The article explains a lot about what a distributed denial of service attack is. A DDOS is a form of attack where infected computers are used to flood targeted servers directly or indirectly. The purpose is to prevent legitimate users from accessing websites and to degrade the service of the website.
Some of the points of interest I took from the article were the two types of DDoS attacks. It was interesting reading that there are two different types. One attacks the network which is the internet, and the denial will not allow legitimate users from accessing the companies site. The second type of DDoS attacks the weaknesses in applications to cripple server resources such as CPU, RAM and Memory.
I also thought the idea of honeypots was a key point in the way to prevent DDoS. By setting up fake servers with vulnerabilities exposed to hackers and using these fake servers to learn more about the hacker’s patterns and potential attack sources was pretty interesting.
Thanks Corey I had similar thoughts on the honeypots topic as well. It’s really important to monitor and measure for potential attack patterns. Without monitoring processes and procedures, an organization won’t be able to quantitively understand the effectiveness of the deployed honeypot.
I found this article’s description of a Syn Flood attack interesting. In this attack, the denial of service targets applications by opening multiple connections from “zombie” computers to the target server using Syn requests. Servers respond to the Syn requests with a Syn-Ack acknowledgement. In a normal exchange the sending computer would send back an Ack response to close the connection. In a Syn Flood DDoS, the “zombie” computer does not send the closing Ack. This results in multiple open connections on the target server (awaiting the closing Ack) which degrades service availability.
A Syn Flood can be addressed by analyzing traffic for statistical patterns and dropping malicious packets. This can be achieved by an intrusion prevention system. Load balancing is another consideration as legitimate traffic can be redirected to available servers while the DDoS is being addressed.
DDoS stands for Distributed Denial of Service Attack, where the attacker controls a large number of computers to overwhelm the target server directly or indirectly. From the figure, we clearly understand that the attacker’s main computer and the victim’s server are not directly connected, and there are a large number of zombie computers in three parts. These zombie computers are difficult to track down. Zombie computers connected to the Internet through broadband do not have a fixed IP address/IP address sequence. Even if some attacking zombie computers are identified and blocked, attackers can always summon more computers. Also, zombies do not communicate directly with the victim server, they spoof the victim server’s IP address and send requests to a large number of reflector computers. DDoS prevention methods include statistical patterns to identify attacks in advance, alternate network paths to reduce the risk of DDoS attacks, rate limiting/throttling, cloud infrastructure, etc.
From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
New business and companies can prevent and mitigate this attack by simply hosting their infrastructure on cloud / content delivery networks/ managed service providers etc., who have dedicated network security professionals and devices (if companies don’t have them in-house) to manage DDoS attacks. But the cost of such hosting / DDoS mitigation needs to be considered. Having alternate network paths and applying load balancing for incoming traffic would reduce the risk posed by DDoS attacks. Having over provisioned/ additional servers/ cloud based resources even if it can be summoned only at the time of DDoS attacks also helps – especially with small DDoS attacks, as more traffic can be handled.
I found the traffic jam analogy to be very apt. Analogies like these are great ways to communicate with management to effectively get your point across. You could even continue with this analogy to explain how adding network paths and load balancing would be akin to adding lanes on the highway and having a policeman directing traffic to different lanes. This would be helpful in attempting to convince management to open up their checkbooks for these safeguards.
An important section to understand in this reading was the 2 types of Dos Attack.
“There are two types of DDoS attacks – Attacks that target the Network (Internet bandwidth) and choke the Internet bandwidth used by the victim server, so that it cannot accept legitimate requests coming from genuine users through the Internet gateway & Attacks that target the vulnerabilities in applications in order to cripple server resources like CPU, RAM, Buffer memory, etc and make the servers unavailable for handling any legitimate requests.”
The interesting note in this reading for me was in the ways to mitigate dos attacks section. There was the mention of Honey pots. The article mentions how honey pots are not really used by most businesses, “but its a very interesting technique which involves the setting up of dummy servers with maximum vulnerabilities that are exposed to hackers as legitimate servers. When the hackers attack these systems, its possible to study the attack patterns, attack intentions and even find out attack sources.” It made me wonder why Honey pots are not used more often because I believe its a very interesting and efficient strategy if used properly.
A honeypot is a trap designed for hackers, and it acts like a bait to attract cyberattacks. After a honeypot successfully attracts an attack, an organization can study its attack patterns to organize the attack and identify the source of the attack. But what organizations need to avoid is too direct exposure, which makes attackers realize they are attacking a honeypot.
