Posted on

Mitigating the Hacker’s use of DoS & DDoS

 

In a prior article entitled “The Hacker’s use of DoS/DDoS” (link here), I discussed the basics of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that hackers use to cripple networks and services. As a recap, DoS/DDoS attacks are typically volumetric attacks. Volumetric attacks will saturate the Internet links of the victim. Radware, a security vendor, noted that the attack approaches have changed dramatically over the past few years (Rayome, n.d.). There are several immediate solutions that include (a) employee training and (b) the possible use Protection solutions to mitigate the impact of a DoS/DDoS attack.

Employee training continues to be at the top of the mitigation ‘to-do’ list. Training offers a first-line of defense and protection for DDoS attacks. The impact of DDoS ransomware attacks, as an example, can be limited by periodic and frequent employee training sessions in the organization. Training will give employees an understanding on how to avoid having ransomware installed into their systems.  According to Kassner (2016) DDoS ransomware can be minimized by:

  • Raising staff awareness of how ransomware attacks occur and introducing technical and procedural controls to prevent infection,
  • Develop ransomware policy and procedures that are used in the event of an infection,
  • Ensure that backups are tested and are maintained, separate from the network.

Protection services, as another avenue to protect organizational assets, can address the recent DDoS attack methods. Due to the growing online availability of attack tools and services, the attack vector has expanded.  In addition to large-scale DDoS attacks, smaller attacks and low-and-slow attacks (those attacks that are intentionally throttled down as not to raise an immediate alert) impact five out of six businesses. Smaller attacks fall below 1 Gbps in volume but consume enough network and server resources to result in poor service levels and impact good customer experience. Low-and-slow attacks, even if they are not making the headlines like their large-scale DDoS attack cousins, are a serious threat.

In order to prevent a DDoS attack, whether a low-and slow or a large-scale attack, organizations should consider protection services. Protection services allow an organization to implement a smart defense that offers services in an ‘as-needed / just-in-time’ approach.  Protection services offer 24 x 7 protection that support an organization’s attack mitigation strategy before the threat becomes more damaging.

A cloud-based scrubbing service is one protection service alternative to thwart an attack and can be used in a hybrid DoS/DDoS mitigation approach. The hybrid approach combines the customary on premise DDoS protection blended with a cloud-based DDoS service. A cloud-based service has an abundance of throughput and the resources commonly distributed across the globe, which can serve to mitigate, or frankly blunt, the source of the attacker. A hybrid approach that includes cloud-based scrubbing may be a cost effective way to handle DoS/DDoS attacks, especially from a cost of resource perspective. The hybrid model leverages automatic or manual redirection of traffic through a cloud-scrubbing center in the event a volumetric type of attack threatens to saturate the Internet link (Radware, n.d.).

 

However, given that a hybrid approach uses cloud-based services, there is a problem with this approach. If we allow our organization’s data to be sent to an outside organization’s cloud or services, our organization may be complicit in how the external organization manages its data. Moreover, if we send our organization’s data to another organization’s web or cloud, it  implies that we have agreed to their terms of service. We are, then, at the effect of another organization’s data protection policies and methods. Finally, aside from the use of (a) continuous employee training and (b) DDoS protection services a list of good practices. A summary list of items that can assist in reducing DDoS problems include:

  1. Employees should not store important data on their desktop.
  2. Two backups of employee data should be available.
  3. Spam emails or emails from people that the employee does not know should never be opened.
  4. Attachments from emails from unknown senders should not be opened.
  5. User accounts should be set up with appropriate limited system privileges.
  6. Network teams need to re-evaluate all open ports on the firewall (Rayome, n.d.).

Additionally, for the Organization a summary list of items that can help mitigate DDoS issues include:

  1. Regular backups of all systems and critical data should be made periodically and frequently on a scheduled basis.
  2. An inventory of all digital assets must be actively maintained.
  3. All software must be kept up to date, including operating systems and applications.
  4. The network must be segmented to separate data into logical and more secure areas (Zaharia, 2017).

