...NMCI 0 Best Practices for Internal DDoS Attacks Best Practices for Internal DDoS Attacks 2013 Best Practices for DDoS Attack 1 What is a DDoS? A Distributed Denial of Service, DDoS, is an attack which is implemented to take down a server and make it unavailable to legitimate users. This attack can be very costly as it suspends services and causes a break in connection to the internet. The reason this attack is called ‘Distributed’ is because there is a large number of computers that are used to overwhelm the web servers. These computers are called bots or slaves. They are controlled by one computer, which is called the master or handler. The master sends a command to the bots to that will cause an attack. In this case, the master sent a command to flood the web server with fake traffic, which will cause the server to become unreachable. Most of the time, the attack comes from an external source. The attack on the university’s web server originated within the schools network. There was a password sniffer used to capture an Administrator password. The password allowed the attacker to have elevated privileges. This allowed for the bots to be controlled and the attacker to do whatever he or she wanted to do. In this case, the attacker chose to bring down the registration system. Best Practices to Practices to Prevent Internal DDoS There are several measures that can be taken to prevent DDoS. This Guide will focus on steps to prevent these attacks from originating...
Words: 665 - Pages: 3
...Hacking Countermeasures & Techniques Distributed Denial of Service (DDoS) Best Practices Guide to Counter DDoS attacks: This Guide will cover Best Practices to counter DDoS attacks like the attack on the Universities Registration System Server (RSS) by infected computers (Bots). The attack by rogue software installed on computers located in University Computer Labs resulted in the shutting down web access to the RSS system. Coordinated by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. This prevented students from accessing the Web site/server for legitimate traffic during the attack. (Schifreen, R. (2006)) This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. (Specht, S. M., & Lee, R. B. (2004)) These best practices would help prevent and/or reduce the effects of such attacks. Industry best practices to counter DDoS attacks start with documentation that addresses procedures to be followed before, during, and after an attack. (Schifreen, R. (2006)) The establishment of a Security Incident Response Team (SIPT) trained to react to incidents reduces damage and duration of outages. Best practices include; training, network configuration, patch management, access control lists, encryption, intrusion detection, intrusion prevention, and traffic shaping. (Cunningham, B, Dykstra, T, Fuller, E, Gatford, C, Gold, A, Hoagberg, M, Hubbard, A, Little, C, Manzuik, S,...
Words: 1240 - Pages: 5
...Joseph W Costa LOT2 Task 2 5/24/2013 Best Practices in Prevention of DoS/DDoS Attacks This guide is meant to describe best practices for the detection and prevention of denial of service attacks, such as the event that recently occurred at the university. It was determined that based on current security guidelines and current controls in place, the university was still severely vulnerable from an internal aspect and all identified gaps need to be addressed and resolved. Each control described below will provide a more in depth look at the overall strategy of how a network should be protected but still allow for the functionality that is required to maintain normal operations. Know the Signs of an Attack An essential part of network security is knowing what the characteristics of an attack are, so they can be countered or prevented. When the university suffered an overwhelming internal DDoS attack, it required administrators to reevaluate its security guidelines based on what was known about the attack. As seen at the time of attack, certain characteristics were: Network performance unusually slow Website was unavailable for at least 24 hours Thousands of bogus HTTP packets sent to internal web server Taking these factors into account, it can be safe to say it was an actual attack rather than just legitimate network usage. Now that it is known what such an event would look like, identifying similar attacks in the future will be much easier and may allow...
Words: 1264 - Pages: 6
...RLOT Task 2 With the availability of open source tools and resources to cybercriminals, it has become extremely difficult to combat distributed denial of service (DDoS) attacks. Typically DDoS attacks occur at the network layer by SYN flooding, ICMP flooding, and UDP flooding. Some times DDoS attacks fail at the network layer when this happens cybercriminals shift to application layer attacks. Application attacks occur by sending an overwhelming number of HTTP GET requests (HTTP flooding) or running a massive number of queries through the victim’s database query or search engine. This guide will address the information technology (IT) industry’s best practices to counter denial of service (DoS) and DDoS attacks. These countermeasures are patch management program, antivirus software, and host-based intrusion prevention systems. Patch Management Program One important aspect of security is patch management. Patching is software code that a vendor distributes to fix functionality problems or vulnerabilities for applications and network devices. Without a patch management program hackers could exploit vulnerabilities to gain access into the university’s information system, elevate privileges, and steal data. The amount of patches released can be overwhelming to the university’s network technicians. The patch management program will ensure that security risks are reduced to an acceptable level and reduce manpower requirements. The university will use an automated patch management...
