Now, I want to talk to you about the availability threat, and in particular, this denial-of-service condition that we try and avoid. Denial of service is when someone clogs up or blocks or maliciously attacks the ability of somebody to gain access to a resource that they're authorized to gain access to. Let's take an example. Generally, if you're listening, think a non-computing thing. As a human being, and I'm trying to listen. I'm trying to pay attention to something. A way that I can make it difficult for you to listen or pay attention is to create a whole bunch of noise, right? You've all had that experience. If I'm trying to listen to something, and there's tons of background noise, then I go, aah, turn all that stuff off. I can't hear. There's noise coming in. And that's an important concept because much of denial of service is based on this idea of lobbing a whole bunch of noise so that you can't pay attention to or accept real service requests. Now, one important property here involves sort of this idea of amplification. So I do something, and it amplifies. Think about if I was hitting a tennis ball at a wall. Well, we're used to hitting a tennis ball at a wall, and one tennis ball comes back. What if I could hit a tennis ball at a wall, [LAUGH] 1,000 tennis balls come back? That's amplification. And an example would be, if I query some system, little, simple query. I say, hey, what time is it? And you say, 2 o'clock. I go, great, little question, little answer. Everything's great. But what if I say, what time is it everywhere, in every language? And I'd like to know what time it's going to be, every time, for the next three months, in one-second intervals. So what's going to come back? [LAUGH] All this crazy stuff. You're going to get all this time information hitting. You go, aah! All I did was ask what time it was the first time, with a little answer. Then I hit a tennis ball at a wall. I got all these tennis balls coming back. That concept of amplification is absolutely fundamental to denial-of-service attacks, the ability to have something small become something large. Turns out the Internet is chock full of these kinds of examples. And furthermore, there's a second property called reflection, where I can have me hit the tennis ball, but guess what. The ball hits somebody else instead of me. You get the idea? So I hit the tennis ball at the wall, then come back to make it hit you. And now, how about this? Hit a tennis ball at the wall, and now 1,000 tennis balls hit you. [LAUGH] That's a denial-of-service attack. That's how it works. So now I say, hey, what time is it? But I ask as you. And then you're sitting there, and all of a sudden, you hear, 2 o'clock. And you go, 2 o'clock, what? I didn't ask anything. But it's no big deal. It's one little answer. But if I ask that other thing, all the times and everything, and all of a sudden, you're being barraged with the time, then you're essentially experiencing what we would call a denial-of-service attack. Now, we're going to get into, later, how distributed denial-of-service attacks work and how botnets accomplish these kinds of things. But I wanted you to know the basic idea here of denial of service and how it plays out. Now, as kind of a little quiz to test our learning, I want you to think about a few little properties here that affect the availability of a system. And I want you to think in your mind, which of these, based on what you've learned so far, kind of constitute an attack, a cyber attack, a denial-of-service cyber attack? First, A would be if lightning hit a data center. Suppose a data center gets hit with lightning, and you could imagine probably would be taking out the data center's ability to process data. So that's A. B would be some software that's intentionally taking out access points, Wi-Fi, 4G, LTE, whatever, but intentionally blocking or taking out access points. And the third would be coding errors. There are unintentional coding errors that cause a system to crash. So we have lightning in a data center. We have software on endpoints that are taking out access. And we have unintentional coding error. Let's take the three in turn. Lightning, we've said earlier, is not a security issue. So I want to make sure you have that in your mind. When there's something that's non-malicious, non-intentional, it takes out a data center, a problem, but we don't consider that denial of service. The third one that we said were unintentional software. Again, if it's unintentional, it's not a security issue. Security implies intentional, deliberate, malicious. So obviously, the middle case is the one that we would consider to be a denial-of-service attack. That's where endpoints are taking out an access point, taking out Wi-Fi, flooding it, making it unavailable for authorized users. So you can see, in those three cases, whenever you see something that looks unintentional, unavoidable, nothing malicious, not security. But in the case where it's malicious, there is. So keep in mind also that idea of amplification and reflection because we're going to come back to that. And as we get into some of the more technical discussions around denial of service, you'll see that those are fundamental properties, so thanks.
