Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

311

312

313

314

315

316

317

318

319

320

File integrity assessment software, such as Tripwire, records information about important files in a

known safe state, probably immediately after installation, and can be used at a later time to verify

that files are unchanged. You can download commercial or conditional free versions from

http://www.tripwire.com

Denial of Service

One of the most difficult threats to guard against is denial of service. Denial of Service (DoS)

occurs when somebody’s actions make it difficult or impossible for users to access a service,

or delay their access to a time-critical service.

Early in the year 2000, there was a famous spate of Distributed Denial of Service (DDoS)

attacks against high profile Web sites. Targets included Yahoo!, eBay, Amazon, E-Trade, and

Buy.com. Sites such as these are accustomed to traffic levels that most of us can only dream

of, but are still vulnerable to being shut down for hours by a DoS attack. Although crackers

generally have little to gain from shutting down a Web site, the proprietor might be losing

money, time, and reputation.

One of the reasons that these attacks are so difficult to guard against is that there are a huge

number of ways of carrying them out. Methods could include installing a program on a target

machine that uses most of the system’s processor time, reverse spamming, or using one of the

automated tools. A reverse spam involves somebody sending out fake spam with the target

listed as the sender. This way, the target will have thousands of angry replies to deal with.

Automated tools exist to launch distributed DoS attacks on a target. Without needing much

knowledge, somebody can scan a large number of machines for known vulnerabilities, com-

promise a machine, and install the tool. Because the process is automated, an attacker can

install the tool on a single host in under five seconds. When enough machines have been co-

opted, all are instructed to flood the target with network traffic.

Guarding against DoS attacks is difficult in general. With a little research, you can find the

default ports used by the common DDoS tools and close them. Your router might provide

mechanisms such as limiting the percentage of traffic that uses particular protocols such as

ICMP. Detecting hosts on your network being used to attack others is easier than protecting

your machines from attack. If every network administrator could be relied on to vigilantly

monitor his own network, DDoS would not be such a problem.

Because there are so many possible methods of attack, the only really effective defense is to

monitor normal traffic behavior and have a pool of experts available to take countermeasures

when abnormal things occur.

E-commerce Security Issues

HAPTER 13

E-COMMERCE

SECURITY ISSUES

287

17 7842 CH13 3/6/01 3:36 PM Page 287