| When it comes to DoS attacks most of the attention is paid to ensuring that systems and applications are not victims of these attacks.
While it is true that those accountable for systems want to ensure they are not affected by a DoS attack, they also need to ensure their systems and applications are not used to launch such an attack against others. To that extent, a variety of technologies exist to limit, or in some cases, eliminate the effects of DoS attacks.
For example, boundary protection devices can filter certain types of packets to protect devices from being directly affected by DoS attacks. Limiting system resources that are allocated to any user to a bare minimum may also reduce the ability of users to launch some DoS attacks.
Applications and application developers must take the steps needed to ensure that users cannot use these applications to launch DoS attacks against other systems and networks. An example would be designing applications to include mechanisms that throttle network traffic so that users are not able to generate unlimited network traffic via the application.
The methods employed to counter this risk will be dependent upon the potential application layer methods that can be used to exploit it.
This is an application layer requirement. The AS itself is not designed to throttle traffic or to be placed at a boundary. This role is better met with an XML firewall. |
