Information Technology Reference
In-Depth Information
Other high-value targets include devices that support the network. Here is a list of some
network devices, servers, and security devices that stand out as potential targets:
Infrastructure devices:
Routers, switches
■
Security devices:
Firewalls, intrusion detection/prevention systems (IDS/IPS)
■
Network services:
Dynamic Host Configuration Protocol (DHCP) and Domain
Name System (DNS) servers
■
Endpoints:
Management stations and IP phones
■
Infrastructure:
Network throughput and capacity
■
Loss of Availability
Denial of service (DoS) attacks try to block or deny access to impact the availability of net-
work services. These types of attacks can interrupt business transactions, cause consider-
able loss, and damage the company's reputation. DoS attacks are fairly straightforward to
carry out, even by an unskilled attacker. Distributed DoS (DDoS) attacks are initiated by
multiple source locations within the network to increase the attack's size and impact.
DDoS attacks occur when the attacker takes advantage of vulnerabilities in the
network/host. Here are some common failure points:
A network, host, or application fails to process large amounts of data sent to it, which
crashes or breaks communication ability.
■
A host or application is unable to handle an unexpected condition, such as improp-
erly formatted data and memory or resource depletion.
■
Nearly all DoS attacks are carried out with spoofing and flooding methods.
■
Ta ble 1 2 - 5 lists some DoS-mitigating IOS software features.
Ta b l e 1 2 - 5
Software Features to Manage DoS Attacks
Key
To p i c
Feature Description
Feature
Ve r i f i e s D H C P t r a n s a c t i o n s a n d p r e v e n t s r o g u e D H C P s e r v e r s
from interfering with production traffic
DHCP snooping
Intercepts Address Resolution Protocol (ARP) packets and veri-
fies that the packets have valid IP-to-MAC bindings
Dynamic ARP Inspection
(DAI)
Prevents unknown source addresses from using the network as a
transport mechanism to carry out attacks
Unicast Reverse Path For-
warding (uRFP)
Controls what traffic is allowed on the network
Access control lists (ACL)
Controls the rate of bandwidth that incoming traffic, such as
ARP packets and DHCP requests
Rate limiting
