Practice Exams:
Home Blog Dissecting Slow Loris and the Silent Siege of Layer 7 Attacks

Dissecting Slow Loris and the Silent Siege of Layer 7 Attacks

In the realm of cyber defense, an insidious battle unfolds at the Application Layer, commonly referred to as Layer 7. While many associate Distributed Denial of Service attacks with immense floods of traffic, it is the subtle yet pernicious Layer 7 variant that often slips under the radar. These attacks, cloaked in apparent legitimacy, challenge traditional protective mechanisms and target the very protocols that underpin digital communication.

The Open Systems Interconnection model delineates network operations into seven layers, with Layer 7 governing applications and end-user interfaces. Protocols such as HTTP, HTTPS, DNS, and SMTP reside here, and attackers exploit the logic and behavior inherent in these services. Rather than overwhelming bandwidth, Layer 7 attacks seek to consume server-side resources through meticulously crafted requests. These mimic authentic user interactions, thus eluding superficial scrutiny.

Organizations reliant on web services are particularly susceptible to these incursions. The nature of the attack makes it difficult to discern real users from malicious actors, complicating mitigation efforts. Unlike traditional volumetric assaults, Layer 7 attacks do not require colossal traffic. Instead, their efficacy stems from resource exhaustion—draining memory, CPU cycles, or connection pools.

This method of assault is subtle. It orchestrates a silent siege where each request contributes incrementally to the target’s demise. Servers configured to manage legitimate traffic suddenly falter under the weight of these protracted, incomplete communications. The elegance of such attacks lies in their minimalism—a parsimonious approach yielding maximal disruption.

In the expansive spectrum of Layer 7 tactics, one method stands out due to its deceptive simplicity and devastating effectiveness: the Slowloris attack. This vector subverts the expectations of HTTP transactions, creating a scenario where the server becomes ensnared in a waiting game. By manipulating the nature of HTTP header transmission, the attacker forces the server to keep connections alive indefinitely, resulting in eventual service paralysis.

The danger of Layer 7 attacks is not merely technical. They bear economic and reputational consequences. Downtime can alienate users, breach service-level agreements, and erode stakeholder confidence. The asymmetrical nature of these attacks—where modest resources can incapacitate robust infrastructure—makes them particularly vexing for defenders.

Traditional defense mechanisms, designed for high-throughput attacks, often falter here. Firewalls and intrusion prevention systems may fail to recognize the attack as malicious. The requests appear valid; they do not arrive in torrents but as dribbles, each one seemingly benign. Yet cumulatively, they spell disaster.

Crafting an effective defense demands an intimate understanding of the attack vector and a vigilant monitoring regime. Behavioral analytics, anomaly detection, and adaptive rate limiting become crucial in distinguishing friend from foe. Mitigating these threats is not solely a technological endeavor—it is a strategic imperative.

Cybersecurity teams must approach Layer 7 defense with a nuanced appreciation of protocol behavior. Each layer of the OSI model offers a different battleground, and the Application Layer, with its user-facing complexity, presents unique vulnerabilities. It is a domain where stealth supersedes spectacle, and where discernment, not brute force, wins the day.

As digital ecosystems evolve, so too does the sophistication of adversaries. The veil of legitimacy they employ challenges defenders to rise above conventional wisdom. Success lies in anticipation, in the ability to perceive not just the anomaly but the intent behind it. To navigate this threat landscape, one must blend vigilance with innovation.

The exploration of Layer 7 threats reveals a realm where surface appearances deceive and where unseen currents shape the digital tide. As organizations fortify their defenses, understanding the mechanisms of these attacks becomes indispensable. Only by illuminating the shadows of the Application Layer can defenders hope to safeguard the integrity of their systems.

The Slow Siege – Anatomy of the Slowloris Assault

Among the arsenal of threats that permeate the Application Layer, the Slowloris attack distinguishes itself by its methodical subtlety. It does not arrive with a cascade of data, nor does it trumpet its presence with conspicuous anomalies. Instead, it seeps quietly into server infrastructure, leveraging protocol compliance and connection logic to inflict maximum disruption with minimum noise. Understanding the anatomy of this attack requires an appreciation for both the intricacies of HTTP behavior and the architectural nuances of server connection management.

