Network Security News

There are several levels of security means; there are several layers of security measures. The favorite aim of most hackers is vulnerabilities, abundant nowadays. However, even if there are no known or possible ways to grant an unauthorized third party control over certain resources, the server or service can still be subject to DoS and other attacks. Dev Central announces a challenge in An Unhackable Server is Still Vulnerable.

In more details: Security Grand Challenge is announced. What is that, you ask? Here’s how the organizers describe it:

The concept is very simple. The participant teams will have to use their science and technical skill to create an environment where a server can function with integrity and minimum required service levels even when under attack.

On the day of the competition, each participant team will receive a virtualized server, with a number of services. The services might be implemented in different languages (e.g., C, Java, or Python) and may be web-based or stand-alone. However, each service will have a number of hidden security flaws, which have been implanted by the organizers. These flaws might be used by an attacker to disrupt the service. The services are part of a mission-critical system (e.g., a life-support system) and need to be always functioning correctly or some catastrophic event will happen.

The task of the participants is to modify and improve their servers so that they become resilient to attacks. By itself, the task is quite noble, however, one should remember that there are types of attacks not related to known vulnerabilities and/or design flaws.

For example, the so called layer 7 DoS attacks when there are, say, many quite legitimate HTTP GET request that they eat up outgoing bandwidth and take much time. While proper system monitoring can handle this threat without significant damage, one should remember: there are attacks possible that do not rely upon any weakness in general. The above vulnerability may be illustrated with the so called 'bank run', when there are so many people (customers), they effectively deny the service to anyone else.

Looks like constant system monitoring is the only means to detect possible DoS-attacks unrelated to any given flaw.

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.