Firstly, what is a DoS attacks, this whitepaper provides an overview of Denial of Service attacks, tools and techniques and also describes how DoS attacks can be mitigated with Firewall Software Blades and the DDoS Protector appliance. We’ll take a look at a real-life example of a customer who was under a DoS attack and how experts helped them mitigate the attack. (Note, throughout this paper, the term "DoS" is representative of both Denial of Service and Distributed Denial of Service attacks).
What would you do if suddenly your "systems are not responding"?. Specially, affect on some critical services: such as a small regional bank offering services to the public, with account holders, payroll services, mortgage and business loan services, check clearing, and monetary transfers. What happenned if the systems are not responding, you've lost control and are unable to operate
These are real life examples of how today’s DoS attacks have the ability to overwhelm even the most sophisticated and defended networks and cause harm to major businesses.
What is a DoS Attack? DoS attacks target networks, systems and individual services, and flood them with so much traffic that they either crash or are unable to operate - which effectively denies the service to legal users.
A DoS attack is launched from a single source to overwhelm and disable the target service, whereas (while) a Distributed Denial-of-service (DDoS) attack is coordinated and simultaneously launched from multiple sources to overwhelm and disable a target service. These multiple attack sources are typically part of a "bot-net" (a network of compromised computers) and can be scattered across a region or around the globe.
The symptoms of a DoS attack are obvious - make slow to unresponsive network performance, and unavailable applications.
There are two primary categories of DoS attacks today - attacks that target and flood the network, and attacks that target and flood applications. While application attacks have become more common in the last year or two, network flood attacks have remained a commonly used and impactful disruption technique.
+ Network Flood DoS Attack: Also known as a volumetric attack, these attacks send enormous volumes of irrelevant UDP, SYN or TCP traffic to consume network bandwidth and flood network equipment, rendering the network segment and even the entire network unusable.
+ Application DoS Attack: Application DoS attacks target applications and flood them with seemingly legitimate requests until they become unresponsive. Most often these attacks go completely unnoticed because they drive a small volume of traffic that slowly consumes resources until the application fails.
What actions should be taken? Firstly, analyzing traffic, use existing vendor and tools to analyze the traffic and identify the profile of the attack. For example: identifying suspicious geographic sources, suspicious IP source with known bad IP addresses ...etc; implement blocking rules, set rules to block traffic that meets the identified attack profiles ... and so on.
Now I want to sum up. The DoS threat is real and the problem is not going away. The threat community is alive with innovation driven by robust demand for tools to cause IT disruption and harm in the name of national and social causes. While there is no silver solution that protects against all froms of DoS attacks, there are many actions that can be taken to help mitigate the attack when it comes. First and foremost is preparing a DoS Attack Response Plan that outlines the leadership, tools, analysis steps and mitigation actions that should be taken when under DoS attack. Absent such a plan, the security team will be left to improvise a plan in real time in an attempt to mitigate an attack.
0 comments
Post a Comment