A couple things organizations can do to mitigate the impact of DDoS attacks is to apply software and firmware updates and make sure security patches are utilized for all network servers in a timely manner. Also, make sure to not expose unnecessary ports to the internet that would make them potential targets.
The organization can use an appropriate filtering system to comparing the live traffic with statistical patterns. It can identify and filter illegitimate traffic. Throttling can prevent the server from going down. Having alternate network paths also can reduce the risk of DDoS attacks.
WPA2 Personal provided easy to use, a relatively high-security standard for wireless networks. However, 802.1x provides more security but more involved in configuring and supporting the infrastructure. But, it is not impossible for a scaled-down version of a RADIUS server and some form of directory services. What would be some of the reasons preventing this implementation and adoption for the masses?
Using 802.1x in your home or even some small businesses is likely overkill. There is added hardware that you need, more configurations to handle, and more of a hassle. By comparison, with WPA2 Personal you can set one password on your WiFi router and have an easy way to restrict access. With WPA2 Enterprise, you need a RADIUS server and to manage the individual login credentials. At this point, it’s not really worth it.
With a small budget, a business can simply ensure zombie computers are protected so that they cannot get infected by attackers and do not participate in the DDoS attacks.
Buffer overflow attacks appear to be the most common type. It sends more traffic to a network address than the programmers have built the system to handle, which results in sluggish behavior, system crashes, or other harmful server performance, which causes denial-of-service.
Hi Quynh, I think the Volume Based Attack is the one of most common DDoS Attack. It includes UDP floods, ICMP floods, and other spoofed-packet floods. The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).
A flooding attack is one of the most common types of Distributed Denial of Service (DDoS) attacks. Attackers send a very high volume of traffic to the target system until the service is overwhelmed. The attack often to the point where the server crashes.
A good example of a non-malicious DoS attack is the referrals from large sites. That is, the loss of service results from a larger site linking to a much smaller site, causing increased network traffic to the smaller site. While the impact of the increased traffic appears similar to that of a DoS attack, the loss was unintentional.
Hi Charlie,
One example of a non-malicious DoS attack is faulty coding. There was a loss of service, but it was not due to a malicious attack. That is why when changes and updates are made to a system, there should be testing performed to ensure the performance of the system.
A common example of a non-malicious DoS attack I can think of is when a new product or sale promotion is launched on a website and thousands of consumers flood the site to purchase the item, causing the server to crash. A DoS attack occurs when multiple machines are operating together to attack one target, and this is one example of a non-malicious occurrence. Another example could be faulty coding or a website running too many ads and popups that may flood a regular computer which may not have the bandwidth to handle the traffic, causing it to crash..
Distributed Denial of Service (DDoS) attacks are very hard to identifyand are the most common DoS attacks, which why these attacks are so dangerous. One method of identification used it to monitor the network traffic against the typical statistical patterns of DDoS attacks which could help in the early identification of an attack. An organization can use filtering systems to identify malicious activity/traffic, while allowing non-malicous activity to continue.
DDoS attacks come with no warning. Some clues when you are under a DDoS attack: a spike in traffic, An IP address makes x requests over y seconds, a 503response from your servers due to service outages, time outs on pings.
According to “An Introduction to DDoS – Distributed Denial of Service Attack”, Distributed Denial of Service (DDoS) attack can be detected when comparing the live traffic with the statistical pattern. It requires appropriate filtering systems to identify and filter illegitimate traffic while simultaneously allowing legitimate traffic.
I think the key indicator of a DDoS attack is a spike in traffic that cannot be explained. For example, for a retail business, it would be strange to have a large influx of website visitors at 3am. This would be a giant sign that a DDoS attack is underway. This would tell the ITS team that investigation is necessary
Great question Lakshmi! The great risk associated with public, hybrid, and community cloud computing models is security. Because multiple people and organizations are apart of the cloud, there’s a big concern around securing the cloud and protecting the data.
I believe a common risk associated with all the various models of cloud computing is always security. Since the cloud is server-based and available only when the company is connected to the web, it is very prone to DoS attacks and security breaches. Also, there is a risk of the host company for the cloud getting hacked and losing confidential data for all of their clients. With community cloud, there is a a higher risk of a rogue employee/user because it is a collaboration between two groups. One group may have more access than they need to in this cloud.
I believe hackers can use DoS attacks to their advantage by distracting the security teams while an intrusion is taking place somewhere else in the organization. It could also be used to help mask traffic if the attacker needed to transfer large files or data into or out of the network.
