HostedDB - Dedicated UNIX Servers
index_16
Auerbach Publications © 2001 CRC Press LLC 08/01 troduced that can completely circumvent any security measures taken by corporate that would normally be providing the security envelope. It is at the point of connecting to the Internet where the dramatic tumbling of realized security takes place, and the remote system becomes the judge, jury, and possibly, the executioner of the corporate security. The remote system may have employed a very robust VPN solution, one that does not allow the host system to act as a router or allow the forwarding of information from the Internet into the private network. To take it one step further, the VPN solution may employ limited firewalling capabilities or filtering concepts to limit access into the internal network. Nonetheless, the protection possibly supplied by the VPN client or fire- wall software can be turned off by users, ultimately opening them up to attack. In the event that a package can be implemented in which the user cannot turn the protection suite off, it can be assumed that a vulnerability will arise that requires a patch to remedy. This scenario is extremely common and nearly an everyday occur- rence for firewall and perimeter security administrators simply attempt- ing to keep up with a limited number of firewalls. Given the lack of attention normally seen in many organizations toward their firewall maintenance, one can only imagine the disintegration of security when vulnerabilities are discovered in the remote system’s firewall software. VULNERABILITY  CONCEPTS To fully understand the extremity of the destruction of perceived corpo- rate security made available by ample amounts of technology and pro- cesses, it is necessary to know that the remote system is open and exposed to the Internet. In some cases, as with broadband, the exposure is constant and for long periods of time, making it predictable — an at- tacker’s greatest asset. The Internet is a sea of threats, if nothing else, simply because of the vast numbers of people and technologies available to them to anony- mously wreak havoc on others, especially those unprepared. There are several different types of attacks that are for different uses and affect dif- ferent layers in the communication. For example, Denial of Service (DoS) attacks are simply geared to eliminate the availability of a system or ser- vice — a purely destructive purpose. DoS attacks take advantage of weaknesses in low-level communication attributes, such as a protocol vulnerability, or higher-level weaknesses that may reside in the applica- tion itself. Some other attacks have very specific applications and are de- signed for particular situations to either gain access or obtain information. It is becoming more and more common to see these  attacks taking ad- vantage of application errors and quirks. The results are applications spe- cifically engineered to obtain system information, or even to  remotely control the host system.