Slowloris, named with cunning aptness, epitomizes slowness as strategy. It does not aim to overwhelm by force but by attrition. Its entire premise hinges on exploiting the way web servers handle and wait for HTTP requests, transforming normal protocol behavior into an avenue for prolonged resource exhaustion.

The Engine Behind the Attack

At its core, the Slowloris methodology is disarmingly simple. The attacker initiates a multitude of HTTP connections to a target server. However, instead of completing the requests, it sends them in fractional segments—slowly and incompletely. Each connection is held open by dribbling a few bytes of header data at infrequent intervals. The server, dutifully adhering to the HTTP specification, holds the connection open, anticipating the remainder of the request.

From a server’s perspective, this is standard behavior. A connection is initiated, a partial request is received, and the server obligingly waits for the client to finish transmitting. This logic becomes the attacker’s lever. With sufficient concurrent connections—dozens or hundreds, depending on the server’s configuration—the attacker consumes the server’s capacity to accept new clients. No excessive bandwidth is used. No malformed packets are sent. Everything appears legitimate.

Deceptively Innocuous

What makes Slowloris particularly insidious is how it masquerades as normal client behavior. Traditional denial-of-service defenses, often tuned to detect volumetric spikes or anomalous protocol violations, struggle to identify Slowloris traffic as malicious. There’s no surge of data. No illegal operations. Just a slow trickle of headers, each arriving just in time to keep a connection alive.

This masquerade frustrates even sophisticated detection systems. Intrusion prevention solutions may register a prolonged connection, but in isolation, such behavior isn’t necessarily abnormal. Mobile networks, poor signal conditions, and certain browser extensions can all cause similar delays in request completion. The ambiguity favors the attacker.

Moreover, the attack does not require distributed infrastructure. Unlike many DDoS techniques that leverage botnets or global networks, Slowloris can be executed from a single device. The stealthy, lightweight nature of the payload allows a lone attacker to bring down robust servers, provided they remain unnoticed long enough to exhaust server resources.

Impact on Server Infrastructure

To understand the consequences of a successful Slowloris attack, one must appreciate how servers allocate resources. Many popular web servers, including older configurations of Apache HTTP Server, allocate memory and processing resources on a per-connection basis. Each incoming request—complete or otherwise—reserves a slot in the connection pool.

When that pool reaches its limit, no new connections can be established. This renders the server incapable of responding to genuine users. The application becomes unresponsive, not because it is overwhelmed by data, but because it has no more room to listen.

Even modern asynchronous servers, while more resilient, can still fall victim under certain misconfigurations. If timeout values are too generous or if concurrent connection thresholds are not rigorously enforced, the risk persists. Attackers only need to maintain their slow trickle long enough for the cumulative weight of connections to paralyze the service.

The Ideal Targets

While Slowloris can be attempted against nearly any server that processes HTTP requests, its efficacy is amplified against systems with synchronous architectures. Apache, for instance, traditionally spawns a separate process or thread for each request. This model, while straightforward and effective under normal conditions, becomes brittle when faced with an opponent like Slowloris.

Each thread consumes memory and, depending on configuration, may also tie up CPU cycles. A relatively small number of half-open connections can monopolize a disproportionate share of resources. IIS, in certain legacy configurations, is similarly vulnerable, though newer versions have introduced more robust handling mechanisms.

Servers embedded in IoT devices or thinly provisioned environments are also susceptible. Their limited memory and weaker CPUs offer a smaller window for detection and response. Once connections are saturated, recovery can require a full restart or manual intervention.

Strategic Dimensions of Exploitation

One of the most troubling aspects of Slowloris is how easily it can be repurposed or combined with other threats. For instance, it can serve as a diversionary tactic, masking reconnaissance or intrusion attempts occurring elsewhere in the network. By monopolizing a server’s processing capacity, it diminishes the effectiveness of monitoring and response systems.

Alternatively, it can be integrated into a broader campaign of attrition. Used over long durations in low volumes, it can wear down service availability intermittently, creating user frustration and undermining trust. This makes it particularly attractive in politically motivated or ideologically driven attacks, where visibility and reputational damage outweigh financial gain.

Slowloris also adapts well to automation. With the right scripting, attackers can vary the timing and content of their requests to evade heuristic detection. Delays between header transmissions can be randomized. Source ports and user-agent strings can be rotated. These adjustments, trivial for an attacker, complicate efforts to fingerprint the traffic as malicious.

