Best Practices Guide Lot2 Task 2 Essay Example
Joseph W Costa
LOT2 Task 2
5/24/2013
Best Practices in Prevention of DoS/DDoS Attacks
This guide is meant to describe best practices for the detection and prevention of denial of service attacks, such as the event that recently occurred at the university. It was determined that based on current security guidelines and current controls in place, the university was still severely vulnerable from an internal aspect and all identified gaps need to be addressed and resolved. Each control described below will provide a more in depth look at the overall strategy of how a network should be protected but still allow for the functionality that is required to maintain normal operations.
Know the Signs of an Attack An essential part of network security is knowing what the characteristics of an attack are, so they can be countered or prevented. When the university suffered an overwhelming internal DDoS attack, it required administrators to reevaluate its security guidelines based on what was known about the attack. As seen at the time of attack, certain characteristics were: Network performance unusually slow Website was unavailable for at least 24 hours Thousands of bogus HTTP packets sent to internal web server Taking these factors into account, it can be safe to say it was an actual attack rather than just legitimate network usage. Now that it is known what such an event would look like, identifying similar attacks in the future will be much easier and may allow for limited down time.
Deployment of an Intrusion Detection or Prevention System Implementing the installation of an IDS or IPS will allow for suspicious traffic to be flagged and reported to administrators based on one of two different factors. These factors are signature based or anomaly based depending on how they are configured. These devices should be installed wherever essential traffic is routed such as the core switch controlling traffic to critical resources, or in the
LOT2 Task 2
5/24/2013
Best Practices in Prevention of DoS/DDoS Attacks
This guide is meant to describe best practices for the detection and prevention of denial of service attacks, such as the event that recently occurred at the university. It was determined that based on current security guidelines and current controls in place, the university was still severely vulnerable from an internal aspect and all identified gaps need to be addressed and resolved. Each control described below will provide a more in depth look at the overall strategy of how a network should be protected but still allow for the functionality that is required to maintain normal operations.
Know the Signs of an Attack An essential part of network security is knowing what the characteristics of an attack are, so they can be countered or prevented. When the university suffered an overwhelming internal DDoS attack, it required administrators to reevaluate its security guidelines based on what was known about the attack. As seen at the time of attack, certain characteristics were: Network performance unusually slow Website was unavailable for at least 24 hours Thousands of bogus HTTP packets sent to internal web server Taking these factors into account, it can be safe to say it was an actual attack rather than just legitimate network usage. Now that it is known what such an event would look like, identifying similar attacks in the future will be much easier and may allow for limited down time.
Deployment of an Intrusion Detection or Prevention System Implementing the installation of an IDS or IPS will allow for suspicious traffic to be flagged and reported to administrators based on one of two different factors. These factors are signature based or anomaly based depending on how they are configured. These devices should be installed wherever essential traffic is routed such as the core switch controlling traffic to critical resources, or in the