I only recently learned that computers that have downloaded malware (including your own) can operate as a Zombie or botnet during a DDoS attack without your knowledge. Since unsuspecting users’ computers are used as zombies to carry out the attacks against the victim server, it is difficult to trace down the actual attacker. Although every industry is affected by said attacks, in recent years, financial, educational, and healthcare institutions have been the most targeted. Since today’s attacks are more sophisticated than ever, traditional security measures like firewalls and traffic monitoring are insufficient. The article highlighted several approaches that can be taken to defend against a DDoS attack. However, it did not mention black-holing or sinkholing, most commonly used by internet providers. In the event of a DDoS attack, internet providers can create blackhole routes, which are used to redirect DDoS attacks away from their intended target. Even though the blackhole route would stop the attack, the creation of the blackhole route itself would still render the network inaccessible since all traffic is discarded.
I found the different mitigations against DDoS attacks interesting during the reading. From my own experience, I’ve seen security filtering in order to halt illegitatimate traffic applied at my company. Also, I’ve seen redundant load balancing used in networks to ensure availability of systems and applications in situations where one experiences an outage. Adding to load balancing procedures, I think it would also make sense to have some of your most critical systems and applications in high availability. Keeping these systems in high availability could allow them to achieve greater operational performance over time and could also potentially thwart DDoS attacks.
A distributed denial of service (DDoS) attack is mostly executed by flooding a system’s internet bandwidth or hardware with tons of requests and ultimately affects the system’s performance and availability.
The mode of these attacks are performed by infecting computers with malicious codes or messages to a target resource with fake traffic to overwhelm the system (botnet).
The botnet can be controlled through a command and control server (C2) server to coordinate an attack. Once an attacker has a botnet large enough to disrupt a system, they’re ready to attack.
The goal of a DDoS is to stop critical services and it uses TCP/IP network protocol to achieve this aims of performing a DDoS attack. I saw the TCP three-way handshake to the target computer by sending a SYN and a received SYN-ACK, but awaits the botnet computer to send out ACK packet.
.
A DDoS attack is a large-scale, coordinated attack on the availability of service on the victim’s system or network resources. It is launched directly through many numbers of compromised computers (botnet) on the internet.
Attackers launch a DDoS attack from a single system whenever a targeted system is smaller, however, when a targeted system’s hardware and server have strong capabilities then it can deny the service attackers from the DDoS attack, In DDos, the attacker creates malicious code to infect and control a huge number of computers which are connected to the internet, after infecting the computer the attacker uses the infected computers (zombies) to launch a coordinated DDoS attack against the one or more targets. The attacker floods the incoming messages in the target system essentially to consume the target’s available bandwidth and force it to shut down the target, so legitimate user’s services are down.
Prevention:
Use better anti-virus and anti-Trojan software and always keep the software up to date.
Increase awareness of security issues and prevention techniques in all internet users.
Stop the unwanted running services, remove unusable applications, and always scan received data from outside resources.
Properly configure and regularly update the built-in defensive mechanism in the core hardware and software of the system.
Mitigation:
1. Increase the bandwidth on critical connections to absorb additional traffic generated by the attack.
2. Replicate services to provide additional failsafe protection
3. Balance loads on each service in a multiple-server architecture to mitigate DDoS attacks.
4. Set router to access a server with a logic to throttle incoming traffic levels that are safe for the server.
5. Throttling helps in preventing damage to the server by controlling the DDoS traffic.
6. Can be extended to throttle DDoS attack traffic and allow legitimate user traffic for better results.
While reading through the article on Distributed Denial of Service attacks, I came away with thinking that the implementation of having a load balancer becomes imperative in helping to mitigate these kinds of attacks. In the section outlining the different prevention/mitigation measures, I took away that the use of a load balancer would be the most beneficial for both types of DDoS attacks that were outlined (network and application vulnerabilities). Using a load balancer with a pool of resources for distribution across different servers would combat a number of DDoS attacks. Large DDoS attacks would most likely still end up being successful, but there is not much in prevention that can mitigate those anyway in this instance. Having the use of a load balancer increases the chances that the DDoS attack would be stopped right at that point on the network. Although, it is best to implement multiple of the mitigation measures mentioned. As commonly is the case, a defense in depth approach offers the most amount of protection.
A distributed denial of service attack is performed by overloading a system internet bandwidth with a ton of requests which ultimately affects the system’s availability and ability to perform. These attacks are performed by infecting computers through malicious software. One method of performing a DDoS attack mentioned in the article is by misusing the TCP/IP network protocol. You can mitigate DDoS attacks by monitoring the network traffic and establishing what is and isn’t considered normal traffic. Once this line is established, you can better determine what should be blocked.