Defensive Engineering and Mitigation

Protecting against Slowloris requires thoughtful, multi-layered countermeasures. There is no singular fix, but a suite of strategic adjustments that, when implemented together, create a hardened defense posture.

The most direct mitigation involves tuning the server’s timeout and connection parameters. By reducing the duration a server will wait for complete HTTP headers, the attack window narrows. For instance, setting a conservative RequestReadTimeout ensures that partial requests are closed if they are not completed within a reasonable timeframe. Similarly, imposing a maximum number of concurrent connections per IP address limits the ability of a single machine to consume all available slots.

Application layer firewalls, particularly those with behavior analysis capabilities, can further strengthen defense. Unlike traditional packet filters, these tools inspect HTTP behavior over time, identifying patterns that suggest an intent to hold connections open indefinitely. Some WAFs are now equipped with rate-limiting policies that measure not just the volume of requests, but the pace and completeness of each.

Introducing a reverse proxy into the network topology can also alleviate pressure on backend systems. These proxies act as intermediaries, terminating client connections and forwarding only legitimate, fully-formed requests to the application server. In doing so, they absorb the impact of slow connections, acting as a buffer that filters out problematic traffic before it reaches its target.

Load balancers serve a similar purpose, especially in horizontally scaled architectures. By distributing connections across multiple servers, they reduce the likelihood that any single instance becomes overwhelmed. Some load balancers even incorporate intelligent routing logic that deprioritizes or discards connections exhibiting suspiciously slow behavior.

Monitoring also plays a critical role. While Slowloris is subtle, its presence does leave artifacts. Anomalously long-lived connections, a high volume of open sockets from a single IP, or a sudden increase in server thread usage can all signal its presence. Real-time dashboards, coupled with alerting systems, allow security teams to respond quickly before full service degradation occurs.

The Importance of Protocol Awareness

Perhaps the most enduring lesson from Slowloris is the importance of understanding protocol behavior—not just in theory, but in the peculiarities of its real-world implementation. Attacks like Slowloris do not invent new flaws; they reinterpret expected behavior in malevolent ways. They underscore the need for developers, administrators, and security professionals to grasp not only the syntax of the protocols they use, but also their semantic vulnerabilities.

This level of understanding often falls outside traditional perimeter defenses. It requires cross-disciplinary knowledge—blending insights from networking, software development, and system architecture. In many cases, defending against application-layer attacks means revisiting assumptions baked into configuration files, examining overlooked defaults, and reevaluating what constitutes normal behavior.

An Ongoing Challenge

While newer web server platforms have taken strides toward addressing Slowloris-like vulnerabilities, the attack’s core principles remain relevant. Any system that permits prolonged connection holding, lacks rigorous timeouts, or delegates too many resources to idle sessions remains a target. The adaptability and subtlety of the Slowloris attack ensure its place in the attacker’s repertoire, even as countermeasures evolve.

In the modern threat landscape, where visibility is clouded and signal is often lost amid noise, the ability to recognize and thwart low-and-slow threats like Slowloris is a critical skill. It requires vigilance, nuance, and a deep respect for the machinery beneath the interface.

Slowloris reminds us that some of the most dangerous attacks do not rush the gates—they linger at them, quietly and deliberately, until access is granted not by force, but by misjudgment.

Strategic Fortification – Defending Against Slowloris and Layer 7 DDoS Tactics

The evolution of cyber threats has transformed the role of defensive security from passive vigilance to active resistance. Among the pantheon of challenges faced by modern digital infrastructure, Layer 7 DDoS attacks stand out as uniquely subversive. These attacks operate not through volume but through subtlety, capitalizing on how application-layer protocols handle sessions, requests, and state persistence. Among the most enigmatic of these is the Slowloris attack—an exemplar of minimalism in cyber aggression. To resist it is not simply a matter of fortifying bandwidth or increasing hardware. It requires insight into behavior, protocol nuance, and the architecture of interaction.

Defending against Slowloris and its kin requires a multilayered approach that encompasses server configuration, traffic analysis, anomaly detection, and the strategic placement of intelligent intermediary systems. These defenses must anticipate not brute force, but manipulation—a deliberate skewing of system expectations through artificially incomplete behavior.

