The Top Ten Security Threats for 2008 (Part 12)

Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Complex Event Processing RSS News The Top Ten Security Threats for 2008 (Part 12)
# 1  
Old 12-04-2007
The Top Ten Security Threats for 2008 (Part 12)

Tim Bass
Tue, 04 Dec 2007 23:18:57 +0000
Here*is another top ten cyber security threat for 2008:
***** -*Denial-of-service attacks.
Distributed denial-of-service (DoS) attacks*in cyberspace*are one of the most difficult threats to defend against.***Criminals or terrorists,* for example, can use*botnets to send a large number of queries or other malicious traffic*to servers, effectively shutting them down.**A*successful, sustained denial-of-service attack against*critical infrastructure, such as the*DNS root servers, could potentially shut down the Internet.****
The U.S. government once warned the American private financial services*industry of a looming al Qaeda DoS attack against online stock trading and banking web sites.* Blackmailers and extortionists often*threaten DoS attacks against their victims and the threat of DoS attacks is very real for high-profile web servers such as banks, credit card payment gateways and other critical infrastructure.*
Denial-of-service attacks remain a serious threat in 2008.

Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question
ipsecesp(7P)							     Protocols							      ipsecesp(7P)

ipsecesp, ESP - IPsec Encapsulating Security Payload SYNOPSIS
drv/ipsecesp DESCRIPTION
The ipsecesp module provides confidentiality, integrity, authentication, and partial sequence integrity (replay protection) to IP data- grams. The encapsulating security payload (ESP) encapsulates its data, enabling it to protect data that follows in the datagram. For TCP packets, ESP encapsulates the TCP header and its data only. If the packet is an IP in IP datagram, ESP protects the inner IP datagram. Per-socket policy allows "self-encapsulation" so ESP can encapsulate IP options when necessary. See ipsec(7P). Unlike the authentication header (AH), ESP allows multiple varieties of datagram protection. (Using a single datagram protection form can expose vulnerabilities.) For example, only ESP can be used to provide confidentiality. But protecting confidentiality alone exposes vulner- abilities in both replay attacks and cut-and-paste attacks. Similarly, if ESP protects only integrity and does not fully protect against eavesdropping, it may provide weaker protection than AH. See ipsecah(7P). ESP Device ESP is implemented as a module that is auto-pushed on top of IP. Use the /dev/ipsecesp entry to tune ESP with ndd(1M). Algorithms ESPuses encryption and authentication algorithms. Authentication algorithms include HMAC-MD5 and HMAC-SHA-1. Encryption algorithms include DES, Triple-DES, Blowfish and AES. Each authentication and encryption algorithm contain key size and key format properties. You can obtain a list of authentication and encryption algorithms and their properties by using the ipsecalgs(1M) command. You can also use the functions described in the getipsecalgbyname(3NSL) man page to retrieve the properties of algorithms. Because of export laws in the United States, not all encryption algorithms are available outside of the United States. Security Considerations ESP without authentication exposes vulnerabilities to cut-and-paste cryptographic attacks as well as eavesdropping attacks. Like AH, ESP is vulnerable to eavesdropping when used without confidentiality. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsr (32-bit) | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
ipsecalgs(1M), ipsecconf(1M), ndd(1M), attributes(5), getipsecalgbyname(3NSL), ip(7P), ipsec(7P), ipsecah(7P) Kent, S. and Atkinson, R.RFC 2406, IP Encapsulating Security Payload (ESP), The Internet Society, 1998. SunOS 5.10 18 May 2003 ipsecesp(7P)