This article introduced DDoS, explained why DDoS is hard to detect and mitigate, and provided some steps for prevention of DDoS. The reason why DDoS is hard to detect and mitigate is that zombie computers don’t have fixed IP addresses. Moreover, they don’t communicate with the victim servers directly. The article provided 7 steps that can be used based on specific environment. Moreover, entities can apply other steps if needed to prevent DDoS.
Good post. I myself did not quite understand why they are called zombie. From my understanding, DDOS and DOS are very similar and their ultimate goal is to cause harm. Fortunately, there are prevention methods to minimize those kind of risks. Network hacking is very bad for an organization as everything depends on it and having ways to secure as much as we can is beneficial for the sake of the organization.
I believe they are called zombies because typically computer owners that have been attacked are unaware that they have even been infected. In a sense, since their computer is being used illegitimately they are like “the walking dead”. Think any zombie movie, book, etc. These creatures typically are completely unaware of what they’re even doing, hence the “zombie” token to compromised systems.
A denial of service is any action, or series of actions, that prevents a system, or its resources, from functioning in accordance with its intended purpose. The main purpose is to affect the availability of a website / service. It could cause a web server to stop responding or even prevent an email from being sent. This is usually due to a vulnerability in the software that runs the service or perhaps a design failure or flaw with the system surrounding the operation of that service. It is imperative to keep the operating system and applications up to date with the latest versions / patches.
This article explains what a DDOS is and ways on how to prevent it from happening. DOS and DDOS are very similar as they are both targeted network. We cannot be sure that a network is secure 100% but we can take action to minimize the risks to secure our network. The ultimate goal of DOS/DDOS is to cause harm.
If attacked, DDOS affects the availability of a network which will cost the reputation of an organization. It will also stop outsiders who has not done business with them fear investing their money.
One prevention that I really liked that was mentioned in the article was the fact that having an alternate network path and applying load balancing for incoming traffic would reduce the risk posed by DDoS attacks. Cloud computer is another way to secure the network. These preventions are in fact mandatory when it comes to securing a network because you really want to keep unauthorized people from accessing your network. You also want to make sure that the operation of the system works well and you have installed alters or filters that would catch those attacks.
Organizations also stress on uptime of a network because it only takes a couple of unreliable days for the consumer to lose patience. Or even worse, if the attack hits a high-availability system that results in high impact and could potentially devastate an operation. It’s often why an organization may opt to have devices isolated on their own enclave or boundary to prevent DDOS attacks or exploits. Though this makes the systems more susceptible from the inside because patching systems becomes more difficult. There are tradeoffs to everything it seems.
This article walks the reader through DoS and DDoS attacks, as well as some prevention and mitigation techniques against these types of attacks. I found the information on DDoS attack “enhancements” to be interesting. In addition to the attacker, zombie computers, and victim server, some bad actors use handlers/controlling computers. The handler computers logically sit between the attacker and the zombie computers. This could give the bad actor more computing power in the attack and build in an extra layer of separation from the attack to help in hiding from investigators. Bad actors can also use “reflector computers”, which don’t even need to be infected, for a larger attack on the victim system. In this set-up, each zombie computer would spoof the victim system’s IP address and send requests to multiple reflector computers. Each reflector computer would then send their reply to the victim system. Lastly, bad actors can encrypt the communication between the systems in the DDoS attack to make it difficult to trace the attack back to the initial attacker system.
This article serves as an intro to DDoS (Distributed Denial of Service) Attacks, it’s components, difficulties in detection & mitigation, types of DDoS attacks, & some steps organizations can take to prevent/mitigate them. DDoS attacks, put simply, are cyber-attacks in which the attacker uses several “zombie” computers to flood targeted servers with excessive information to prevent legitimate access. The components of these attacks are the attacker (master computer) & the victim (attacked server), but may also include “zombies” (which make it a DDoS attack), controlling computers, & amplifying networks. Controlling computers issue commands to the “zombies”, and the amplifying network increased the number of requests given by “zombies”. The difficulty organizations face in dealing with these types of attacks is because they are being carried out by the unsuspecting “zombie” computers with no fixed IP addresses, and even if it they are identified more can just be created. This makes it very difficult to determine who the actual attacker is. The two types of DDoS attacks are those that target the network & those that target the vulnerabilities in applications. Some of the listed steps to prevent/mitigate DDoS attacks include honeypots & hosting a website on cloud infrastructure. Honeypots, although uncommon, is the idea of setting up dummy servers with a large number of vulnerabilities so that when the system is attacked the attack patterns & intentions can be discovered. The idea of setting up a website up on cloud infrastructure is for those who do not have network security/devices in house. Of course, the most helpful solution would be for the “zombies” to protect their computers in the first place so that the attacker cannot infect their systems.
