1) Install a professional anti-DDOS firewall
The safest and most worry-free way is to use a third-party professional anti-CC attack firewall to prevent. Take the extreme anti-DDoS and anti-CC firewalls as examples. You only need to log in to the intense DDoS high-defense background and configure the forwarding rules to turn on the protection.
2) Adequate network bandwidth guarantee
The network bandwidth directly determines the ability to resist attacks. If there is only 10M bandwidth, no matter what measures are taken, it is difficult to resist the current SYNFlood attack. At present, at least 100M shared bandwidth should be selected, and the best is, of course, to hang at 1000M. The trunk is up. But it should be noted that if the host’s network card is 1000M, it does not mean that its network bandwidth is gigabit. If it is connected to a 100M switch, its actual bandwidth will not exceed 100M, and then it is related to 100M. The bandwidth does not mean a 100M bandwidth because the network service provider is likely to limit the actual bandwidth to 10M on the switch. This must be clear.
In 2011, Sony’s servers were DDoS’d, which affected various Sony services, including the Playstation Network. The outage lasted 23 days, and 77 million accounts had PII breached. Once it was ready, Sony issued a patch to update user’s consoles, as well as force a change of password.
That is a funny question because I have encountered a Dos attack before. I work as an overnight SOC analyst, and we received an alert of a high amount of traffic hitting a customers server. I did not have access to the firewall, I was only alerted to it by a member of our support team. Needless to say, I bugged out because it was 3 in the morning and I never had to deal with a Dos attack before. So what did I do???? I woke up our security engineer at 4am Sunday morning bugging out. He actually reached out to one of the NetOps guys and black holed (null routed) the traffic away from the server. So, I did nothing really, HA!
I have not encountered a DDoS attack, however, I am currently in the process of implementing a tool to mitigate the risks of these attacks. In short terms, it goes through a content delivery network (CDN) and they monitor the network traffic. After a couple days of monitoring, a baseline is established for what is considered “normal” traffic. Then this baseline is compared against in the future. If abnormal traffic is trying to connect to the system then the packets will be blocked.
1. Regularly check the server for vulnerabilities
A regular check of server software security vulnerabilities is the most basic measure to ensure the security of the server. Whether it is the operating system (Windows or Linux), or the common application software (MySQL, Apache, Nginx, FTP, etc.), the server operation and maintenance personnel should pay special attention to the latest vulnerability dynamics of this software, and timely patch the high-risk vulnerabilities.
2. Hide the real IP address of the server
Through the CDN node transit acceleration service, the real IP address of the website server can be effectively hidden. CDN services are selected according to the specific situation of the website. For ordinary small and medium-sized enterprise sites or personal sites, you can first use free CDN services, such as Baidu cloud acceleration, qiniu CDN, etc. when the website traffic increases and the demand is high, you can consider paid CDN services.
Secondly, to prevent the server from leaking the IP address when transmitting information to the outside world, the most common situation is that the server should not use the function of sending an e-mail, because the e-mail header will leak the IP address of the server. If you have to send mail, you can send it through a third-party agent (such as SoundCloud), so that the IP displayed to the outside is the IP address of the agent.
3. Shut down unnecessary services or ports
This is also the most common practice of server operation and maintenance personnel. In the server firewall, only the used ports are opened, such as port 80 of Website Web service, port 3306 of the database, port 22 of SSH service, etc. Shut down unnecessary services or ports and filter fake IP on the router.
Know your traffic:
Use network and application monitoring tools to identify traffic trends and tendencies.
Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore core geographies and business-critical services in the face of a DDoS attack.
Test, re-test, document, and measure. Incorporate DDoS attacks into penetration testing to simulate complex attacks, identify vulnerabilities, and shore up defenses.
The selection should be focused on the company’s business need. How much computing power they need, the storage, and even how much customization is needed from the ISP. I think by assessing the business needs of your organizations we can identify which elements to focus on when selecting a provider.
In the era of mobile Internet, office work is gradually shifting to a mobile office model. Easy access anytime, anywhere, and on any device has become a rigid demand of users. The cloud information system is available anytime and anywhere to make the mobile office easier to accomplish. Therefore, the cloud has become the most suitable platform for running various business information systems.
The security of the cloud platform itself can be guaranteed, and there is no doubt about this. But this only refers to its own security. As for the user’s business security, it is relatively not easy to guarantee. It is common for cloud users to be attacked by DDOS, WEB, and certain viruses.
