Ddos_Attack

During the start of the University’s registration process, which is considered the peak usage period, the web-bases system was infiltrated and suffered a crippling Distributed Denial of Service (DDoS) attack. The web based registration and cashiering system was made unavailable for students to register, pay for and drop classes. It is believed that the attack did not initiate from an external network source. Investigation has revealed that the source was an internal attack by which the attacker was able to steal an administrator’s password. DDoS attacks involve the attacker sending high amounts of traffic at a precise target from different sources. The objective of the attack is to consume the supply of the target, so it is not capable of completing its normal functions or serve its user. The attack may try to overpower the target’s bandwidth, CPU or memory to render it useless. DDoS attacks don’t actually alter or take over the target system, so from an attacker’s standpoint they are more of a nuisance than a threat to the integrity of an organization’s system. However, DDoS attacks can be highly effective at disrupting ongoing operations, which means they can do serious damage to an organization’s bottom line and impact business operations. Because of this, every organization with open applications and services must treat DDoS as a serious threat. No single technology or operational process can provide sufficient protection from a DoS attack. Given the array of attacks covered by DoS/DDoS, it is often not easy to know when an organization is under attack. The best way to defend against a DoS attack is to handle it as a risk-management issue, as opposed to a technical or operational risk. Risk-management should be able to provide adequate coverage of security before an incident, during an incident and after an incident. There are several methods that should be used to provide complete protection against DoS/DDoS attacks. To prevent or mitigate future DDoS attacks the company should first create and implement a good security policy. A security policy should be a "living document”, which is never finished, but is continuously updated as technology and employee requirements change. A security policy should include an acceptable use policy, a description on how to educate employees and an explanation of how security measurements will be carried out and enforced. A firewall is a structure intended to prevent unauthorized access to or from a private network. To protect the system against DoS the firewall should be set to allow ingress and egress filtering at the gateway. It should be configured to allow out only packets that originate from an IP address range inside your network. This will prevent a computer from your internal network from being used as a redirected host by a hacker. The company can deploy a DDoS detection and mitigation systems to try to protect the network. It can be challenging for the company to achieve the right balance and ensure legitimate traffic can pass through, while reducing and eliminating the traffic of a DDoS attack. It is inevitable that some DDoS attacks can make their way through the defenses. An intrusion detections system (IDS) is used to monitor a network or system with the express purpose of identifying and responding to suspicious activity. Host-based intrusion detection on the gateway/hosts can alert the IT department to port scans and break-in attempts. To prevent a network from being used as a slave, regular audit should be conducted on each host on the network, which will find installed DDoS tools and vulnerable applications. The use of tools like Rkdet, Rootkit Hunter, or chkrootkit can find if a rootkit has been installed on the system. A sniffer is a program that monitors all information passing through a computer network. They can be used to filter certain types of data and to capture passwords. An effective way to prevent passwords from being captured is to use a detection program to scan the networks for devices that are running a sniffer program. There are several ways to protect against password sniffers but the most simple and efficient way to protect from a sniffing program is to use strong passwords and encryption on all data. The practice of using Secure Sockets Layer (SSL)-protected Web sites and other protection tools should be the routine to encrypt your passwords, email messages and chat sessions. The practice of using a One-time use password would be an additional beneficial method to protect against sniffing. The One-time method operates by using a challenge-response procedure, and transmits a different password every time an authentication is required. A general security audit should be performed on the systems on a regular basis and the system should be kept up to date to minimize software vulnerabilities. A DDoS hosting provider can be used to filter traffic from the company’s network and absorb all of the bad traffic from a DDoS attack before fake traffic has a chance to reach the site.