One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.Denial-of-service attacks are considered violations of the IAB’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet Service Providers. They also commonly constitute violations of the laws of individual nations. (Source: http://en.wikipedia.org/wiki/Denial-of-service_attack)

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

Common DoS Attacks

• Filling hard drive space with e-mail attachments
• Sending a message that resets a targets host subnet mask causing routing disruption
• Using up all the target’s resources to accept network connections

Additional DoS Attacks

• Buffer Overflow Attack
  • When a process receives much more data that expected
  • Since buffers are created to contain a finite amount of data, the extra information, which has to go somewhere – can overflow in adjacent buffers, corrupting or overwriting the valid data held in them
  • PING – Packet Internet Groper – uses ICMP – Internet Control Message Protocol
  • PING of Death – Intruder sends a PING that consists of an illegally modified and very large IP datagram, thus overfilling the system buffers and causing the system to reboot or hang
• SYN Attack
  • Attacks the buffer space during a TCP handshake
  • Attacker f;ppds the target system’s “in-process” queue with connection requests causing the system to timeout
• Teardrop Attack
  • Modifying the length of the fragmentation fields in the IP packet
  • When a machine receives this attack, it is unable to handle the data and can exhibit behavior ranging from a lost Internet connection to the infamous BSOD, the machine becomes confused and crashes
• Smurf Attack
  • Source site sends spoofed network requests to a large network (bounce site) and all machines responds to a target site
  • Exploits IP broadcast addressing
• Fraggle Attack
  • “Cousin” of the Smurf Attack
  • uses UDP echo packets in the same fashion as the ICMP echo packet

For example: In 2000 Amazon, CNN, eBay, and Yahoo! were victims of a DoS attack.

Fault Tolerance is the ability of a system to respond gracefully to an unexpected hardware or software failure. There are many levels of fault tolerance, the lowest being the ability to continue operation in the event of a power failure. Many fault-tolerant computer systems mirror all operations — that is, every operation is performed on two or more duplicate systems, so if one fails the other can take over. Source: http://www.webopedia.com/term/f/fault_tolerance.html

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECIEVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

Network Availability

• RAID – Redundant Array of Inexpensive Disks
• Back-up Concepts
• Manage Single Point of Failure

RAID – Redundant Array of Inexpensive Disks

• Fault tolerance against server crashes
• Secondary – improve system performance
• Striping – caching and distributing on multiple disks
• RAID – employs the technique of striping, which involves partitioning each drive’s storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all disks are interleaved and addressed in order
• Hardware and software implementation

RAID Advisory Board

• Three types
  • Failure Resistant Disk Systems (FRDS) – the only current standard;
  • Failure Tolerant Disk Systems;
  • Disaster Tolerant Disk Systems
• FRDS
  • Provides the ability to reconstruct the contents of a failed disk onto a replacement disk
  • Enables continuous monitoring of these parts and the alerting of their failure
• FRDS+
  • Protect from disk failure – can reconstruct disks by automatically hot swapping while server is running
  • Includes environmental controls
  • FRDS+ adds hazard warning

RAID Levels

RAID 0 – Striping

• Creates one large disk by using multiple disks – striping
• No redundancy
• No fault tolerance (1 fail = all fail)
• Read/write performance is increased

RAID 1 – Mirroring

• Duplicates data on other disks (usually a one to one ratio)
• Expensive (doubles cost of storage)

RAID 2 – Hamming Code Parity

• Multiple disks
• Parity information created using a hamming code
• Can be used in 39 disk array 32 data and 7 recovery
• Not used, replaced by more flexible levels

RAID 3 – Byte Level Parity / RAID 4 – Block Level Parity

• Stripe across multiple drives
• Parity information on a parity drive
• Provides redundancy
• Can effect performance with a single parity drive

RAID 5 – Interleave Parity

• Most popular
• Stripes data and parity information across all drives
• Uses interleave parity
• Reads and writes performed concurrently
• Usually 3-5 drives – if one drive fails, can reconstruct the failed drive by using the information from the other 2

RAID 7 – Single Virtual Disk

• Functions as a single virtual disk
• Usually software over Level 5 hardware
• Enables the drive array to continue to operate if any disk or any path to any disk fails

RAID Summary

• 0 – Striping
• 1 – Mirroring
• 2 – Hamming Code Parity
• 3 – Byte level parity
• 4 – Block level parity
• 5 – Interleave parity
• 7 – Single Virtual Disk

Other Types of Fault Tolerance

Redundant Servers

• Primary Server mirrors to secondary server
• Fail-over or rollover to secondary in the event of a failure
• Server fault tolerance can be warm or hot

Server Cluster

• Group of independent servers managed as a single system
• Load balancing
• Improves performance
• “Server Farm”
• Microsoft Cluster Server