Words: 979 - Pages: 4
... Professor Sandra Kirkland SE572 July 14th, 2011 Table of Contents Introduction 1 Steps 1 Denial-of-Service attacks (DoS) 1 Distributed Denial-of-Service attacks (DDoS) 1 Masquerading and IP Spoofing attacks 2 Smurf attacks 2 Land .c attacks 2 Man-in-the-Middle attacks 3 Conclusion 3 References 4 Introduction Our company faces the largest information security threat and we need to take steps to mitigate the risks associated with each one of them. Steps Denial-of-Service attacks (DoS) We will analyze the attack as best as we can and implement the correct defense. We will ask ourselves if there are any common packet signatures that are easy to filter against. We will ask ourselves if all attackers hitting a single target if they can be sacrificed. We will also need to find out as to which network the attack is coming from, and if we can verify it (remember that spoofed packets can come from anywhere, including our own network). Once we’ve found a reasonable match for the attack, pass the filters to our upstream provider(s) and seek their help getting them propagated outwards. We will need to make sure we filter or redirect traffic with a minimum amount of actual downtime (Kaeo, 2004). Distributed Denial-of-Service attacks (DDoS) CluB: a Cluster-Based architecture is the method we will use to prevent DDoS attacks proactively. In CluB, the network consists of a set of clusters —in the Internet, these can be e.g. Autonomous Systems (AS)...
Words: 789 - Pages: 4
...Best Practices Guide for DoS/DDoS Prevention In this document are guidelines that can be implemented in order to prevent future Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks on the university. No one individual practice, contained in this guide, will act as a perfect form of prevention, but will instead act as an additional layer of security. By combining these practices, the chances of another DoS/DDoS attack succeeding will be greatly diminished. Acceptable Use Policies Acceptable Use policies define the types of actions that are allowed to be performed on systems and the network. These policies also define the actions that are to be taken if the policy is violated. For the university, a policy may be created which states that can only use the computers for functions related to the school. This usage could be limited to homework and research, for example. If the computer is used for anything else, penalties could range from temporary suspension of computer privilege to expulsion, depending on the number and/or severity of the offenses. This policy would have to be made publically available. This could be done in a number of ways, including, but not limited to, posting it in the computer labs, adding the acceptance of it to the login process, and redirecting the user to it if the user attempts to install software or access a prohibited folder. Incident Response Procedures Incident Response procedures define the steps to take if any incident...
Words: 1120 - Pages: 5
...Analysis The iPremier Company (A): Denial of service Attack Case 2—2 MIS 606- Management Information Systems 4 December 2012 Summary of the problem The case presents a specific problem that has taken place in iPremier, a Seattle based company that was founded in 1996 by two students from Swathmore College and had become one of a few success web-based commerce, selling luxury, rare, and vintage goods over the Internet. It was exactly on January 12, 2007, when iPremier Web servers were brought to a standstill. The Web site of the company was locked up; neither employees nor customers can access the site due to a distrusted denial-of-service (DDoS) hacker attack. At that time, the company CIO, Bob Turley, who was recently hired, was out of the town on a mission, and that made the situation even worse. The problem was soon spread reaching the CEO! The shocking finding was the outdated emergency procedures. Eventually after 75 minutes the problem was solved and the main champion in my opinion was luck! Unstructured actions were taken to overcome this attack. The corrective action was taken but still iPremier will need to come up with preventive action for similar situations because this might threaten its existence. The technology The case discussed different technologies: distributed denial of service (DDoS) attack, firewall, and information security mainly in case of crisis. DDoS is a type of web attack that seeks to disrupt the normal function of the targeted...