Architecting the First Line of Defense: Connection Handling

At the foundation of any Slowloris defense is the web server’s connection policy. The entire mechanics of Slowloris revolve around how servers handle open connections that never quite resolve. Servers that are configured with permissive timeout intervals and unrestricted concurrent sessions become unwitting accomplices in their own demise. Therefore, a rational timeout policy is critical.

By adjusting the maximum duration a server will wait for an HTTP header to fully arrive, the system disarms the attacker’s primary technique—leaving partial headers hanging indefinitely. Tuning parameters such as RequestReadTimeout, KeepAliveTimeout, or client_header_timeout (depending on the server) to accept only fully formed requests within a reasonable time window can drastically reduce exposure.

Likewise, constraining the number of connections permitted from a single IP address acts as a brake on connection pool exhaustion. Since Slowloris typically uses multiple open connections from one origin, limiting concurrent sessions from each client restricts the scale of the attack.

The Power of Proxies: Intermediaries with Intelligence

Defensive architectures become exponentially stronger with the deployment of reverse proxies. These systems sit in front of application servers and filter incoming requests before passing them onward. Their role in combating Layer 7 attacks is profound. By terminating HTTP connections at the edge, reverse proxies insulate backend systems from malicious traffic. More importantly, they offer an ideal venue for implementing connection thresholds, request pattern recognition, and rate limiting.

Load balancers also contribute to resilience, though in a different way. Rather than filtering malicious requests directly, they diffuse the incoming traffic across multiple servers, reducing the likelihood that any one node will become overwhelmed. When deployed with intelligent health-check mechanisms, load balancers can detect struggling backend systems and dynamically redirect traffic, maintaining service continuity even in the midst of partial resource exhaustion.

In this model, proxies and balancers do more than distribute load—they regulate tempo. Slowloris thrives on dragging the server’s rhythm to a crawl; proxies and balancers return control to the defenders.

Web Application Firewalls: Precision in Pattern Recognition

Traditional firewalls, while effective against network-layer attacks, are largely blind to the tactics employed at the application layer. That is where Web Application Firewalls (WAFs) emerge as indispensable. A WAF inspects HTTP traffic in granular detail, detecting anomalies that deviate from normal usage patterns.

Against Slowloris, a WAF may detect excessively delayed or fragmented HTTP headers, repeated initiation of incomplete requests, or traffic patterns marked by low bandwidth but high connection persistence. Such behaviors trigger threshold-based defenses or behavioral mitigation routines.

However, to be truly effective, WAFs must be calibrated with more than static rules. They should incorporate machine learning capabilities that enable adaptive recognition. A threat like Slowloris is successful not because it overwhelms, but because it mimics legitimate behavior just well enough to slip through static filters. Dynamic behavioral profiling helps unmask these deceptions.

Monitoring and Telemetry: Detecting the Subtle Signals

Unlike the overt floods of volumetric attacks, Slowloris produces minimal noise. Detection requires tools that monitor the low hum of background activity with surgical attention. High connection counts with low data throughput, a prevalence of half-open sessions, and extended connection durations with minimal payload are among the few signs this attack leaves behind.

Security Information and Event Management (SIEM) systems, when integrated with server logs and traffic analytics, can identify these anomalies. They offer temporal and spatial context—trends over time and patterns across origin IPs. This telemetry becomes a powerful signal for early detection.

Moreover, application-layer observability must not be confined to metrics alone. Logs detailing request headers, connection handshake delays, and header parsing times contribute to a rich understanding of user behavior and potential manipulation.

Administrators should pay particular attention to metrics such as:

  • Average header completion time per request

  • Ratio of fully completed to half-open connections

  • Peak concurrent sessions per IP

When these numbers diverge from baseline norms, an incursion may be underway—albeit a quiet one.

Resilience Through Redundancy: Preparing for Impact

No defense is impenetrable, and even the most fortified systems may eventually face periods of degradation. Resilience, therefore, becomes a critical design principle. It is not enough to prevent attacks; systems must recover from them rapidly and without data compromise.

Deploying redundant server clusters ensures that the failure of one node does not propagate system-wide. Horizontal scaling architectures, particularly those leveraging containerized environments, allow for rapid instantiation of new application instances under strain. In such models, ephemeral infrastructure resists the persistence of connection-hogging attacks.

Likewise, leveraging content delivery networks (CDNs) provides a layer of geographical and structural dispersion. Even if one node is affected, others can serve user requests, keeping latency low and uptime high.

