Can the Internet be taken offline? Many experts scoff at the idea, citing o many diverse communications channels, too many redundancies, and architecture designed to route around failures. "l think it would be very difficult to take down the whole Internet, unless you had a worldwide MME event that takes everything else down as well," says Dry. Ken Calvert, chair of the University of Kentucky Department of Computer Science. "At all levels you have diversity of technology carrying the bits, whether it's satellite, fiber, or wireless.There's a lot of redundancy there.
" Yet even if the Net can't be entirely shut off, short of an act of God (see Tech doomsday scenario No. ), attackers can create havoc by attacking it at one of its weakest points: the domain name system. By hijacking traffic meant for different domains, attackers can drive unsuspecting surfers to malicious sites, effectively take down any site by flooding It with traffic, or simply send everyone looking for Google. Com or Yahoo. Com Into the ether making the Net largely useless for a great many people. Everybody trusts the DNS, but it's not really trustworthy," says Rod Rasmussen, president and COT for anti-pushing services firm Internet Identity.
"The system itself isn't well protected. And all you need are a name and a sword to take out a DNS server or a particular domain. " Attackers don't even need to attack DNS servers or poison their caches; they can achieve the same effects by taking over large domain registrars. A successful Infiltration of Network Solutions, for example, could put attackers in charge of more than half the domains for all U.
S. Financial institutions, says Rasmussen. From there, attackers could redirect surfers to bogus sites and later use their credentials to log in and drain their accounts. Or they could simply target large domains with huge amounts of traffic, or create havoc by sensing with the Net's time servers. What could happen: The Internet appears to be down, even though it's not.
Millions of Web surfers can't reach the sites they need, or worse, they're misdirected to malicious sites that steal their credentials or their identities.Attackers reset the servers that keep time on the Net, bringing billions of financial transactions that rely on accurate timestamps to a screeching halt. How long would it take to recover: Two days or longer, in most cases, says Rasmussen. "Because this is the DNS, it's not hard to undo anything," he says. "The problem is owe long the bad guys tell the DNS system to maintain the records; 48 hours is pretty speed dial with major Sips and tell them to update their records.
Even then, you'll still miss smaller Sips or large enterprises that maintain their own DNS tables. It usually takes a pretty big disaster to get people to respond," says Rasmussen. "That's the problem with a distributed system; when it goes bad it stays bad for a while. " Likelihood: More likely than you think. This has already happened several times on a smaller scale.
In December 2008, Ukrainian-based attackers used a pushing attack to main log-on credentials for Checkable, an online bill payment system used by more than 70 percent of U. S. Banks. In April 2009, an SQL injection exploit at registrar Domains. Et allowed Turkish attackers to take over the New Zealand sites for Microsoft, Sony, Coca-Cola, HISS, and Xerox, among others. The same hackers also took over all of Puerco Rice's domains.
This past January the domain for Baud, the largest Chinese search site, was taken over by a group calling itself the "Iranian Cyber Army. " In that case, Baud filed suit against its U. S. Registrar, Register. Com, claiming it as slow to respond to the site's plea for help.
How to avoid this fate: "Eternal vigilance? " asks Rasmussen. You want to monitor the hell out of what you and other people are doing with your domains and theirs, so you can turn off the system and anything that connects to it if you or someone you trust has a problem. " Some registrars are hardening their defenses against hijacking and making it tougher to change DNS records, but mostly it's up to domain owners themselves to police their own records and respond quickly when they've been compromised. * Name and describe the different Software Process Models/Software DevelopmentProcess Models The most common software development models applied for the development process are: 1 . Waterfall model.
This model is mainly apt for small and relatively easy software projects. Software companies working according to this model complete each stage in consecutive order and review its results before proceeding to another stage, which renders the waterfall model inflexible and unsuitable for complex long- term software projects. [pick] 2. Spiral model. The essence of this model is in the underscored importance of a risk- analysis during the development process.
The spiral model presupposes that each tagged of the classical waterfall model is divided into several iterations, and each iteration undergoes planning and risk analysis. As a result this model allows a software company to produce working software after each iterative stage, while evaluating the risks on an ongoing basis. However, adopting the spiral model may result in notably higher costs. [pick] 3. V-shaped model. This model is similar to the waterfall model, though the main emphasis is placed on the verification stage and testing, which overlap all the other stages of the software development lifestyle.