Traditional DDoS mitigation solutions involved purchasing equipment that would live on site and filter incoming traffic. If a DDoS attack is large enough, it can take out the network infrastructure upstream preventing any on-site solution from being effective. I think the effective way is to purchase a cloud-based DDoS mitigation service such as AWS Shield, but it cost money.
Which of the three types of wireless network attacks — (1) unauthorized network access, (2) a man-in-the-middle attack using an evil twin, and (3) wireless denial-of-service attacks — do you think is the biggest threat to most organizations?
I think unauthorized network access is the biggest threat for most organizations. A hacker gaining access to the network can be a serious issue because it will allow them to move laterally and possibly elevate their privileges in the network. A hacker could also violate the three security objectives of view/stealing confidential information, modify data integrity, or make system/services unavailable. A reason this is an organization’s biggest concern is because a lot of employee bring their own devices to work and connect to the WiFi or could setup their own rogue access point. If these devices are not properly configured it could be an easier attack vector for a hacker to gain access to the network.
I think unauthorized network access is the biggest threat to most organizations because it can be done by hackers via malware or phishing emails. A Man-in-the-middle attack is less common while wireless DoS attacks often cannot send enoughresponses to flood corporate servers because companies usually have the RAM, CPU power, and bandwidth to withstand the number of attacks from DoS.
The DDoS article outlines several prevention/mitigation steps against an attack. One of these mentioned, which I find interesting, is the concept of honeypots. Yet the article mentions they are not widely used. What might be some reasons this is the case?
Honeypots need resources to maintain and monitor. They serve no other functional purpose in an organization. Therefore, organizations have to allocate limited resources and funding to create, maintain and monitor the honeypots, no to mention the log storage cost. A network with a few hosts can generate a large number of log files.
In addition to the cost & technical expertise elements required to ensure that honeypots are effective, this approach presents more challenges to an entity if thwarted by an attacker. The attacker could use this a resource to launch attacks against the company or even other companies.
Hi Megan,
I thought the concept of using honeypots was interesting too. I did a little bit of research and I found the primary reason that dissaudes organizations from using honeypots is the risk of liability. The primary purpose of a honeypot is to deceive and attract a threat actor who attempts to gain access to the network. This Information Security team should monitor network activity and strengthen controls and security based on what they have learned. If the honeypot becomes compromised and subsequently used to attack or harm other systems or organizations, the organization using honeypots could become liable for any damages.
Panayiotis – I think there are a few advantages of using DDoS attacks over another type of attack. First, there is a large volume of unsecured devices (like IoT devices) connected to the Internet that can be used in attacks. It’s also my understanding that it is relatively easy to find resources that will rent out botnets. In researching this briefly, I found information on DDoS services starting at just $7 for disruption ranging from a few minutes to a couple of hours, down from $25 in 2017. The technology and services are becoming cheaper. The other major reason I believe DDoS could be advantageous is that the traffic coming from a DDoS attack can be hard to distinguish from legitimate traffic. This means it can be harder for the attacked organization to successfully identify and eliminate the threat. There are probably a few other advantages but these are just a few I can think of.
In understanding the various cloud deployment methods, how would you assist an organization in deciding which method would work best for them? What are some of the factors you would consider?
When an organization is deciding on what type of deployment model to use I think it is important to first understand why type of data will be stored in the cloud. This data can be compared with the organization’s data classification chart to determine whether it is public, sensitive, or confidential. Depending on the deployment model there could be shared storage between multiple organizations. Also, I think it should be taken into account any regulations or laws that may govern the data being used. Lastly, the budget should be taken into consideration as a private deployment model is more expensive.
AWS provides two levels of protection against DDoS attacks: AWS Shield Standard and AWS Shield Advanced. Standard defends the basic DDoS attack while Advanced provides higher level of protection against most attacks, at additional cost.
Thanks Wei for your feedback. I also just researched how Microsoft protect their cloud from cyberattack and from what I learn they provide BitLocker encryption, secure encrypted network connections and virus scans on their cloud services. They also do not allow HTTP connection to their cloud instead they only allow HTTPS direct connections.
What can organizations do to help mitigate or less the impact of a DDoS attack?
A couple things organizations can do to mitigate the impact of DDoS attacks is to apply software and firmware updates and make sure security patches are utilized for all network servers in a timely manner. Also, make sure to not expose unnecessary ports to the internet that would make them potential targets.
The organization can use an appropriate filtering system to comparing the live traffic with statistical patterns. It can identify and filter illegitimate traffic. Throttling can prevent the server from going down. Having alternate network paths also can reduce the risk of DDoS attacks.