Behavioral Modeling: The Rise of Adaptive Defense

The future of defense lies in systems that evolve in real time. Behavioral modeling, powered by artificial intelligence, represents a frontier in cyber defense. Instead of filtering based on signatures, adaptive systems learn what “normal” traffic looks like and flag deviations for further scrutiny.

Against Layer 7 threats, this is a game-changer. Slowloris, session splicing, and desynchronization all rely on subverting expected behaviors. When the expected becomes the standard, and deviation is detectable, these attacks lose much of their camouflage.

Behavioral engines can also suggest countermeasures, automatically altering timeout values, blacklisting IPs exhibiting suspicious patterns, and rerouting questionable traffic to honeypots for further analysis.

The Human Factor: Skill, Awareness, and Operational Maturity

Technology is only one piece of the defense puzzle. Operational awareness, training, and readiness play equally vital roles. Administrators must understand not only the configuration settings of their web servers but also the philosophical reasoning behind them. Security teams must be fluent in the language of traffic behavior and capable of correlating technical anomalies with broader strategic objectives.

Incident response protocols must be rehearsed. When a Slowloris-style attack begins, knowing where to look—connection logs, session management tools, firewall telemetry—can reduce response time dramatically. Cross-functional drills between network, application, and security teams foster agility and shared understanding.

Moreover, the development team must be included in the conversation. Code that exacerbates session persistence or maintains unnecessarily long HTTP connections should be identified and refactored. Defensive posture begins not with perimeter controls, but with the application logic itself.

Configuration as Policy: Codifying Defense

The notion that server configuration is merely a matter of performance must be reevaluated. Configuration is policy. It reflects choices about what kind of traffic is acceptable, how long a system will tolerate incomplete requests, and under what circumstances connections should be terminated.

Such policies should be defined, reviewed, and audited like any other critical security artifact. Configuration drift, where settings become inconsistent across environments or deviate from intended standards, is a silent enabler of vulnerability.

Infrastructure-as-code tools offer a remedy. By codifying server behavior in version-controlled templates, organizations can ensure consistency and enforce hardened baselines across all systems. This not only strengthens defense but also facilitates rapid restoration in the event of compromise.

Layer 7 DDoS attacks demand an uncommon discipline from defenders. They require not only tools but interpretive acuity—an ability to discern threat not in the overt roar of traffic, but in its whispering corners. Slowloris and its derivatives do not announce themselves; they insinuate. They blur the lines between normal and malicious until that line is almost imperceptible.

Yet with the right architecture, vigilant monitoring, intelligent systems, and skilled hands, even the most elusive threats can be exposed and neutralized. In this battle, the victor is not the one with the strongest firewall, but the one who understands the silent logic of Layer 7, and reshapes the digital terrain so that ambiguity becomes impossible to weaponize.

Parallel Threats – Beyond Slowloris in Layer 7 DDoS Landscape

While Slowloris epitomizes the subtlety of Layer 7 DDoS attacks, it is not the only technique lurking beneath the surface of application-layer vulnerabilities. The Application Layer is a fertile terrain for adversaries who understand its inner workings. Beyond Slowloris, there exist equally insidious methods that disrupt services through psychological sleight, systemic ambiguity, and protocol exploitation.

Session splicing, for example, exemplifies a form of clandestine operation. This method involves segmenting legitimate HTTP requests into multiple fragments and distributing them over time or across various packets. Rather than exploiting resources outright, the objective is to evade detection mechanisms. Intrusion detection systems may struggle to reassemble the disjointed packets into coherent requests, allowing malicious payloads to pass undetected. It is not merely an evasion tactic—it is an assertion of dominance through obfuscation.

Though session splicing is not strictly a denial-of-service tactic, its impact is compounded when layered with other threats. By confusing security systems, it can serve as a precursor to more direct application-layer attacks. An attacker might employ splicing to sidestep initial defenses before deploying resource-intensive payloads that emulate the strategy of Slowloris.

Another form of assault, often underestimated in its gravity, is phlashing. Unlike conventional DDoS attacks that seek temporary disruption, phlashing endeavors to render hardware inoperable. Through maliciously crafted requests, attackers can induce firmware corruption or force network devices into a non-functional state. Routers, switches, and firewalls become inert—not just under duress but rendered lifeless until manually restored or replaced. This permanent denial of service redefines the scope of what an attack can achieve.

