Acrónimos: DoS
Ver:
·
Denegación
de servicio distribuida
·
http://www.cert.org/advisories/CA-99-17-denial-of-service-tools.html
Se entiende como denegación de servicio, en términos
de seguridad informática, a un conjunto de técnicas que tienen por objetivo
dejar un servidor inoperativo.
Mediante este tipo de ataques se busca sobrecargar
un servidor y de esta forma no permitir que sus legítimos usuarios puedan
utilizar los servicios por prestados por él.
El ataque consiste en, saturar con peticiones de
servicio al servidor, hasta que éste no puede atenderlas, provocando su
colapso.
Un método mas sofisticado es el Ataque de Denegación
de Servicio Distribuido (DDoS), mediante el cual las peticiones son enviadas,
de forma coordinada entre varios equipos, que pueden estar siendo utilizados
para este fin sin el conocimiento de sus legitimos dueños.
Esto puede ser así mediante el uso de programas malware
que permitan la toma de control del equipo de forma remota, como puede ser en
los casos de ciertos tipos de gusano o bien porque el atacante se ha encargado
de entrar directamente en el equipo de la victima.
http://www.inteco.es/glossary/Formacion/Glosario/
Rechazo de un acceso autorizado a los recursos del
sistema o demora en las operaciones críticas en el tiempo. (ISO-7498-2) [Ribagorda:1997]
Acción de impedir el acceso, estando autorizado, a
recursos o retrasar las operaciones. [CESID:1997]
Prevención de acceso autorizado a recursos o retardo
deliberado de operaciones críticas desde el punto de vista del tiempo. [ISO-7498-2:1989]
The non-availability
ofcomputer resources to the intended or usual customers of a computer service,
normally as a result of a cyber operation.
The Tallinn Manual, 2013
A denial-of-service attack
(DoS) is an attempt to make a resource unavailable to its users. A distributed
denial-of-service attack (DDoS) occurs when multiple attackers launch
simultaneous DoS attacks against a single target. In DDoS attacks, attackers
use as much firepower as possible (usually through compromised computer
systems/botnets) in order to make the attack difficult to defend. The
perpetrators of DoS attacks usually either target high profile
websites/services or use these attacks as part of bigger ones in order achieve
their malicious goals. As stated, despite the fact that these kinds of attacks
do not target directly the confidentiality or integrity of the information
resources of a target, they can result in significant financial and reputation
loss.
ENISA Threat Landscape
[Deliverable – 2012-09-28]
Denial of service (DOS)
attacks are attempts to render a computer system unavailable to users through a
variety of means. These may include saturating the target computers or networks
with external communication requests, thereby hindering service to legitimate
users. Distributed denial of service (DDOS) attacks are denial of service
attacks executed by many computers at the same time. There are currently a
number of common ways by which DOS and DDOS attacks may be conducted. They
include, for example, sending malformed queries to a computer system; exceeding
the capacity limit for users; and sending more e-mails to e-mail servers than
the system can receive and handle.
Budapest Convention on
Cybercrime
The prevention of authorized
access to resources or the delaying of time-critical operations. (Time-critical
may be milliseconds or it may be hours, depending upon the service provided.).
[CNSSI_4009:2010]
(I) The prevention of
authorized access to a system resource or the delaying of system operations and
functions. (See: availability, critical, flooding.) [RFC4949:2007]
the prevention of authorized
access to a system resource or the delaying of system operations and functions.
[ISO-18028-1:2006]
an attack against a system
to deter its availability. [ISO-18028-4:2005]
An attack that prevents or
impairs the authorized use of networks, systems, or applications by exhausting
resources. [NIST-SP800-61:2004]
The prevention of authorized
access to resources or the delaying of timecritical operations. (Time-critical
may be milliseconds or it may be hours, depending upon the service provided.) [NIST-SP800-27:2004]
The prevention of authorized
access to resources or the delaying of time-critical operations. [NIST-SP800-33:2001]
Any action or series of
actions that prevent any part of a system from functioning in accordance with
its intended purpose. This includes any action that causes unauthorized
destruction, modification, or delay of service. [IRM-5239-8:1995]
The prevention of authorized
access to resources or the delaying of time-critical operations. [ISO-7498-2:1989]
Overwhelming a host with
spurious data in order to cause legitimate connection attempts to fail. DoS attacks do not reveal sensitive data to
the attacker, however they can cause untold damage to reputation as well as a
lost business. According to the March 2000 Computer Crime and Security Survey
of the FBI's Computer Institute, 60% of detection of Denial of Service attacks.
http://www.qtsnet.com/SecuritySolutions/security_glossary.html
The prevention of authorized
access to a system resource or the delaying of system operations and functions.
http://www.sans.org/security-resources/glossary-of-terms/
An IT defense strategy
implemented to provide a business network with security against denial of
service (DoS) attacks, which harm the network by flooding it with additional
requests, ultimately slowing or completely interrupting traffic.
Denial of service protection
offers businesses a way to guard against the threat of DoS attacks that hinder
the functionality of a network by disrupting the availability of network
resources. When a network falls under a DoS attack and is flooded with malicious
traffic, network service could be interrupted for long periods of time, making
business-critical information unavailable. Along with guarding against standard
DoS attacks, businesses should also provide their networks with Distributed
Denial of Service (DDoS) Protection. DDoS employs a host of compromised
computers to launch a large-scale attack on company networks. For common
victims of DoS attacks, such as online businesses, service providers and
service carriers, damages from DoS attacks can be felt as loss of revenue
through network downtime, and tainted business reputations. For these reasons
in particular it is important that companies have proper denial of service
protection implemented as part of their network security measures.
http://www.radware.com/Resources/Glossary/denial_of_service_protection.aspx
Impossibilité d'accès à
des ressources pour des utilisateurs autorisés ou introduction d'un retard pour
le traitement d'opérations critiques. [ISO-7498-2:1989]
Méthode de piratage
réseau qui consiste à provoquer un refus d'accès à un service en ligne pour
tout utilisateur souhaitant se connecter. La conséquence de cet acte réside
dans une atteinte à la disponibilité de la cible.
http://www.cases.public.lu/functions/glossaire/
Type d´attaque, utilisé
sur un réseau comme Internet, visant à empêcher le bon fonctionnement d´un
service sans en altérer son contenu. Par exemple, le résultat peut-être
l´inaccessiblité pendant plusieurs heures d´un site Internet. Plusieurs moyens sont
utilisés afin d´y parvenir: saturation des ressources du serveur, saturation de
la bande passante...
http://www.indexel.net/1_6_1990__3_/7/27/1/Petit_Glossaire_de_la_securite_informatique.htm
Attaque consistant à
saturer une ressource en effectuant de manière malveillante des demandes de
réservation excessives ou en occupant le service illicitement. Parmi les
attaques de déni de service les plus connues: SYN flooding, UDP flooding, ping
of death, LAND attack, SMURF attack, mail bombing...
http://securit.free.fr/glossaire.htm