Threat to information security : the system vulnerability and denial of service attacks
Master thesis
Permanent lenke
http://hdl.handle.net/11250/137252Utgivelsesdato
2004Metadata
Vis full innførselSamlinger
Sammendrag
The use of the Internet has increased drastically the last few years. This trend has led to a
constant increase in attacks toward computer systems and networks, and the methods for
attacking are becoming more and more advanced. By this, we mean that new tools are
developing in a way that makes it more difficult for people to protect themselves against,
while the use of the tools is more user friendly than before, and the hackers do not need
as much skills as they used to.
In order for security practitioners to know how to protect themselves against new attacks, it
is important for them to know how the hackers work and think. Therefore, we have
described the hacker environment, tried to map how many they are, how they find
information, and how they share information.
Vulnerabilities and denial of service are considered to be the main parts of the report, with
a model to each case. To get an overview over vulnerabilities and factors that influence
vulnerabilities, a system dynamics model is discussed. The model shows variables like
vulnerable hosts, patching, hackers with or without scripts, sophisticated and nonsophisticated
hackers, attacks, and attack frequency. This is an overall description of a
single vulnerability problem, but the problem with multiple vulnerabilities is also briefly
discussed.
Some of the biggest threats when it comes to information security today are denial of
service (DoS) attacks and distributed denial of service (DDoS) attacks. DoS and DDos
attacks are possible to be the most potent and difficult to tackle, and they can do
enormous damages. These types of attacks are described, and we use and discuss a
model over a specific denial of service case. The case is about a turf war between the two
German hackers “Mixter” and “Randomizer”, and the model includes variables that are
specific to the case, and variables that are more general about hackers and the Internet
world.
As we have been working with the master thesis, a big problem has been data collection.
This has been a problem for us because it is hard to find data on information security.
Some organizations choose not to publicize of different reasons, this can be that they are
afraid of bad publicity. It takes a lot of time and effort to do this kind of data collection, and
people who do it, collect for a narrow purpose. Systematically collected data is therefore
not always available.
Beskrivelse
Masteroppgave i informasjons- og kommunikasjonsteknologi 2004 - Høgskolen i Agder, Grimstad
Utgiver
Høgskolen i AgderAgder University College