Words: 1713 - Pages: 7
...is in Cleveland, Ohio; and as drivers of its 800 road tractors. (University of Phoenix, 2005) Team A has been consulted to create an enterprise security plan that will identify the information security challenges within Huffman trucking company network and establish mitigation plans to offset those challenges. The enterprise security plan will address some of the top vulnerabilities and risks that Huffman trucking company has the potential of experiencing. The plan will also include a list of physical and logical vulnerabilities within the company, and a specific list of remediation or mitigation steps for those vulnerabilities or threat pairs. “Enterprise security planning (ESP) is the aligning of information security policies and practices and applicable security technologies with the business rules and the evolving information models and technical architectures being used by a government or business”. (Erutal, L., Braithwaite, T., Bellman, B., 2012 pg. 144) As we started our examination of Huffman trucking vulnerabilities and risk, we took a strategic look at their assets and the possible vulnerabilities that could have an effect on those assets. In any company it is imperative that a clear understanding be arrived on the company’s primary assets, the vulnerabilities against those assets and what impact it would have on the company if those vulnerabilities were executed. Huffman has approximately 1400 employees that use email as the primary means of communications. It...
Words: 1665 - Pages: 7
...CHAPTER 1 Vulnerabilities, Threats, and Attacks Upon completion of this chapter, you should be able to answer the following questions: ■ ■ What are the basics concepts of network security? What are some common network security vulnerabilities and threats? ■ ■ What are security attacks? What is the process of vulnerability analysis? Key Terms This chapter uses the following key terms. You can find the definitions in the glossary at the end of the book. Unstructured threats Structured threats External threats Internal threats Hacker Cracker Phreaker Spammer Phisher page 21 page 21 page 21 page 21 page 21 page 20 page 20 page 20 page 21 White hat Black hat page 21 page 21 page 28 page 28 Dictionary cracking Brute-force computation Trust exploitation Port redirection page 28 page 29 page 30 Man-in-the-middle attack Social engineering Phishing page 30 page 30 2 Network Security 1 and 2 Companion Guide The Internet continues to grow exponentially. Personal, government, and business applications continue to multiply on the Internet, with immediate benefits to end users. However, these network-based applications and services can pose security risks to individuals and to the information resources of companies and governments. Information is an asset that must be protected. Without adequate network security, many individuals, businesses, and governments risk losing that asset. Network security is the process by which digital information assets...
Words: 13317 - Pages: 54
...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...
Words: 6103 - Pages: 25
...Contents 1. Introduction 2. Assessment Test 3. Chapter 1: Getting Started with Ethical Hacking 1. Hacking: A Short History 2. What Is an Ethical Hacker? 3. Summary 4. Exam Essentials 5. Review Questions 4. Chapter 2: System Fundamentals 1. Exploring Network Topologies 2. Working with the Open Systems Interconnection Model 3. Dissecting the TCP/IP Suite 4. IP Subnetting 5. Hexadecimal vs. Binary 6. Exploring TCP/IP Ports 7. Understanding Network Devices 8. Working with MAC Addresses 9. Intrusion Prevention and Intrusion Detection Systems 10. Network Security 11. Knowing Operating Systems 12. Backups and Archiving 13. Summary 14. Exam Essentials 15. Review Questions 5. Chapter 3: Cryptography 2 1. Cryptography: Early Applications and Examples 2. Cryptography in Action 3. Understanding Hashing 4. Issues with Cryptography 5. Applications of Cryptography 6. Summary 7. Exam Essentials 8. Review Questions 6. Chapter 4: Footprinting and Reconnaissance 1. Understanding the Steps of Ethical Hacking 2. What Is Footprinting? 3. Terminology in Footprinting 4. Threats Introduced by Footprinting 5. The Footprinting Process 6. Summary 7. Exam Essentials 8. Review Questions 7. Chapter 5: Scanning Networks 1. What Is Network Scanning? 2. Checking for Live Systems 3. Checking for Open Ports 4. Types of Scans 5. OS Fingerprinting 6. Banner Grabbing 7. Countermeasures 8. Vulnerability Scanning 9. Drawing Network Diagrams 10. Using Proxies 11. Summary 12. Exam Essentials 13. Review Questions...