WPA2 Personal provided easy to use, a relatively high-security standard for wireless networks. However, 802.1x provides more security but more involved in configuring and supporting the infrastructure. But, it is not impossible for a scaled-down version of a RADIUS server and some form of directory services. What would be some of the reasons preventing this implementation and adoption for the masses?
Using 802.1x in your home or even some small businesses is likely overkill. There is added hardware that you need, more configurations to handle, and more of a hassle. By comparison, with WPA2 Personal you can set one password on your WiFi router and have an easy way to restrict access. With WPA2 Enterprise, you need a RADIUS server and to manage the individual login credentials. At this point, it’s not really worth it.
How does a small business protect their website/server from the DDoS with a limited budget?
Taking advantage of the DDoS protection from service providers is a reasonable approach to take for small businesses.
With a small budget, a business can simply ensure zombie computers are protected so that they cannot get infected by attackers and do not participate in the DDoS attacks.
What is the most common type of DOS attack?
Buffer overflow attacks appear to be the most common type. It sends more traffic to a network address than the programmers have built the system to handle, which results in sluggish behavior, system crashes, or other harmful server performance, which causes denial-of-service.
Hi Quynh, I think the Volume Based Attack is the one of most common DDoS Attack. It includes UDP floods, ICMP floods, and other spoofed-packet floods. The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).
A flooding attack is one of the most common types of Distributed Denial of Service (DDoS) attacks. Attackers send a very high volume of traffic to the target system until the service is overwhelmed. The attack often to the point where the server crashes.
What is an example of a non-malicious DoS attack?
Hi Charlie,
A good example of a non-malicious DoS attack is the referrals from large sites. That is, the loss of service results from a larger site linking to a much smaller site, causing increased network traffic to the smaller site. While the impact of the increased traffic appears similar to that of a DoS attack, the loss was unintentional.
Hi Charlie,
One example of a non-malicious DoS attack is faulty coding. There was a loss of service, but it was not due to a malicious attack. That is why when changes and updates are made to a system, there should be testing performed to ensure the performance of the system.
A common example of a non-malicious DoS attack I can think of is when a new product or sale promotion is launched on a website and thousands of consumers flood the site to purchase the item, causing the server to crash. A DoS attack occurs when multiple machines are operating together to attack one target, and this is one example of a non-malicious occurrence. Another example could be faulty coding or a website running too many ads and popups that may flood a regular computer which may not have the bandwidth to handle the traffic, causing it to crash..
How to identify a DDoS attack?
Distributed Denial of Service (DDoS) attacks are very hard to identifyand are the most common DoS attacks, which why these attacks are so dangerous. One method of identification used it to monitor the network traffic against the typical statistical patterns of DDoS attacks which could help in the early identification of an attack. An organization can use filtering systems to identify malicious activity/traffic, while allowing non-malicous activity to continue.
DDoS attacks come with no warning. Some clues when you are under a DDoS attack: a spike in traffic, An IP address makes x requests over y seconds, a 503response from your servers due to service outages, time outs on pings.
According to “An Introduction to DDoS – Distributed Denial of Service Attack”, Distributed Denial of Service (DDoS) attack can be detected when comparing the live traffic with the statistical pattern. It requires appropriate filtering systems to identify and filter illegitimate traffic while simultaneously allowing legitimate traffic.
I think the key indicator of a DDoS attack is a spike in traffic that cannot be explained. For example, for a retail business, it would be strange to have a large influx of website visitors at 3am. This would be a giant sign that a DDoS attack is underway. This would tell the ITS team that investigation is necessary
What are the risks associated with the various models of cloud computing?
Great question Lakshmi! The great risk associated with public, hybrid, and community cloud computing models is security. Because multiple people and organizations are apart of the cloud, there’s a big concern around securing the cloud and protecting the data.
I believe a common risk associated with all the various models of cloud computing is always security. Since the cloud is server-based and available only when the company is connected to the web, it is very prone to DoS attacks and security breaches. Also, there is a risk of the host company for the cloud getting hacked and losing confidential data for all of their clients. With community cloud, there is a a higher risk of a rogue employee/user because it is a collaboration between two groups. One group may have more access than they need to in this cloud.
What strategies do hackers use to incorporate DoS and DDoS into their schemes?
I believe hackers can use DoS attacks to their advantage by distracting the security teams while an intrusion is taking place somewhere else in the organization. It could also be used to help mask traffic if the attacker needed to transfer large files or data into or out of the network.
What are the methods to remediate DoS attacks and which one do you think is the most effective?
