Hacking, Defense Against DoS Attack Essay Example for Free

Hacking, Defense Against DoS Attack EssayA DDoS antiaircraft against the Universities Registration System Server (RSS) by infected data processors (Bots) located in the University Computer Labs (see diagram) resulted in end down access to the RSS system. Orchestrated and controlled by a central controller these Bots established clear connections (HTTP protocol) to the RSS using up each(prenominal) available bandwidth. Doing so prevented other users from accessing the Web site/server for reliable traffic during the attack. This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. This summary provide address measure to counter this type of DoS attack. (Specht, S. M. , Lee, R. B. (2004)) Measures to counter a DoS attack can be broken down into two types In-Depth Defense and Countermeasures. Devices such as Routers and Proxy Firewalls argon designed to protect against attacks from outside not inside the protective boundaries of the U niversitys mesh topology. The use of up-to-date antivirus software on all mesh computers, an Intrusion Detection and Prevention System (IDPS) to monitor network traffic, and a host-based IDPS (local computer firewall) are recommended.Training of computer users and Information Technology (IT) personnel that manage computer service on the University network is critical to counter such attacks. Disaster Recovery procedures and/or Checklists need to be created and followed by IT round during the attack phase. Using the concept of In-Depth Defense includes the following Principle of Least Privilege, Bandwidth Limitation, and Effective Patch commission (EPM). To reduce risk of attack the use of Microsofts Active Directory (AD) Rights Management (RM) to assign users the least beat of privileges necessary to operate on the network.This would prevent rogue (Virus or Trojan) software installations that could lead to Bot compromises and DDoS attacks. Limiting the bandwidth or setting band width caps could help to reduce the set ups of DDoS attacks by reducing the amount of data any superstar computer can use. Much like how Internet Service Providers (ISPs) limit the amount of traffic by any one customer to access the Internet. The use of automated patch management, Microsofts System bear on Configuration Manager (SCCM) to keep computers properly updated and patched is essential.EPM reduces the risk of attacks by reducing the vulnerabilities due to experience weaknesses in applications and Operating Systems (OSs). A centrally managed Host Based IDPS or Host Based bail System LOT2_Task1. docx (HBSS) to audit and report on computer systems helps defend against known attacks. HBSS allows the management of local computer firewall configurations to identify and possibly shut down infected computers during an attack. The use of AD, SCCM, and HBSS combine to reduce the likelihood of an attack and provide valuable information during the attack and post-attack phases.Coun termeasures to internal network DDoS attacks consist of detection, neutralization, prevention of additional attacks, deflection, and post-attack forensics. In the current network design an IDPS can alert network administrators of potential problem detection and scarf out signature based (known) attacks to help in the mitigation process. Use of HBSS and Network IDPS allows administrators to shut down services during an attack to neutralize attacks. The capture of Traffic Patterns stored during DDoS attacks can be used for forensic analyzes post-attack.Load equilibrize increases incoming traffic levels during peak hours of operations and during DDoS attacks. Proper configuration of load balancing of network devices, services, and servers will reduce effects of a DDoS attack. (Householder, A. , Manion, A. , Pesante, L. , Weaver, G. , Thomas, R. (2001)) Documentation of these processes provides effective lessons learned and should be the basis of future solution procedures. Identify ing Bot computers as quickly as possible and removing them from the network is an effective response to DDoS attacks.Once removed from the network the Bot application can be removed from the computer. If removal is not possible or effective a baseline installation of the Operating System is required. With the use of In- Depth Defense and Countermeasures DDoS damage can be significantly reduced. Defensive steps include user account best practices, effective application join process, current virus definitions usage, properly configured host-based firewall rules, active network scans for anomalies by IDPS are effective tools against DDoS.Identifying, shutting down, and preventing additional outbreaks of infected computers best practices must be documented. Education of Users and IT staff helps to reduce the root causes of DDoS attacks by reducing Bots infections. Tools such as AD, SCCM, and IDS used properly can help detect and formulate an effect defense against these attacks. In-Dep th Defense and Countermeasures used together to formulate an effect process when dealing with DDoS attacks.