Re: Is "Denial Of Service attack" a security issue?

["Mr. Anderson" <neo@silkroad.com>]

Yes, DoD attacks are all security related and yes there
has been a tendency in all systems to spend a lot of time
in the weeds on bits and bites and not on obvious system
availabiity issues.  Yes, IPSec , and in particular, the
ISAKMP UDP mechanism has been documented as a future
easily 'script kiddied' attack.  And yes, these types
of attacks are very difficult to stop, and yes, it has
been discussed here and elsewhere, and yes, in all likelihood
IPSec will suffer from future DoS attacks at the protocol
implementation becomes more widespread and yes, no systems
can be made 100 percent secure, and yes, all deployment
and fielding issues are based on a risk managment method,
and yes, when the benefits outweight the risks things move
forward, and yes, for the vast majority of IPSec implementations
the DoS risk is acceptable, and yes there are operational
systems where the risk criteria are not acceptable and yes
these are business case issues which orgs will decide based
on their operational model.

In a nutshell.  IPSec is not perfect, but it is pretty
darn good and much better than  no-IPsec.


-Neo
> 
> If no, the IPSec is not "safe".
> --- David
> 


-- 

---------------------------
The Y2K Feature:

A way of remaining in the 20th century for a little
longer ..... 19 - 100 ... a feature, not a bug :)

---

Follow-Ups:

• Re: Is "Denial Of Service attack" a security issue?
• From: David Chen <dchen@indusriver.com>

References:

• Is "Denial Of Service attack" a security issue?
• From: David Chen <dchen@indusriver.com>

---

• Prev by Date: RE: Reasons for AH & ESP
• Prev by thread: Is "Denial Of Service attack" a security issue?
• Next by thread: Re: Is "Denial Of Service attack" a security issue?
• Index(es):
  • Main
  • Thread