Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Internet Denial of Service", Jelena Mirkovic et al

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Internet Denial of Service", Jelena Mirkovic et al
Date: Thu, 31 Jul 2008 12:03:22 -0800 
BKNTRDOS.RVW   20080420

"Internet Denial of Service", Jelena Mirkovic et al, 2005,
0-13-147573-8, U$39.99/C$57.99
%A   Jelena Mirkovic
%A   Sven Dietrich
%A   David Dittrich dittrich@u.washington.edu
%A   Peter Reiher
%C   One Lake St., Upper Saddle River, NJ   07458
%D   2005
%G   0-13-147573-8
%I   Prentice Hall
%O   U$39.99/C$57.99 800-576-3800 416-293-3621 201-236-7139
%O  http://www.amazon.com/exec/obidos/ASIN/0131475738/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0131475738/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0131475738/robsladesin03-20
%O   Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   372 p.
%T   "Internet Denial of Service: Attack and Defense Mechanisms"

Chapter one is an introduction to the book itself, rather than the
topic, asserting that the work is intended for an audience of system
administrators, corporate managers, and those dealing with public
policy.  The topic is defined in chapter two, which notes that denial
of service (DoS) is not like other security risks where intrusion or
use (or misuse) of resources is the aim, but prevention of the
legitimate use of a system.  Much of the material concentrates on
distributed denial of service (DDoS), and the text mentions the
inherent risk of DoS where a service is being provided.  The structure
and logical flow of the content is not always obvious, but the
information is reasonably clear and readable.  The history of DoS
attacks, starting with the early, simple assaults intended to gain
status and notoriety and progressing through to the recent complex and
financially motivated offensives, is covered in chapter three.  There
is discussion of the fact that the structure of the Internet works
against many protective measures and hinders efforts to collect
digital forensic evidence.  Chapter four examines the process,
technology, and tools of DDoS attacks.

Defence is contemplated in chapter five, along with the intrinsic
difficulty presented by the need for availability, the possibility of
attacking either the computer-based service or the network-based
communications, and a poor authentication and tracking infrastructure. 
The deliberation does note that defence can be attempted in many
layers, from secure application development to overt reaction.  A
detailed analysis of some defensive approaches is provided in chapter
six, which assessment is also valuable in terms of business continuity
planning.  Chapter seven has a listing and review of various research
projects on defence.  Legal issues are catalogued in chapter eight:
most of the content is general, but there is a fair amount that is
specific to the United States.  Chapter nine summarizes major points,
and speculates on future trends.

This is a thorough overview of a topic that is covered poorly, if at
all, in most of the security literature.  Availability has come very
late to add depth to the C-I-A (Confidentiality, Integrity,
Availability) triad, and therefore DoS attacks are still misunderstood
as mere nuisance.  The problem is growing, and this material should be
of greater interest to those charged with protecting both corporate
assets and the public infrastructure.

copyright Robert M. Slade, 2008   BKNTRDOS.RVW   20080420


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
Attempt the end, and never stand to doubt; Nothing's so hard, but
search will find it out.                            - Robert Herrick
victoria.tc.ca/techrev/rms.htm 
blogs.securiteam.com/index.php/archives/author/p1/

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Internet Denial of Service", Jelena Mirkovic et al, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] Should the CISSP expand focus on application security?, jm04469
Previous by Thread:  [CISSP-D] Should the CISSP expand focus on application security?, jm04469
Indexes:  [Date] [Thread] [Top] [All Lists]