Chapter 4

Denial of Service

I think computer viruses should count as life. Maybe it says something about human nature, that the only form of life we have created so far is purely destructive. Talk about creating life in our own image.

—Stephen Hawking

This chapter explores how an environment's availability can be denied when virtualized. One advantage of virtual environments is meant to be the ease of scale and provisioning services. The risk of resource exhaustion is theoretically lower when resources are more easily made available. So a virtualized environment should be able to respond to attacks on services much more quickly and easily than a traditional IT environment. On the other hand, resources are a neutral factor, and advantages of virtualization also can help the attacker.

Finding Signal in Noise

Denial of service (DoS) is not a new concept, but as the phrase itself suggests, it is an important risk for service providers to consider. Virtualization offers new ways of managing resources and creating higher levels of availability. It can even help reduce the chance of a service outage. Large virtual environments, especially the cloud, are often promoted as capable of never going offline. However, it is wise to never say never, as demonstrated by the recent Amazon cloud service outage in 2011.

Apparently a network engineer made a mistake despite clear warnings and caused a level 1 severity failure. Traffic during a routine upgrade was shifted to a lower capacity network ...