I think Infrastructure-as-a-Service (IaaS) service model allows an organization more control over the infrastructure as it allows businesses to purchase resources on-demand and as needed. IaaS delivers cloud computing infrastructure, including servers, network, operating systems, and storage, through virtualization technology. These cloud servers are typically provided to the organization through a dashboard or an API, giving IaaS clients complete control over the entire infrastructure. IaaS provides the same technologies and capabilities as a traditional data center without having to physically maintain or manage all of it and without investing in expensive on-site resources. One of the advantages of IaaS solutions is flexibility and scalability.
Infrastructure As A Service (IaaS) is a cloud computing service where enterprises rent or lease servers for computation and storage in the cloud. Users can run any operating system or applications on the rented servers without the maintenance and operating costs of those servers. Examples are: DigitalOcean, Linode, Rackspace, Amazon Web Services (AWS), Cisco Metapod, Microsoft Azure, Google Compute Engine (GCE).
The most common DDos Attack is Ping of Death, SYN Flood and UDP Flood. The Ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. This causes the system to become overwhelmed and crash. SYN Flood aims to make a server unavailable to legitimate traffic by consuming all available server resources. By repeatedly sending initial connection request (SYN) packets. UDP Flood is an attack in which a large number of User Datagram Protocol (UDP) packets are sent to a targeted server with the aim of overwhelming that device’s ability to process and respond.
There are numerous methods of DDoS attacks. A few would be a botnet DDos attack. This involves numerous compromised machines that have zombies or bots installed on them. These bots are then controlled by an attacker at another machine often referred to as a command and control server. The attacker issues commands to the bots and they perform the attack from the victims compromised machines. Another method is a SYN flood. The attacking machines initiate the 3-way-handshake with the server by sending a SYN packet. The server responds with a SYN-ACK packet but the attacking machine never replies. The server allocates memory awaiting the ACK packet. The ACK packet never returns and eventually the servers resources get used up.
As far as how long they last, I think it is relative. I did a little searching and found that they can last up to 24-48 hours. But it appears that the average for an attack is 20 minutes.
Hi Cami,
I think one method is to configure firewall on important nodes. The firewall itself can resist DDoS attacks and other attacks. When an attack is discovered, the attack can be directed to some sacrificial hosts, which can protect the real host from being attacked. Of course, these sacrificial hosts that are oriented can choose unimportant ones, or systems with fewer vulnerabilities and natural defense against attacks such as Linux and Unix.
I think with enough bots it possible to launch a successful attack against Shopify. In 2018 GitHub which is used by millions of developers for successfully DDos. At the time it was the largest ever as it was flooded with 1.3 terrabits per second. If an attacker/botmaster can pull off that kind of attack on Github, I’m sure it would be enough to overwhelm Shopify’s load-balancers and web servers.
How many people feel access controls sometimes create road blocks to the information they need? I often hear cybersecurity, or any security, could impose more trouble for end users and force them to be creative when trying to gain access to certain systems. This causes people to stop following policies and do things they shouldn’t. I think cybersecurity, when done right, can be a great thing. But if done wrong, it’s very annoying.
While I think this is correct and agree that when it isn’t done correctly can be frustrating, I also think that if people are not following policies and guidelines it could be an indicator that there is a lack of security training/understanding of how to work with the security in place. The book mentioned this in a previous chapter that if there is a negative connotation to the security or there are a lot of people frustrated over security measures, that it may be in fact lackluster training rather than a difficult system.
Hi, Austin. I think that Google Drive could be the best cloud model to be implemented by a small company. It is dependent on what functions will the company use the most. For example, some small financial service companies usually use spreadsheets and store the files in their daily works. Google provides some free applications, including Docs, Sheets, and Slides, and it has lower prices for storage plans from $19.99 per year to $99.99 per year, which it is very dependent on the company usages.
I think Software as a Service (SaaS) would be the best for a small business because it comes ready out of the box. There definitely could be customization for software to meet the business’s needs, but not if they are on a tight budget. Additionally with SaaS, there is not much (if any) maintenance need by the business. The software provider will take care of server maintenance and software updates. I think a good example of this is small businesses using ADP for their payroll.