Words: 71242 - Pages: 285
...Fundamentals of Networks Alhaji Mansary University of Phoenix Integrative Network Design Project Part 3 Prof, Marjorie Marque 12/12/12. Kudler Fine Foods Network: Final Introduction Kudler Fine Foods is on their way to upgrading their present network infrastructure with better wireless technology that will provide an improved communication medium both for the stores and employees. This will help maximizing the company’s profits with the aid of the new systems and servers performance. The new inventory system will let a store’s POS system to alert the warehouses that they need to ship more products already when the store is running low in stock. This will eliminate or at least make the man-hours needed in checking the stock. VoWLAN (Voice over WLAN) is the one to provide all the communications needed to be done by taking or making calls while providing the services needed by the customers by using the same medium. Other technological Advances will provide real-time network analysis and security monitoring which will bring overall benefits to the Kudler Company. Network Overview Kudler’s network infrastructure is now becoming very old. The stores are on separate networks so the bus network topology that they have does not allow effective communication already. This is a major problem because of the fact of lacking central location for network servers and backups or security set-up. This is the reason an enterprise wireless WAN is being rolled...
Words: 3022 - Pages: 13
...Sample Email to myself Special Publication 800-61 Revision 2 Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology Paul Cichonski Tom Millar Tim Grance Karen Scarfone Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology Paul Cichonski Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Tom Millar United States Computer Emergency Readiness Team National Cyber Security Division Department of Homeland Security Tim Grance Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Karen Scarfone Scarfone Cybersecurity NIST Special Publication 800-61 Revision 2 COMPUTER SECURITY August 2012 U.S. Department of Commerce Rebecca Blank, Acting Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses...
Words: 32495 - Pages: 130
...educational use done for non-profit or non-commercial purpose is granted providing that copies bear this notice and a full citation on the first page. Any other reproduction or transmission requires prior written permission. Artificial Intelligence in Cyber Defense Enn Tyugu R&D Branch Cooperative Cyber Defense Center of Excellence (CCD COE) and Estonian Academy of Sciences Tallinn, Estonia tyugu@ieee.org Abstract- The speed of processes and the amount of data to be used in defending the cyber space cannot be handled by humans without considerable automation. However, it is difficult to develop software with conventional fixed algorithms (hard-wired logic on decision making level) for effectively defending against the dynamically evolving attacks in networks. This situation can be handled by applying methods of artificial intelligence that provide flexibility and learning capability to software. This paper presents a brief survey of artificial intelligence applications in cyber defense (CD), and analyzes the prospects of enhancing the cyber defense capabilities by means of increasing the intelligence of the defense systems. After surveying the papers available about artificial intelligence applications in CD, we can conclude that useful applications already exist. They belong, first of all, to applications of artificial neural nets in perimeter defense and some other CD areas. From the other side – it has become obvious that many CD problems can be solved successfully only when methods...
Words: 4861 - Pages: 20
...chapter 2 40 Chapter 2 you. I’ve asked Charlie Moody to come in today to talk about it. He’s waiting to speak with us.” When Charlie joined the meeting Fred said, “Hello, Charlie. As you know, the Board of Directors met today. They received a report on the expenses and lost production from the worm outbreak last month, and they directed us to improve the security of our technology. Gladys says you can help me understand what we need to do about it.” “To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.” “Sounds expensive,” said Fred. Charlie looked at Gladys, then answered, “Well, there will be some extra expenses for specific controls and software tools, and we may have to slow down our product development projects a bit, but the program will be more of a change in our attitude about security than a spending spree. I don’t have accurate estimates yet, but you can be sure we’ll put cost-benefit worksheets in front of you before we spend any money.” Fred thought about this for a few seconds. “OK. What’s our next step?” Gladys answered, “First, we need to initiate a project plan to develop our new information security program. We’ll use our usual systems development and project...
Words: 24411 - Pages: 98
