Denial of Service is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. DoS attacks can take multiple forms but have the common objective of overloading or blocking a network or host to deny or seriously degrade performance, thus rendering it useless. These attacks can be simple “floods” of traffic to saturate circuits or devices, malware that consumes CPU and memory on a device or causes it to crash, or misconfigurations that disable or impair the proper function of a device.
A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks. Services and components should be redundant when possible.
A firewall or other device implementing an Access Control List must be configured to protect the enclave from DoS attacks (e.g. SYN-flood, ICMP-flood, Land, etc.). Various techniques exist such as rate-limiting, policing, or filtering excessive traffic. Each protective measure depends on the specific attack. |