A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to access computer systems, network, services or other information technology (IT) resources.
Attackers in these
types of attacks typically flood web servers, systems or networks with traffic and
makes it difficult or impossible for anyone else to access them.
DoS attacks do not
typically result in the theft or loss of significant information or other
assets, they can cost the victim a great deal of time and money to handle.
The general methods of
DoS attacks are known as flooding services or crashing services.
Flood
attacks occur when the system receives too much traffic for
the server to buffer, causing them to slow down and eventually stop. Some
of flood attacks are:
Buffer overflow attacks –
the most common DoS attack. The concept is to send more traffic to a network
address than the programmers have built the system to handle.
ICMP (Internet Control
Message Protocol) flood – leverages misconfigured
network devices by sending spoofed packets that ping every computer on the
targeted network, instead of just one specific machine. The network is then
triggered to amplify the traffic. This attack is also known as the smurf attack
or ping of death.
SYN flood –
sends a request to connect to a server, but never completes the handshake.
Continues until all open ports are saturated with requests and none are
available for legitimate users to connect to.
Other DoS attacks
simply exploit vulnerabilities that cause the target system or service to
crash. In these attacks, input is sent that takes advantage of bugs in the
target that subsequently crash or severely destabilize the system, so that it
can’t be accessed or used.
Steps
to overcome DoS
There is no way
to completely avoid becoming a target of a DoS but there are proactive steps
administrators can take to reduce the effects of an attack on their network.
- Enroll in a DoS protection service
that detects abnormal traffic flows and redirects traffic away from your
network. The DoS traffic is filtered out, and clean traffic is passed on
to your network.
- Create a disaster recovery plan to
ensure successful and efficient communication, mitigation, and recovery in
the event of an attack.
It is also important to
take steps to strengthen the security posture of all of your internet-connected
devices in order to prevent them from being compromised.
- Install and maintain antivirus
software.
- Install a firewall and configure it
to restrict traffic coming into and leaving your computer.
- Evaluate security settings and
follow good security practices in order to minimize the access other
people have to your information, as well as manage unwanted traffic
Detecting
a DoS attack
The best way to detect
and identify a DoS attack would be via network traffic monitoring and analysis.
Network traffic can be monitored via a firewall or intrusion detection system.
An administrator may even set up rules that create an alert upon the detection
of an anomalous traffic load and identify the source of the traffic or drops
network packets that meet a certain criteria.
The following symptoms
could indicate a DoS attack:
- Unusually slow network performance
(opening files or accessing websites),
- Unavailability of a particular
website, or
- An inability to access any website.
No comments:
Post a Comment