CapitalOne leaked: CapitalOne is a US financial holding company and one of the US banking giants specializing in financial products such as credit cards and auto loans. The company’s leak was disclosed in July 2019, affecting more than 100 million Americans and 6 million Canadians. Allegedly, the suspect is a former Amazon Web Services employee accused of illegally accessing CapitalOne’s AWS server to retrieve data from more than 30 companies.
Many companies using the cloud to store their sensitive or essential data, and most users don’t have physical access. But cloud still have the data leakage concern, including account or service hijacking, denial of service, data loss, data breaches, and many others. Based on that, I think the organization should follow the cloud-security standard, selected a safety cloud environment, and ensure that the entire system remains compliant with the applicable government regulations.
Hi Zhen,
I think cloud computing does have data leakage concern. Misconfigurations are still common and expose a lot of sensitive data. If relatively simple encryption algorithms are used for the data, the data may be leaked during storage or processing on the cloud platform.
ARP spoofing is a type of malicious attack where the hacker impersonates a MAC address on a LAN. This can be performed to intercept, modify or stop in-transit network traffic between two parties trying to communicate. It is also a type of a man-in-the-middle attack.
The main difference is that direct DoS is flood the victim directly from attacker’s computer, and the indirect DoS is spoof the source address and then flood the victim.
So from the front end (and this is new to me) is an application called SCRYPTmail where a decoy email address is provided. I find that an inventive way of protecting yourself from unwanted emails or spam.
Have you ever encountered a DDoS attack in your personal life or work? How was it mitigated?
1) Install a professional anti-DDOS firewall
The safest and most worry-free way is to use a third-party professional anti-CC attack firewall to prevent. Take the extreme anti-DDoS and anti-CC firewalls as examples. You only need to log in to the intense DDoS high-defense background and configure the forwarding rules to turn on the protection.
2) Adequate network bandwidth guarantee
The network bandwidth directly determines the ability to resist attacks. If there is only 10M bandwidth, no matter what measures are taken, it is difficult to resist the current SYNFlood attack. At present, at least 100M shared bandwidth should be selected, and the best is, of course, to hang at 1000M. The trunk is up. But it should be noted that if the host’s network card is 1000M, it does not mean that its network bandwidth is gigabit. If it is connected to a 100M switch, its actual bandwidth will not exceed 100M, and then it is related to 100M. The bandwidth does not mean a 100M bandwidth because the network service provider is likely to limit the actual bandwidth to 10M on the switch. This must be clear.
In 2011, Sony’s servers were DDoS’d, which affected various Sony services, including the Playstation Network. The outage lasted 23 days, and 77 million accounts had PII breached. Once it was ready, Sony issued a patch to update user’s consoles, as well as force a change of password.
That is a funny question because I have encountered a Dos attack before. I work as an overnight SOC analyst, and we received an alert of a high amount of traffic hitting a customers server. I did not have access to the firewall, I was only alerted to it by a member of our support team. Needless to say, I bugged out because it was 3 in the morning and I never had to deal with a Dos attack before. So what did I do???? I woke up our security engineer at 4am Sunday morning bugging out. He actually reached out to one of the NetOps guys and black holed (null routed) the traffic away from the server. So, I did nothing really, HA!
This response was in reference to Mei Wang’s question about “Have you ever encountered a DDoS attack?”
I have not encountered a DDoS attack, however, I am currently in the process of implementing a tool to mitigate the risks of these attacks. In short terms, it goes through a content delivery network (CDN) and they monitor the network traffic. After a couple days of monitoring, a baseline is established for what is considered “normal” traffic. Then this baseline is compared against in the future. If abnormal traffic is trying to connect to the system then the packets will be blocked.
What is the best way to prevent the DDoS attack?
1. Regularly check the server for vulnerabilities
A regular check of server software security vulnerabilities is the most basic measure to ensure the security of the server. Whether it is the operating system (Windows or Linux), or the common application software (MySQL, Apache, Nginx, FTP, etc.), the server operation and maintenance personnel should pay special attention to the latest vulnerability dynamics of this software, and timely patch the high-risk vulnerabilities.
2. Hide the real IP address of the server
Through the CDN node transit acceleration service, the real IP address of the website server can be effectively hidden. CDN services are selected according to the specific situation of the website. For ordinary small and medium-sized enterprise sites or personal sites, you can first use free CDN services, such as Baidu cloud acceleration, qiniu CDN, etc. when the website traffic increases and the demand is high, you can consider paid CDN services.
