TermPaperWarehouse.com - Free Term Papers, Essays and Research Documents

The Research Paper Factory

Free Essay

Ddos-Lot2-Task1

In:

Submitted By eme2008
Words 727
Pages 3
DDoS Attack Mitigation
Username
Online College

Distributed Denial of Service (DDoS) attacks have been causing internet disruption for years. The types and frequency has evolved over time (The Growing Threat, 2012). Originally, multiple machines would ping a machine and take up its resources. Then attackers started to use the TCP handshake as an attack medium. They would request so many connections, that there would be none left for legitimate users. Now, the DDoS attacks are hitting at the application level.
A DDoS attack at the application layer is very difficult to detect. The attack consumes less bandwidth than other DDoS attacks and the attack targets very specific protocols. Some protocols that they attack are HTTP, used for connecting to web pages, DNS, used for turning a web address to an IP address, and SMTP, used for email transfer (The Growing Threat, 2012). Since they use well known and frequently used protocols to exploit, these attacks easily bypass normal traffic inspectors. The protocols for web must be open on the firewall and IDS because if they weren’t, normal web traffic would not go through. This would make the internet useless for everyone. In order to mitigate this issue and still have connectivity, there are two things the University can do.
First, the IT staff can deploy a Host-based Intrusion Prevention System (HIPS). This will be deployed to all of the University computers and centrally managed by a server in the data center. It is able to look at traffic and use behavioral analysis to prevent attacks. It will flag traffic or system functions that are not normal. It builds a baseline by looking at normal traffic patterns and use. If the computer starts to stray from this, it will alert the administrator (Chee, 2008).
The benefits of installing a HIPS are large. This will protect the computers running on the University’s network from attacks and exploits. If the university had a HIPS solution, it could have stopped the DDoS attack that occurred, by never allowing the computers to become infected. Because it is anomaly based detection, it would have also stopped the events from occurring and alerted the administrator about the strange behavior. Also, many HIPS are a suite of protections. Most HIPS have an anti-virus, anti-spyware, and firewalls. This allows the management of these different applications to be combined into one (Chee, 2008).
The second method that the University should implement in order to prevent future layer 7 DDoS attacks is the web application firewall. This device protects web or HTTP traffic. It works very similar to the Intrusion Prevention System (IPS). It looks at web traffic that flows into and out of the university (Kostadinov, 2013).
Like the HIPS, this device determines a baseline. It then looks at any anomalies and will prevent the infected traffic from flowing. This device will detect and defend against traffic coming from the outside of the University’s network and will be set up so that traffic in the inside of the network flows through it as well (Kostadinov, 2013). This will help to prevent Layer 7 DDoS attacks in the future.
This attack caused many problems. The University lost revenue. If the students cannot register, they may go somewhere else. It also cost the University money by redirecting staff members to do registration and not their normal jobs. Also by moving staff to the registration office, they lost productivity. The students, who were not able to register, then had to come into the college and register face to face. Students waited in long lines and staff member had to be redirected to the registrar’s office to help out. This attack also made the University look bad. Students weren’t able to register and then had to sit in long lines to register. This attack tarnished the image of the University. Mitigation of Layer 7 DDoS attacks is crucial for the University in the future.
References
Chee, J. (2008, June 2). Host Intrusion Prevention Systems and Beyond. Retrieved August 5, 2014, from http://www.sans.org/reading-room/whitepapers/intrusion/host-intrusion- prevention-systems-32824
Kostadinov, D. (2013, December 4). Layer 7 DDoS Attacks: Detection and Mitigation. Retrieved August 5, 2014, from http://resources.infosecinstitute.com/layer-7-ddos- attacks-detection-mitigation/
The Growing Threat of Application-Layer DDoS Attacks. (2012). Retrieved August 5, 2014, from www.arbornetworks.com

Similar Documents

Popular Essays

Tough Money Essay
Changing Our Constitution to Protect the... Essay
Delts Essay
Being a Diplomat Essay
Hjbxjgjs Essay
Human Development Essay