaio.ithub.com.br
http://br.linkedin.com/in/ncaio
http://www.commandlinefu.com/commands/by/ncaio
http://www.dicas-l.com.br/autores/noilsoncaioteixeiradearaujo.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-natal/attachments/20121206/58b56fcb/attachment.html>


More information about the Owasp-natal mailing list