Traditional DDoS mitigation solutions involved purchasing equipment that would live on site and filter incoming traffic. If a DDoS attack is large enough, it can take out the network infrastructure upstream preventing any on-site solution from being effective. I think the effective way is to purchase a cloud-based DDoS mitigation service such as AWS Shield, but it cost money.
Which of the three types of wireless network attacks — (1) unauthorized network access, (2) a man-in-the-middle attack using an evil twin, and (3) wireless denial-of-service attacks — do you think is the biggest threat to most organizations?
The three types mentioned in the book, that is.
I think unauthorized network access is the biggest threat for most organizations. A hacker gaining access to the network can be a serious issue because it will allow them to move laterally and possibly elevate their privileges in the network. A hacker could also violate the three security objectives of view/stealing confidential information, modify data integrity, or make system/services unavailable. A reason this is an organization’s biggest concern is because a lot of employee bring their own devices to work and connect to the WiFi or could setup their own rogue access point. If these devices are not properly configured it could be an easier attack vector for a hacker to gain access to the network.
I think unauthorized network access is the biggest threat to most organizations because it can be done by hackers via malware or phishing emails. A Man-in-the-middle attack is less common while wireless DoS attacks often cannot send enoughresponses to flood corporate servers because companies usually have the RAM, CPU power, and bandwidth to withstand the number of attacks from DoS.
The DDoS article outlines several prevention/mitigation steps against an attack. One of these mentioned, which I find interesting, is the concept of honeypots. Yet the article mentions they are not widely used. What might be some reasons this is the case?
Honeypots need resources to maintain and monitor. They serve no other functional purpose in an organization. Therefore, organizations have to allocate limited resources and funding to create, maintain and monitor the honeypots, no to mention the log storage cost. A network with a few hosts can generate a large number of log files.
Hi Meghan,
In addition to the cost & technical expertise elements required to ensure that honeypots are effective, this approach presents more challenges to an entity if thwarted by an attacker. The attacker could use this a resource to launch attacks against the company or even other companies.
Hi Megan,
I thought the concept of using honeypots was interesting too. I did a little bit of research and I found the primary reason that dissaudes organizations from using honeypots is the risk of liability. The primary purpose of a honeypot is to deceive and attract a threat actor who attempts to gain access to the network. This Information Security team should monitor network activity and strengthen controls and security based on what they have learned. If the honeypot becomes compromised and subsequently used to attack or harm other systems or organizations, the organization using honeypots could become liable for any damages.
This is really interesting! Thanks for finding this out and sharing.
What cloud services do you rely on, personally or professionally? Under which service models and deployment models can those services be categorized?
What is the advantage of using a DDoS attack over another?
Panayiotis – I think there are a few advantages of using DDoS attacks over another type of attack. First, there is a large volume of unsecured devices (like IoT devices) connected to the Internet that can be used in attacks. It’s also my understanding that it is relatively easy to find resources that will rent out botnets. In researching this briefly, I found information on DDoS services starting at just $7 for disruption ranging from a few minutes to a couple of hours, down from $25 in 2017. The technology and services are becoming cheaper. The other major reason I believe DDoS could be advantageous is that the traffic coming from a DDoS attack can be hard to distinguish from legitimate traffic. This means it can be harder for the attacked organization to successfully identify and eliminate the threat. There are probably a few other advantages but these are just a few I can think of.
In understanding the various cloud deployment methods, how would you assist an organization in deciding which method would work best for them? What are some of the factors you would consider?
When an organization is deciding on what type of deployment model to use I think it is important to first understand why type of data will be stored in the cloud. This data can be compared with the organization’s data classification chart to determine whether it is public, sensitive, or confidential. Depending on the deployment model there could be shared storage between multiple organizations. Also, I think it should be taken into account any regulations or laws that may govern the data being used. Lastly, the budget should be taken into consideration as a private deployment model is more expensive.
How could cloud service providers such as AWS or Microsoft help organizations with daily high web traffic mitigate a DDOS attack?
AWS provides two levels of protection against DDoS attacks: AWS Shield Standard and AWS Shield Advanced. Standard defends the basic DDoS attack while Advanced provides higher level of protection against most attacks, at additional cost.
Thanks Wei for your feedback. I also just researched how Microsoft protect their cloud from cyberattack and from what I learn they provide BitLocker encryption, secure encrypted network connections and virus scans on their cloud services. They also do not allow HTTP connection to their cloud instead they only allow HTTPS direct connections.
What are ways to prevent a wall jack from being hacked by an attacker?