Dos Attack Executive Summary
21 Nov 2011
Hacking
Defense Against Denial of Service (DoS) Attacks
P a g e | 1
B. Executive Summary: Measures to counter University Distributed
Denial of Service (DDoS) attack.
A DDoS attack against the Universities Registration System Server (RSS) by infected computers (Bots) located in the University Computer Labs (see diagram) resulted in shutting down access to the RSS system. Orchestrated and controlled by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. Doing so prevented other users from accessing the Web site/server for legitimate traffic during the attack. This is considered a Consumption of
Resources attack using up all the resources of RSS bandwidth. …show more content…
HBSS allows the management of local computer firewall configurations to identify and possibly shut down infected computers during an attack. The use of AD, SCCM, and
HBSS combine to reduce the likelihood of an attack and provide valuable information during the attack and post-attack phases.
Countermeasures to internal network DDoS attacks consist of detection, neutralization, prevention of additional attacks, deflection, and post-attack forensics. In the current network design an IDPS can alert network administrators of potential problem detection and block signature based (known) attacks to help in the mitigation process. Use of HBSS and Network IDPS allows administrators to shut down services during an attack to neutralize attacks. The capture of Traffic Patterns stored during
DDoS attacks can be used for forensic analyzes post-attack. Load Balancing increases incoming traffic levels during peak hours of operations and during DDoS attacks.
Proper configuration of load balancing of network devices, services, and servers will reduce effects of a DDoS attack. (Householder, A., Manion, A., Pesante, L., Weaver, …show more content…
Identifying Bot computers as quickly as possible and removing them from the network is an effective response to DDoS attacks. Once removed from the network the
Bot application can be removed from the computer. If removal is not possible or effective a baseline installation of the Operating System is required. With the use of In-
Depth Defense and Countermeasures DDoS damage can be significantly reduced.
Defensive steps include; user account best practices, effective application patching process, current virus definitions usage, properly configured host-based firewall rules, active network scans for anomalies by IDPS are effective tools against DDoS.
Identifying, shutting down, and preventing additional outbreaks of infected computers best practices must be documented. Education of Users and IT staff helps to reduce the root causes of DDoS attacks by reducing Bots infections. Tools such as AD, SCCM, and
IDS used properly can help detect and formulate an effect defense against these attacks.
In-Depth Defense and Countermeasures used together to formulate an effect process when dealing with DDoS attacks.
21 Nov 2011
Hacking
Defense Against Denial of Service (DoS) Attacks
P a g e |
Hacking
Defense Against Denial of Service (DoS) Attacks
P a g e | 1
B. Executive Summary: Measures to counter University Distributed
Denial of Service (DDoS) attack.
A DDoS attack against the Universities Registration System Server (RSS) by infected computers (Bots) located in the University Computer Labs (see diagram) resulted in shutting down access to the RSS system. Orchestrated and controlled by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. Doing so prevented other users from accessing the Web site/server for legitimate traffic during the attack. This is considered a Consumption of
Resources attack using up all the resources of RSS bandwidth. …show more content…
HBSS allows the management of local computer firewall configurations to identify and possibly shut down infected computers during an attack. The use of AD, SCCM, and
HBSS combine to reduce the likelihood of an attack and provide valuable information during the attack and post-attack phases.
Countermeasures to internal network DDoS attacks consist of detection, neutralization, prevention of additional attacks, deflection, and post-attack forensics. In the current network design an IDPS can alert network administrators of potential problem detection and block signature based (known) attacks to help in the mitigation process. Use of HBSS and Network IDPS allows administrators to shut down services during an attack to neutralize attacks. The capture of Traffic Patterns stored during
DDoS attacks can be used for forensic analyzes post-attack. Load Balancing increases incoming traffic levels during peak hours of operations and during DDoS attacks.
Proper configuration of load balancing of network devices, services, and servers will reduce effects of a DDoS attack. (Householder, A., Manion, A., Pesante, L., Weaver, …show more content…
Identifying Bot computers as quickly as possible and removing them from the network is an effective response to DDoS attacks. Once removed from the network the
Bot application can be removed from the computer. If removal is not possible or effective a baseline installation of the Operating System is required. With the use of In-
Depth Defense and Countermeasures DDoS damage can be significantly reduced.
Defensive steps include; user account best practices, effective application patching process, current virus definitions usage, properly configured host-based firewall rules, active network scans for anomalies by IDPS are effective tools against DDoS.
Identifying, shutting down, and preventing additional outbreaks of infected computers best practices must be documented. Education of Users and IT staff helps to reduce the root causes of DDoS attacks by reducing Bots infections. Tools such as AD, SCCM, and
IDS used properly can help detect and formulate an effect defense against these attacks.
In-Depth Defense and Countermeasures used together to formulate an effect process when dealing with DDoS attacks.
21 Nov 2011
Hacking
Defense Against Denial of Service (DoS) Attacks
P a g e |