Free Essay

Hacking Countermeasures & Tech., Lot2-Task1

In:

Submitted By papichulo
Words 1397
Pages 6
21 Nov 2011

Defense Against Denial of Service (DoS) Attacks
A. University Network Diagram illustrates nature of DDoS attack in Red

Hacking

POWER 10 11

Cisco 2517

RS232
NMS IN BAND RESET

Speed

1

3

5

7

9

11

Link/Act

Speed

13

15

17

19

21

23

Link/Act

Speed

25

27

29

31

33

35

Link/Act

Speed

37

39

41

43

45

47

In Use Link/Act

Link/Act

In Use

Link/Act

Console 47

45

Pwr

Status

Up

RPSU Base

Down

Speed

2

4

6

8

10

12

Link/Act

Speed

14

16

18

20

22

24

Link/Act

Speed

26

28

30

32

34

36

Link/Act

Speed

38

40

42

44

46

48

Link/Act

46

48

BayStack 5 520-48T-PW R

Speed

1

3

5

7

9

11

Link/Act

Speed

13

15

17

19

21

23

Link/Act

Speed

25

27

29

31

33

35

Link/Act

Speed

37

39

41

43

45

47

In Use Link/Act

Link/Act

In Use

Link/Act

Console

45

47

Pwr

Status

Up

RPSU Base

Down

Speed

2

4

6

8

10

12

Link/Act

Speed

14

16

18

20

22

24

Link/Act

Speed

26

28

30

32

34

36

Link/Act

Speed

38

40

42

44

46

48

Link/Act

46

48

BayStack 5 520-48T-PW R

12

1

2

3

4

5

6

7

8

9

Speed

1

3

5

7

9

11

Link/Act

Speed

13

15

17

19

21

23

Link/Act

Speed

25

27

29

31

33

35

Link/Act

Speed

37

39

41

43

45

47

In Use Link/Act

Link/Act

In Use

Link/Act

Console 47
Speed

45

1

3

5

7

9

11

Link/Act

Speed

13

15

17

19

21

23

Link/Act

Speed

25

27

29

31

33

35

Link/Act

Speed

37

39

41

43

45

47

In Use Link/Act

Link/Act

In Use

Link/Act

Console 47

45

Pwr Pwr Status Up

Status

Up

RPSU Base RPSU Base Down

Down

Speed

2

4

6

8

10

12

Link/Act

Speed

14

16

18

20

22

24

Link/Act

Speed

26

28

30

32

34

36

Link/Act

Speed

38

40

42

44

46

48

Link/Act

46

48

Speed

BayStack 5 520-48T-PW R

2

4

6

8

10

12

Link/Act

Speed

14

16

18

20

22

24

Link/Act

Speed

26

28

30

32

34

36

Link/Act

Speed

38

40

42

44

46

48

Link/Act

46

48

BayStack 5 520-48T-PW R

P a g e | 1 By Thomas A. Groshong Sr LOT2_Task1.docx

21 Nov 2011

Defense Against Denial of Service (DoS) Attacks
B. Executive Summary: Measures to counter University Distributed Denial of Service (DDoS) attack.
A DDoS attack against the Universities Registration System Server (RSS) by infected computers (Bots) located in the University Computer Labs (see diagram) resulted in shutting down access to the RSS system. Orchestrated and controlled by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. Doing so prevented other users from accessing the Web site/server for legitimate traffic during the attack. This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. This summary will address measure to counter this type of DoS attack. (Specht, S. M., & Lee, R. B. (2004)) Measures to counter a DoS attack can be broken down into two types; In-Depth Defense and Countermeasures. Devices such as Routers and Proxy Firewalls are designed to protect against attacks from outside not inside the protective boundaries of the University’s network. The use of up-to-date antivirus software on all network computers, an Intrusion Detection and Prevention System (IDPS) to monitor network traffic, and a host-based IDPS (local computer firewall) are recommended. Training of computer users and Information Technology (IT) personnel that manage computer services on the University network is critical to counter such attacks. Disaster Recovery procedures and/or Checklists need to be created and followed by IT staff during the attack phase. Using the concept of In-Depth Defense includes the following; Principle of Least Privilege, Bandwidth Limitation, and Effective Patch Management (EPM). To reduce risk of attack the use of Microsoft’s Active Directory (AD) Rights Management (RM) to assign users the least amount of privileges necessary to operate on the network. This would prevent rogue (Virus or Trojan) software installations that could lead to Bot compromises and DDoS attacks. Limiting the bandwidth or setting bandwidth caps could help to reduce the effects of DDoS attacks by reducing the amount of data any single computer can use. Much like how Internet Service Providers (ISPs) limit the amount of traffic by any one customer to access the Internet. The use of automated patch management, Microsoft’s System Center Configuration Manager (SCCM) to keep computers properly updated and patched is essential. EPM reduces the risk of attacks by reducing the vulnerabilities due to know weaknesses in applications and Operating Systems (OSs). A centrally managed Host Based IDPS or Host Based Security System
P a g e | 2 By Thomas A. Groshong Sr LOT2_Task1.docx

