RLOT2 Task 2 B rev 1
The complete protection of the campus infrastructure from a (D)DoS is futile however, there are measures that can be put into place which will significantly reduce the risk of an outage due to a (D)DoS. Standardizing policies and procedures, segmenting the network into functional areas, active monitoring, and a defense in depth approach will reduce the duration and severity of any future (D)DoS attack.
The only zero cost opportunity, standardizing polices and procedures, is also the most difficult. Processes for incident response, patch management, and preventative maintenance must be developed, refined and communicated to the appropriate staff. Incident response processes must further be exercised so all incident responders know exactly what to do in the event of a (D)DoS. Development and deployment policies must be developed defining the process for development and deployment and use of University owned and managed computing devices. Security must be forefront-outlining security in the software development life cycle (SDLC) for both University developed applications and off the shelf applications.
Defense in Depth provides the university several layers of protection. Starting at the endpoints, host intrusion protection (HIPS), should be installed on each Device. Properly installed, HIPS will not permit the installation of unauthorized programs. This was the root cause of the (D)DoS recently experienced. At the routers access control lists (ACLs) must be put in place to allow only traffic with a legitimate protocol and destination. Between the routers and the endpoint a firewall solution must be put in place. The firewall must be configured to allow only allowed protocols and port numbers to communicate with specific destinations. Between the firewall and endpoint a (D)DoS a detection tool (such as Arbor’s Prevail) must be put in place. This measure not only allows for quick detection of (D)DoS it also permits the automatic mitigation of the
The only zero cost opportunity, standardizing polices and procedures, is also the most difficult. Processes for incident response, patch management, and preventative maintenance must be developed, refined and communicated to the appropriate staff. Incident response processes must further be exercised so all incident responders know exactly what to do in the event of a (D)DoS. Development and deployment policies must be developed defining the process for development and deployment and use of University owned and managed computing devices. Security must be forefront-outlining security in the software development life cycle (SDLC) for both University developed applications and off the shelf applications.
Defense in Depth provides the university several layers of protection. Starting at the endpoints, host intrusion protection (HIPS), should be installed on each Device. Properly installed, HIPS will not permit the installation of unauthorized programs. This was the root cause of the (D)DoS recently experienced. At the routers access control lists (ACLs) must be put in place to allow only traffic with a legitimate protocol and destination. Between the routers and the endpoint a firewall solution must be put in place. The firewall must be configured to allow only allowed protocols and port numbers to communicate with specific destinations. Between the firewall and endpoint a (D)DoS a detection tool (such as Arbor’s Prevail) must be put in place. This measure not only allows for quick detection of (D)DoS it also permits the automatic mitigation of the