Upload
steven-swafford
View
219
Download
0
Embed Size (px)
Citation preview
7/29/2019 Combating DoS or DDoS Attacks
1/5
radicaldevelopment.net http://radicaldevelopment.net/combating-dos-or-ddos -attack
Combating DoS or DDoS Attacks
The reality is Denial of Service (DoS) and Dist ributed Denial of Service (DDoS) attacks have been around fo
many years. While there are not new developments in which the mechanism that these attacks are carried
out , these at tacks are simply becoming more and more sophisticated. There is also legal precedence which
individuals or groups can target a specif ic entity as long as there is a legitimate underlying cause. Taking in
account the growing sophistication and legal background it becomes ever more import ant f or o rganizat ions
to f ormulate a plan in detecting, preventing, and mitigating the risks surrounding DoS and DDoS at tacks. Th
shif t to a defensive posture may be foreign to many organizations however to ensure services cont inue
uninterrupted these organizations must t ake these type of attacks much more seriously.
To combat Denial of Service attacks it is essential to understand that the idea of this at tack encapsulates
the concept o f f looding the target network, breaking the network connection, and f inally the hindrance of a
individual or even a group to access a particular service. The cyber batt lef ield concerning this t ype of attac
is depicted in f igure 1. Here the attacker seeks out what is known as a handler where so f tware is installed
that allows the handler to be contro lled via the attacker.
Figure: 1
At this point, the at tacker issues commands to the handler that in turn contro ls the agents and the agents
then act as the solider that att acks the target. Oft en the agents are unsuspecting computers that may be
infected with malware. Of course, denial of service attacks also are executed by a single entity by taking
advantage of vulnerabilities within program f laws, specif ically in the areas of resource starvation and buf f e
overf lows (Nort hcutt, 2007). At the end of the day, the threat o f a DoS or DDoS is real and to reduce these
threats t he next s teps are detecting and mitigating the threat . Keeping in mind these st eps, I selected three
research papers f ocus on detection and prevention in order to reduce the risk surrounding denial of service
attacks. The key f actor is to remember that risks cannot entirely be removed, but these same risks can be
mitigated to an acceptable level with everyone involved.
Attacks in History
http://radicaldevelopment.net/combating-dos-or-ddos-attacks/7/29/2019 Combating DoS or DDoS Attacks
2/5
To put into perspective all one has to do is t urn attent ion back in time to 2007 when Estonia f eel victim to a
DoS attack. What propagated the attack was the action that the Estonian citizens relocated a Soviet war
memorial f rom the city o f Tallinn. At the time, Estonians believed that the Russ ian government was behind
the attack however, the Russian government denied all involvement. The other widely adopted believe was
that hackers who sympathized with the Russians where behind the at tack and this included China. This DoS
attack was viewed as a cyberwar between Russia and Estonia and because of this; both o rganizations and
countries alike took not ice of the importance of cybersecurity.
Detecting the Threat
Over the years network centric defense systems has evolved to t he level where the traf f ic can be monito re
and categorized to the level in which traf f ic can be determined if it is acceptable or unacceptable (Ying,
Incheol, T hai, and Taieb, 2010). Accountability must be at the center o f computing, in ot her words every
action must be bo th measurable and traceable by to a given entity. The reason this is import ant is so the
organization can take the info rmation in order to step through the attack in the hope that t his test scenario
points out the vulnerability and how the vulnerability was exploited. Ying et al. (2010) emphasize that
detection and test ing so unds simple of the surf ace however there are three problems areas to address,
which include having a sold test ing structure, planning the infrast ructure to mimic the att acker, and f inally th
tes t case must provide accurate results. Once tes t cases are in place and executed, then and only then can
an organization be successf ul.
Modern day business is widely conducted over the Internet and be of this it is extremely
more important than ever to conduct test ing acros s t he spectrum. For example, computer
on a network typically communicate via routers and it is not overly dif f icult t o execute a
denial of service attack on a given network. One such attack vecto r is exploit ing Internet
Proto col (IP) version 6 by sending a f lood data packets , which will advertise a network.
This exploit then will cause all devices on the network to t hen attempt to connect and
now the computers f all victim to reso urce starvation. In fact, this exploit will force clients
to join hundreds of advertised networks until the computer becomes utterly non-
responsive. A great test scenario is to configure the operating systems (OS) to ignore a
predetermined number networks, o f course the roo t vulnerability resides with the vendorto patch. Ying et al. (2010) proposal surrounding a test ing based approach to both DoS and DDoS attacks
attempts to establish a so lid f ramework in which these types o f attacks are reduced by understanding the
day-to- day network activity. The downside to this approach is public facing networks are dif f icult t o measu
because the usage of ten peaks over time making it challenging to def ine what t raf f ic is acceptable.
Counter the Attack
At this stage in Do S attacks the idea is that if an at tack is determined to be underway there must be
measures in place to f ight of f the attack. As mentioned previously, many aspects of business are of ten
conducted over the Internet and because of this f act; a pronounced example of a DoS attack of service are
password at tacks. Goyal, Kumar, Singh, Abraham, and Sanyal, (2006) po int out that a vast amount of
systems utilize passwords f or two reasons which include convenience and the fact that end users widely
accept the use of a password to gain access to a service. For similar reasons that passwords are popular
with users, they are also popular f orms of DoS attacks.
http://radicaldevelopment.net/advertise/7/29/2019 Combating DoS or DDoS Attacks
3/5
Figure: 2
When it comes to password attacks, the hacker community has a vast arsenal at their disposal whereas
security measures t ypically are limited or as they evolve, they of ten f all victim to an attack. The reality is Do
attacks will likely always be reactive but t his does not mean that proactive measures should not be
implemented. A password by def inition means a word o r phrase that is unknown to o thers than the intended
party. However, the reality is passwords are weak and easily guessed o r even cracked as f igure 2 represent
they typical length o f a password. Because of this f act, Goyal et al. (2006) propose a measure that will
prevent dictionary attacks by shrinking the att ack window, which in turn will require the hacker to rethink the
attack. The core o f this idea is the protocol initiates a f our-pass transmission where the f inal two passes
involve a computat ion that is negot iated between the server and the client. To put passwords into
perspective when it comes to DoS attacks it is important to understand that while typically attacks are
carries out on tiers three and four, it is entirely feasible to also at tack tier two via the password vulnerabilit
Case in point, Cisco (2005) released an advisory that outlined their Application and Content Networking
System (ACNS) so f tware could fall victim to a DoS attack by exploiting the def ault password used for
administ rative accounts.