Hacking

21 Nov 2011

Defense Against Denial of Service (DoS) Attacks
(HBSS) to audit and report on computer systems helps defend against known attacks. HBSS allows the management of local computer firewall configurations to identify and possibly shut down infected computers during an attack. The use of AD, SCCM, and HBSS combine to reduce the likelihood of an attack and provide valuable information during the attack and post-attack phases. Countermeasures to internal network DDoS attacks consist of detection, neutralization, prevention of additional attacks, deflection, and post-attack forensics. In the current network design an IDPS can alert network administrators of potential problem detection and block signature based (known) attacks to help in the mitigation process. Use of HBSS and Network IDPS allows administrators to shut down services during an attack to neutralize attacks. The capture of Traffic Patterns stored during DDoS attacks can be used for forensic analyzes post-attack. Load Balancing increases incoming traffic levels during peak hours of operations and during DDoS attacks. Proper configuration of load balancing of network devices, services, and servers will reduce effects of a DDoS attack. (Householder, A., Manion, A., Pesante, L., Weaver, G., & Thomas, R. (2001)) Documentation of these processes provides effective lessons learned and should be the basis of future response procedures. Identifying Bot computers as quickly as possible and removing them from the network is an effective response to DDoS attacks. Once removed from the network the Bot application can be removed from the computer. If removal is not possible or effective a baseline installation of the Operating System is required. With the use of InDepth Defense and Countermeasures DDoS damage can be significantly reduced. Defensive steps include; user account best practices, effective application patching process, current virus definitions usage, properly configured host-based firewall rules, active network scans for anomalies by IDPS are effective tools against DDoS. Identifying, shutting down, and preventing additional outbreaks of infected computers best practices must be documented. Education of Users and IT staff helps to reduce the root causes of DDoS attacks by reducing Bots infections. Tools such as AD, SCCM, and IDS used properly can help detect and formulate an effect defense against these attacks. In-Depth Defense and Countermeasures used together to formulate an effect process when dealing with DDoS attacks.

Hacking

P a g e | 3 By Thomas A. Groshong Sr LOT2_Task1.docx

21 Nov 2011

Defense Against Denial of Service (DoS) Attacks
C. References
DEFEATING DDOS ATTACKS. (2004). Retrieved from Cisco Systems website: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5879/ps6264/ps5888/prod_white _paper0900aecd8011e927.pdf

Hacking

Householder, A., Manion, A., Pesante, L., Weaver, G., & Thomas, R. (2001). Managing the Threat of Denial-of-Service Attacks. CERT Coordination Center, 543. Retrieved from http://www.cert.org/archive/pdf/Managing_DoS.pdf
Specht, S. M., & Lee, R. B. (2004). Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures. In Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems. 2004 International Workshop on Security in Parallel and Distributed Systems, (p. 543-550). Retrieved from http://palms.ee.princeton.edu/PALMSopen/DDoS Final PDCS Paper.pdf

P a g e | 4 By Thomas A. Groshong Sr LOT2_Task1.docx

Similar Documents