Secondly, to prevent the server from leaking the IP address when transmitting information to the outside world, the most common situation is that the server should not use the function of sending an e-mail, because the e-mail header will leak the IP address of the server. If you have to send mail, you can send it through a third-party agent (such as SoundCloud), so that the IP displayed to the outside is the IP address of the agent.
3. Shut down unnecessary services or ports
This is also the most common practice of server operation and maintenance personnel. In the server firewall, only the used ports are opened, such as port 80 of Website Web service, port 3306 of the database, port 22 of SSH service, etc. Shut down unnecessary services or ports and filter fake IP on the router.
Know your traffic:
Use network and application monitoring tools to identify traffic trends and tendencies.
Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore core geographies and business-critical services in the face of a DDoS attack.
Test, re-test, document, and measure. Incorporate DDoS attacks into penetration testing to simulate complex attacks, identify vulnerabilities, and shore up defenses.
To what level is network segmentation effective and is it practical to use different technology in each segment?
Which elements should organization consider when they select the cloud services type?
The selection should be focused on the company’s business need. How much computing power they need, the storage, and even how much customization is needed from the ISP. I think by assessing the business needs of your organizations we can identify which elements to focus on when selecting a provider.
What are the advantages and disadvantages of migrating core business functions to the cloud?
In the era of mobile Internet, office work is gradually shifting to a mobile office model. Easy access anytime, anywhere, and on any device has become a rigid demand of users. The cloud information system is available anytime and anywhere to make the mobile office easier to accomplish. Therefore, the cloud has become the most suitable platform for running various business information systems.
The security of the cloud platform itself can be guaranteed, and there is no doubt about this. But this only refers to its own security. As for the user’s business security, it is relatively not easy to guarantee. It is common for cloud users to be attacked by DDOS, WEB, and certain viruses.
What cloud service model allows an organization more control over the infrastructure and why?
I think Infrastructure-as-a-Service (IaaS) service model allows an organization more control over the infrastructure as it allows businesses to purchase resources on-demand and as needed. IaaS delivers cloud computing infrastructure, including servers, network, operating systems, and storage, through virtualization technology. These cloud servers are typically provided to the organization through a dashboard or an API, giving IaaS clients complete control over the entire infrastructure. IaaS provides the same technologies and capabilities as a traditional data center without having to physically maintain or manage all of it and without investing in expensive on-site resources. One of the advantages of IaaS solutions is flexibility and scalability.
Infrastructure As A Service (IaaS) is a cloud computing service where enterprises rent or lease servers for computation and storage in the cloud. Users can run any operating system or applications on the rented servers without the maintenance and operating costs of those servers. Examples are: DigitalOcean, Linode, Rackspace, Amazon Web Services (AWS), Cisco Metapod, Microsoft Azure, Google Compute Engine (GCE).
What are the different types of DDoS attacks and how long do DDoS attacks last?
The most common DDos Attack is Ping of Death, SYN Flood and UDP Flood. The Ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. This causes the system to become overwhelmed and crash. SYN Flood aims to make a server unavailable to legitimate traffic by consuming all available server resources. By repeatedly sending initial connection request (SYN) packets. UDP Flood is an attack in which a large number of User Datagram Protocol (UDP) packets are sent to a targeted server with the aim of overwhelming that device’s ability to process and respond.
There are numerous methods of DDoS attacks. A few would be a botnet DDos attack. This involves numerous compromised machines that have zombies or bots installed on them. These bots are then controlled by an attacker at another machine often referred to as a command and control server. The attacker issues commands to the bots and they perform the attack from the victims compromised machines. Another method is a SYN flood. The attacking machines initiate the 3-way-handshake with the server by sending a SYN packet. The server responds with a SYN-ACK packet but the attacking machine never replies. The server allocates memory awaiting the ACK packet. The ACK packet never returns and eventually the servers resources get used up.
As far as how long they last, I think it is relative. I did a little searching and found that they can last up to 24-48 hours. But it appears that the average for an attack is 20 minutes.
How do we prevent one of the Dos attacks, degradation-of-service attacks?
Hi Cami,
I think one method is to configure firewall on important nodes. The firewall itself can resist DDoS attacks and other attacks. When an attack is discovered, the attack can be directed to some sacrificial hosts, which can protect the real host from being attacked. Of course, these sacrificial hosts that are oriented can choose unimportant ones, or systems with fewer vulnerabilities and natural defense against attacks such as Linux and Unix.