DoS/DDoS attacks can cause severe system outages, which will impact the organization’s business (Meyran, 2012). Further, depending on the length and severity of the attack, a DDoS attack can severely damage the organization’s reputation and can have negative fiscal implications. The two methods presented in this paper; (a) continuous employee training and (b) DDoS protection services offer some promise out of several DDoS mitigation strategies.

Resources

Meyran, R. (2012, February 05). DDoS Attack Myths: Does Size Really Matter? Retrieved October 1, 2018, from https://blog.radware.com/security/2012/02/ddos-attacks-myths/

Radware. (n.d.). DDoS Prevention Services: Multi Layered DDoS Security Solutions. Retrieved October 1, 2018, from https://www.radware.com/solutions/security/

Rayome, A. D. (n.d.). How to avoid ransomware attacks: 10 tips. Retrieved October 1, 2018, from https://www.techrepublic.com/article/10-tips-to-avoid-ransomware-attacks/

Zaharia, A. (2017, December 11). What is Ransomware – 15 Easy Steps To Protect Your System [Updated]. Retrieved October 1, 2018, from https://heimdalsecurity.com/blog/what-is-ransomware-protection/

About the Author

Ron McFarland is a technologist at heart works happily with students and as a consultant. Demonstrating his love for the field, he received his Ph.D. in from the College of Engineering and Computer Science and a post-doc in Cybersecurity Technologies. He is a guest blogger at Wrinkled Brain Net (http://www.wrinkledbrain.net), a blog dedicated to Cyber Security and Computer Forensics. Dr. McFarland can be reached at his UMUC email: ronald.mcfarland@faculty.umuc.edu

Posted on

Microsoft Threat Modeling Tool 2016

Microsoft Threat Modeling Tool 2016

Threat modeling helps cybersecurity professionals visualize and better understand their network environment and data flow. Threat modeling can be a critical aspect of software and system design. This can allow secure coding practices implemented in the software or system design.

The Microsoft 2016 Threat Modeling Tool is a free tool that helps cybersecurity professionals. The tool includes a variety of modules such as template editors, threat grids, and data flow diagrams. These features are interactive and require user input. Once a system is defined into the tool, the Microsoft Threat Modeling Tool 2016 displays a representation of the threats using threat grids and data flow diagrams. Users can then work with the threats shown as well as include additional threats they feel are appropriate, in order to create workable models that change and improve over time.

Cybersecurity professionals can also use the tool to perform “what if” scenarios to see what would happen if they made a change or added some systems and devices to the network. Link provided here: https://www.microsoft.com/en-us/download/details.aspx?id=49168

Posted on

Standards Help to Limit Hackers in Gaining Access to Critical Infrastructure

There are many industry standards to prevent hackers from accessing critical information in an organization. Various security standards act as a framework to assist the network administrator, the security administrator, and/or the development team to circumvent the impingement into Information Systems by attackers. Continue reading Standards Help to Limit Hackers in Gaining Access to Critical Infrastructure

Posted on

The Hacker’s use of DoS/DDoS

The Hacker’s use of DoS/DDoS

For individuals studying Computer Networking Security or Systems Administration and Security, the Denial of Service and Distributed Denial of Service attacks are common attacks that must be addressed. The basic idea behind a DoS attack is to get a server to go down at a site (think: Amazon.com or Walmart.com) Continue reading The Hacker’s use of DoS/DDoS

Posted on

Cold Boot Attack – Redux

Just when you think a security fix, well, corrects a flaw, hackers may find a way to circumvent the security fix. You put a fence around your back yard to keep people out, and they jump over the fence! We have another example in the cyber security annals whereby hackers (actually, a security research firm) have developed a new variation of the Cold Boot Attack that was around since 2008. The Cold Boot Attack allowed attackers to steal information Continue reading Cold Boot Attack – Redux

Posted on

An Investigation into the use of a Virtual Lab Environment for IT and Cybersecurity Education

Introduction

There has been a growing demand for information technology (IT) and cybersecurity professionals throughout the United States. Colleges and Universities are seeking ways to, in a cost-effective and in an educationally effect manner, offer training and coursework to students and professionals seeking additional IT and Cybersecurity coursework and training. Continue reading An Investigation into the use of a Virtual Lab Environment for IT and Cybersecurity Education