Mitigating the Threat
An interesting aspect of prevention within Service- Oriented Architect ure (SOA) is outline by Shah, Mangal,
Agarwal, Mehra, and Patel (2010) where a heavy f ocus is given to web services . In several aspects of
Internet based communications, many vendors provide an Application Programing Interf ace in which a great
deal of these communications takes place via a web service. The idea is t hat a Web Service is no dif f erent
f rom a web application in the sense that bot h are open to attacks. Shah et al. (2010) put f ort h the idea of
leveraging Simple Object Access Proto col (SOAP) at both the server and client using encryption to combat a
DoS attack by use of handlers. These handlers provide a number of actions o ne being encryption and the
second being validation o f the SOAP envelop. Bot h of these opt ions great ly reduce the DoS threat in the
7/29/2019 Combating DoS or DDoS Attacks
4/5
area of web services.
In reality there has been a great deal of both so lutions provided in the def ense of DoS attacks which includ
anomaly detection, IP tracing, and f iltering packets and the area o f DoS is constantly evolving (Yu, Fang, Lu
and Li, 2010). When it all comes down to reducing the threat the obvious answer resides in the area of trus
management, in ot her words know your user base and est ablish s tro ng boundaries o f network usage. Yu e
al. (2010) also present t he use o f a license management server, which would serve out a license to
author ized users, and without the license at the client, all network communications sent to the receiver
would be ignored. The idea here of mitigating the DoS attacks is both lightweight and f easible to the degree
that interested parties could quickly and easily adopt a defensive posture against DoS attacks.
Conclusion
At this point, it should be clear that DoS attacks are not overly co mplicated to both def end and attack.
Referencing f igure 3 it is clear that DoS can af f ect each tier of the OSI model.
Figure: 3
What makes DoS dif f icult t o def end are the f acts that it is o f ten diff icult t o distinguish between legitimate
traf f ic and the fact that all sof tware contains defects that can be exploited. While DoS is dif f icult to defend
it is not imposs ible. Actions such as reviewing network infrast ructure against the National Inst itute o f
Standards and Technology (NIST) s tandards and load tes ting the network will both assist in f inding
vulnerabilities and understanding at what stress point the network will break under a given load. Monito ring
also extremely important therefor an Intrusion Detection System (IDS) o r Intrus ion Prevention System (IPS)
will assist immensely in protecting the network. Of course, the single mos t import ant aspect is to have an
7/29/2019 Combating DoS or DDoS Attacks
5/5
established policy and procedure that outlines the course of action taken befo re, during, and af ter the
attack. If the network is a victim of an attack, as soo n as poss ible the Internet Service Provider (ISP),
Information Security (IS) perso nnel, and the appropriate law enforcement agency must all be alerted.
References
Goyal, V., Kumar, V., Singh, M., Abraham, A., & Sanyal, S. (2006). A new protocol to counter online
dictionary att acks. Computers & Security, 25(2), 114-120. doi:10.1016/j.cose.2005.09.003
Cisco. (2005). ACNS Denial of Service and Default Admin Password Vulnerabilit ies. Cisco SecurityAdviso ry. Retrieved f rom http://tools.cisco.com
Northcutt, S. (2007). Security Laboratory: Methods of Attack Series. SANS Technology Institut e.
Retrieved f rom http://www.sans.edu
Shah, D., Mangal, A., Agarwal, M., Mehra, M., & Patel, D. (2010). Mitigating DoS us ing handlers f or
Global SOA. Journal of Algorithms & Computat ional Technology, 4(4), 381-394. Retrieved f rom
http://www.multi-science.co.uk/
Ying, X., Incheol, S., Thai, M. T., & Taieb, Z. (2010). Detecting application denial-of -service attacks: A
group- tes ting-based approach. IEEE Transactions On Parallel & Dist ributed Systems, 21(8), 1203-
1216. doi:10.1109/TPDS.2009.147
Yu, J. J., Fang, C. C., Lu, L. L., & Li, Z. Z. (2010). Mitigating application layer distributed denial of
service attacks via ef f ective trus t management. IET Communications, 4(16), 1952-1962.
doi:10.1049/iet-com.2009.0809
Highly mot ivated inf ormation technology prof essional with 16+ years of experience. Working
as a so f tware engineer Steven develops and maintains web based so f tware so lutions. As a
skilled prof essional he is f ocused on the design and creation o f so f tware. Because
communication skills are extremely important Steven continues to expand his knowledge in
order t o communicate clearly with all facets of business. Recently Steven has been leading
ef f orts t o standardize sof tware development t oo ls and technology, plans and coordinates
web accessibility as applied to IT Solutions, and he is tackling application security in terms o f best practicesand implementation o f the Security Development Lif e-cycle.
http://mr.crossref.org/iPage/?doi=10.1049%2Fiet-com.2009.0809http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5232807http://www.multi-science.co.uk/http://www.sans.edu/http://tools.cisco.com/http://www.sciencedirect.com/science/article/pii/S0167404805001537