Shopify store has thousands of servers, does it possible to perform a DDoS attack on Shopify?
I think with enough bots it possible to launch a successful attack against Shopify. In 2018 GitHub which is used by millions of developers for successfully DDos. At the time it was the largest ever as it was flooded with 1.3 terrabits per second. If an attacker/botmaster can pull off that kind of attack on Github, I’m sure it would be enough to overwhelm Shopify’s load-balancers and web servers.
How many people feel access controls sometimes create road blocks to the information they need? I often hear cybersecurity, or any security, could impose more trouble for end users and force them to be creative when trying to gain access to certain systems. This causes people to stop following policies and do things they shouldn’t. I think cybersecurity, when done right, can be a great thing. But if done wrong, it’s very annoying.
While I think this is correct and agree that when it isn’t done correctly can be frustrating, I also think that if people are not following policies and guidelines it could be an indicator that there is a lack of security training/understanding of how to work with the security in place. The book mentioned this in a previous chapter that if there is a negative connotation to the security or there are a lot of people frustrated over security measures, that it may be in fact lackluster training rather than a difficult system.
Are are the some types of DDos Attacks and how to mitigate them?
This white paper highlights the top 9 DDoS attack in the current environment.
https://dsimg.ubm-us.net/envelope/414933/633973/Top_9_DDoS_Attacks_to_Prep_For_FIN_2020.pdf
They also reference a botnet killer platform caller Radware DefensePro which provides behavioral based algorithms, real time signature creation
What would be the best cloud model to be implemented by a small company that may be tight on a budget? Why?
Hi, Austin. I think that Google Drive could be the best cloud model to be implemented by a small company. It is dependent on what functions will the company use the most. For example, some small financial service companies usually use spreadsheets and store the files in their daily works. Google provides some free applications, including Docs, Sheets, and Slides, and it has lower prices for storage plans from $19.99 per year to $99.99 per year, which it is very dependent on the company usages.
I think Software as a Service (SaaS) would be the best for a small business because it comes ready out of the box. There definitely could be customization for software to meet the business’s needs, but not if they are on a tight budget. Additionally with SaaS, there is not much (if any) maintenance need by the business. The software provider will take care of server maintenance and software updates. I think a good example of this is small businesses using ADP for their payroll.
What are some infamous examples of DDoS attacks in recent times?
CapitalOne leaked: CapitalOne is a US financial holding company and one of the US banking giants specializing in financial products such as credit cards and auto loans. The company’s leak was disclosed in July 2019, affecting more than 100 million Americans and 6 million Canadians. Allegedly, the suspect is a former Amazon Web Services employee accused of illegally accessing CapitalOne’s AWS server to retrieve data from more than 30 companies.
I LOVE the concept of honeypots! What kind of honeypot would you implement if you were tasked with this?
Does the cloud computing have the data leakage concern? How to mitigate the data leakage problem in such a public platform?
Many companies using the cloud to store their sensitive or essential data, and most users don’t have physical access. But cloud still have the data leakage concern, including account or service hijacking, denial of service, data loss, data breaches, and many others. Based on that, I think the organization should follow the cloud-security standard, selected a safety cloud environment, and ensure that the entire system remains compliant with the applicable government regulations.
Hi Zhen,
I think cloud computing does have data leakage concern. Misconfigurations are still common and expose a lot of sensitive data. If relatively simple encryption algorithms are used for the data, the data may be leaked during storage or processing on the cloud platform.
What is ARP spoofing?
ARP spoofing is a type of malicious attack where the hacker impersonates a MAC address on a LAN. This can be performed to intercept, modify or stop in-transit network traffic between two parties trying to communicate. It is also a type of a man-in-the-middle attack.
What is the difference between a direct and indirect DoS attack?
The main difference is that direct DoS is flood the victim directly from attacker’s computer, and the indirect DoS is spoof the source address and then flood the victim.
Why are x.509 Certificates standardized?
What is wireless intrusion detection system? How is it valuable?
Is there other way to secure message instead of using pair key method?
So from the front end (and this is new to me) is an application called SCRYPTmail where a decoy email address is provided. I find that an inventive way of protecting yourself from unwanted emails or spam.