The implications of flashing stretch beyond inconvenience. It demands physical intervention, induces financial loss, and leaves systems exposed during recovery windows. Unlike the ephemeral nature of Slowloris or session splicing, phlashing’s legacy is corporeal—its consequences are measured not in seconds of downtime but in hours or days of infrastructure unavailability.

Desynchronization, also referred to in some circles as HTTP request smuggling, is a study in deception. This attack targets the discord between how different systems interpret HTTP message boundaries. When an intermediary (like a proxy or load balancer) and an origin server parse the same message differently, a window opens for attackers to inject rogue requests. These malformed requests are often cloaked within legitimate traffic, slipping past WAFs and content filters.

The elegance of desynchronization lies in its exploitation of ambiguity. HTTP, while robust, is not immune to discrepancies in implementation. Differing assumptions about line terminations, headers, or delimiters can yield parsing gaps. Within those gaps, attackers operate freely. The result may not be immediate denial of service, but instead a series of misrouted or unauthorized requests that degrade service integrity and data confidentiality.

Though distinct in methodology, these attack types share a common theme with Slowloris: they thrive in ambiguity and manipulate the expected behavior of protocols. They do not batter the gates—they whisper at them until they open. They require an adversary who understands not just systems, but the very grammar of the digital world.

Defending against such nuanced threats necessitates a shift in perspective. It is no longer sufficient to guard against the obvious. Security must be rooted in precision and anticipation. Protocol compliance checks, deep packet inspection, and context-aware firewalls are essential. Moreover, cross-layer correlation of events—connecting anomalies in packet behavior with application responses—can illuminate these otherwise shadowed incursions.

Security teams must adopt a mindset akin to linguists decoding a foreign dialect. Each malformed request, each split packet, each parsing discrepancy must be scrutinized not as an error, but as potential evidence of intent. Defense is no longer about brute strength—it is about understanding the adversary’s lexicon.

Simultaneously, systems should be designed to reduce interpretive ambiguity. Standardizing protocol implementations across servers, proxies, and security appliances eliminates parsing disparities. Firmware should be validated and updated regularly to prevent exploitation through phlashing. Detection systems must evolve from rule-based models to behavior-driven frameworks.

Education, too, plays a pivotal role. Cybersecurity professionals must stay attuned to the subtleties of Layer 7. Understanding the spectrum of threats, from the slow bleed of Slowloris to the surgical strikes of request smuggling, requires continuous learning. Simulation environments, threat emulation, and shared incident analyses build institutional memory and agility.

Furthermore, response protocols must be tailored to reflect the persistent, low-signature nature of these attacks. Recovery from phlashing may necessitate hardware redundancy and rapid replacement logistics. Detection of desynchronization may depend on integrating telemetry from multiple vantage points. Session splicing may be mitigated only through temporal analysis of fragmented traffic flows.

Conclusion

Ultimately, these threats reveal the complexity and fragility of the systems we depend upon. They highlight the fact that modern applications are not isolated entities, but intricate symphonies of components, each interpreting the score slightly differently. Adversaries know this. They compose their attacks as dissonance, disrupting the harmony with meticulously placed notes of malice.

To defend against such attacks is to learn that silence, fragmentation, and subtle misalignment can be more devastating than any flood of data. As our digital presence deepens, our understanding must also grow—not just in breadth but in nuance. The Application Layer, elegant and treacherous, demands nothing less. With this knowledge, defenders are no longer reacting to shadows—they are learning to see in the dark.

 

Related posts:

  1. A Deep Dive into the CCSP Exam Overhaul
  2. CCSP Domain 2 Decoded: Data Privacy, Control, and Security in the Cloud
  3. Confidently Passing the CKA with Effective Preparation
  4. Forging Cyber Talent: Microsoft’s Comprehensive Security Learning Path
  5. From Waste to Worth: AWS Tools That Drive Cost-Effective Cloud Usage
  6. Inside the SOC: A Deep Dive into the Analyst’s World
  7. Mastering SC-900: A Tactical Prep Guide for Success
  8. Steps to Build Confidence for the CPENT Exam
  9. The Backbone of Digital Progress: Careers in Networking
  10. The Evolution of Skill in the Realm of IT