[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [emergency] CAP and DDoS
And that message should be communicated. Otherwise, good intentions over flaky protocols will filter into the infrastructure. A problem of the current environment is that too many in the Beltway and elsewhere are drinking the HTTP/REST/IP kool-aid and not taking into account the unreliability and vulnerabilities of the base TCP/IP infrastructure. So Federal dollars will be attached to agency procurements based on those technologies. Some will understand and refuse to build it for mission critical applications; some won't. Be sure the message is clear and the risks are well-explained. An XML document doesn't buy them security or protection. Being agnostic and failing to explain the need to completely assess the risk of the transport are different. Thanks! len From: Art Botterell [mailto:acb@incident.com] At 5:09 PM -0600 2/5/04, Bullard, Claude L (Len) wrote: >Perhaps out of scope, but of interest: how would Distributed >Denial of Service (DDoS) attacks affect the capabilities of systems >using CAP? Pretty much as it would affect any IP server, yes? Right. In fact, any transport mechanism is vulnerable to some sort of denial-of-service attack, be it Internet-based DDOS, radio-frequency jamming or even plain old-fashioned "backhoe fade." This is one of the reasons we've all worked so hard to keep CAP transport-independent. Technical diversity, through the integrated use of a combination of distinct transport technologies, is one of the best ways to mitigate the risk of DoS attacks and accidents. It's a lot harder to jam every technology at once than it is to jam any one at a time.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]