Latest (all topics)
Top stories
Hardware
All-in-One printer
Apple Mac
Audio
Backup
Book
Broadband
Camcorder
CD drive
Desktop PC
Digital camera
DVD drive
Gaming
Graphics card
Hard disk
Input device
Laptop
LCD
Mobile phone
Modem
Monitor
Motherboard
Multimedia
Networking
PDA
Printer
Processor
Projector
Scanner
Server
Tuning
UPS
Video
Web camera
Whiteboard
Miscellaneous
Software
Apple Mac
Audio
Backup
Business
Developer
Educational
Game
Graphics
Internet
Linux
Networking
Operating System
PDA
Security
Server
Utilities
Miscellaneous
 
Quantifying Your Network Exposure
 
The incidence of network disruption and DoS either intended or unintentional have increased greatly over the past year. With the arrival of multi-vector worms as delivery mechanisms and the relative ease of directing an attack, DoS events are expected to increase substantially.

This past year has also witnessed organised online extortion directed at Web-focused enterprises. Reliance on Web delivered services delivering timely information, applications and content, make the threat of these disruptions all the more serious for enterprises.

Traditional means of defending against DoS range from port and protocol blocking, router modifications, intrusion detection systems and ISP cooperation to a complete acceptance that DoS happens and cannot be defended against.

Organisations today invest millions of dollars and thousands of man-hours in building out their IP based infrastructure. However, the question one is often left with is: ‘Is Denial of Service or network disruption something that my enterprise should be concerned with?’ We believe that an honest answer to this rhetorical question is fundamental to considering whether a more specific set of defensive measures is necessary.

To help you to consider the reality of the threat and how seriously it ought to be pursued, consider the following: Do you conduct business directly with the public through your site? Is your product or service highly commoditised - for example, travel services can be found through a number of websites where as oil exploration services cannot? Do you have back office applications that have been surfaced through your site? For example, CRM, ERP, supply chain, business intelligence, and so on…

Would a disruption require the consumers of services in question to resort to alternative higher cost channels - for example, call centre, fax or e-mail? Do you serve advertising on your site? Do you have paid for or time sensitive content on your site - for example, music or video downloads, news content or images?

Does your business have predictable demand cycles - for example, the summer and winter holiday seasons or known sporting or cultural events? Is management concerned about brand damage - for example, poor press or fluctuations in share prices? Do you consider the overall integrity of the network to be a pressing security issue? Has a competitor or a closely related firm experienced a DDoS event or online extortion attempt?

If you find yourself answering ‘yes’ to many of the above, then there is no question that the threat is real. The challenge now is how to get those stakeholders with the most to lose to sit-up and take note. We all understand that ‘the IT-security scare tactic’ has gotten a little long in the tooth, and hard-bitten business people demand quantifiable evidence to support their investment.

Robin Hill, Webscreen Technology




BIOS, Apr 25, 06 | Print | Send | Comments (0) | Posted In Security
Related Articles

Defending In Depth
Cyber Security & Other Games
Second Life, Second Identity?
Don't Choke In The Name Of Security
A Baker's Dozen Of Security Bytes
Patching Up Security
Webroot Software Spy Sweeper 5.3
PC Tools Spyware Doctor 4.0
How Cybercrime Operations Work
ZoneLabs ZoneAlarm Internet Security Suite 7

More...
   
     
© 2007 Black Letter Publishing Ltd. - Disclaimer - Terms - About - Contact - Advertise - Newsletter

Hosted By Gradwell - Powered By Eclipse Internet - Sponsored By Ipswitch & Microboards DVD Duplicators