Security group offers a plan for defending against attacks

Security group offers a plan for defending against attacks

By Christopher J. Dorobek

GCN Staff

FEB. 24'On the heels of recent distributed denial-of-service attacks on commercial Web sites, a public-private security group has published a document to help organizations deal with systems security.

The document, from the Project for the Partnership for Critical Infrastructure Security, focuses on four immediate steps to reduce the risk of attack and includes suggestions for long-term efforts at protection.

The matter is important because distributed denial-of-service attacks could strike at the heart of the Internet, said Alan Paller, director of research at the SANS Institute of Bethesda, Md. "What's new is that this can do big damage," he said during a session at the Virtual Government Conference in Washington. "It can damage the trust we have in the Internet."

There must be a coordinated effort to handle the attacks in order to protect the Internet, Paller said. Those attacks forced several commercial Web sites to shut down earlier this month [].

The guidance was written by representatives from several security organizations, including the Computer Emergency Response Team at Carnegie Mellon University and the SANS Institute. It discusses topics such as spoofing'in which attackers disguise the locations of machines used to carry out an attack by falsifying the source address of the network communication'and leaving computers unprotected.

The document, labeled Version 1.09, is available online at and Paller also said anyone interested in joining an e-mail list for updated information can send a message to with "ddos roadmap" in the subject line.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.