Page 927 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 927
Prevent or Mitigate Network Attacks
Communication systems are vulnerable to attacks in much the same
way any other aspect of the IT infrastructure is vulnerable.
Understanding the threats and possible countermeasures is an
important part of securing an environment. Any activity or condition
that can cause harm to data, resources, or personnel must be
addressed and mitigated if possible. Keep in mind that harm includes
more than just destruction or damage; it also includes disclosure,
access delay, denial of access, fraud, resource waste, resource abuse,
and loss. Common threats against communication system security
include denial of service, eavesdropping, impersonation, replay, and
modification.
DoS and DDoS
A denial-of-service (DoS) attack is a resource consumption attack that
has the primary goal of preventing legitimate activity on a victimized
system. A DoS attack renders the target unable to respond to
legitimate traffic.
There are two basic forms of denial of service:
Attacks exploiting a vulnerability in hardware or software. This
exploitation of a weakness, error, or standard feature of software
intends to cause a system to hang, freeze, consume all system
resources, and so on. The end result is that the victimized
computer is unable to process any legitimate tasks.
Attacks that flood the victim’s communication pipeline with
garbage network traffic. These attacks are sometimes called traffic
generation or flooding attacks. The end result is that the victimized
computer is unable to send or receive legitimate network
communications.
In either case, the victim has been denied the ability to perform
normal operations (services).
DoS isn’t a single attack but rather an entire class of attacks. Some