This article mentions the functionality of DDoS as it happens when zombie computer-controlled by attackers flood the targeted servers. The reasons why DDoS attacks are hard to detect and mitigate is
– user computers are hard to suspect when they will attack – hard to trace down the actual attacker
– there is no fixed list of IP addresses that zombie computers use – the connection is through a broadband connection
– more requests from fewer devices is harder to detect more computers with fewer requests coming from each
Some of the solutions recommended by author Rajesh include:
– statistical pattern identification to understand when the attack is coming via traffic filtering
-to decrease the risk f=of availability impact, alternate network paths and load balancers important
– Having the web browser hosted on the cloud would help because of the experts and more professional security controls provided by the cloud provider
The article explains a lot about what a distributed denial of service attack is. A DDOS is a form of attack where infected computers are used to flood targeted servers directly or indirectly. The purpose is to prevent legitimate users from accessing websites and to degrade the service of the website.
Some of the points of interest I took from the article were the two types of DDoS attacks. It was interesting reading that there are two different types. One attacks the network which is the internet, and the denial will not allow legitimate users from accessing the companies site. The second type of DDoS attacks the weaknesses in applications to cripple server resources such as CPU, RAM and Memory.
I also thought the idea of honeypots was a key point in the way to prevent DDoS. By setting up fake servers with vulnerabilities exposed to hackers and using these fake servers to learn more about the hacker’s patterns and potential attack sources was pretty interesting.
Thanks Corey I had similar thoughts on the honeypots topic as well. It’s really important to monitor and measure for potential attack patterns. Without monitoring processes and procedures, an organization won’t be able to quantitively understand the effectiveness of the deployed honeypot.
I found this article’s description of a Syn Flood attack interesting. In this attack, the denial of service targets applications by opening multiple connections from “zombie” computers to the target server using Syn requests. Servers respond to the Syn requests with a Syn-Ack acknowledgement. In a normal exchange the sending computer would send back an Ack response to close the connection. In a Syn Flood DDoS, the “zombie” computer does not send the closing Ack. This results in multiple open connections on the target server (awaiting the closing Ack) which degrades service availability.
A Syn Flood can be addressed by analyzing traffic for statistical patterns and dropping malicious packets. This can be achieved by an intrusion prevention system. Load balancing is another consideration as legitimate traffic can be redirected to available servers while the DDoS is being addressed.
DDoS stands for Distributed Denial of Service Attack, where the attacker controls a large number of computers to overwhelm the target server directly or indirectly. From the figure, we clearly understand that the attacker’s main computer and the victim’s server are not directly connected, and there are a large number of zombie computers in three parts. These zombie computers are difficult to track down. Zombie computers connected to the Internet through broadband do not have a fixed IP address/IP address sequence. Even if some attacking zombie computers are identified and blocked, attackers can always summon more computers. Also, zombies do not communicate directly with the victim server, they spoof the victim server’s IP address and send requests to a large number of reflector computers. DDoS prevention methods include statistical patterns to identify attacks in advance, alternate network paths to reduce the risk of DDoS attacks, rate limiting/throttling, cloud infrastructure, etc.
From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
New business and companies can prevent and mitigate this attack by simply hosting their infrastructure on cloud / content delivery networks/ managed service providers etc., who have dedicated network security professionals and devices (if companies don’t have them in-house) to manage DDoS attacks. But the cost of such hosting / DDoS mitigation needs to be considered. Having alternate network paths and applying load balancing for incoming traffic would reduce the risk posed by DDoS attacks. Having over provisioned/ additional servers/ cloud based resources even if it can be summoned only at the time of DDoS attacks also helps – especially with small DDoS attacks, as more traffic can be handled.
Hello Shubham,
I like the traffic jam example, it is a great way of explaining a DDos attack to someone not familiar with how the technology works
Hi Shubham,
I found the traffic jam analogy to be very apt. Analogies like these are great ways to communicate with management to effectively get your point across. You could even continue with this analogy to explain how adding network paths and load balancing would be akin to adding lanes on the highway and having a policeman directing traffic to different lanes. This would be helpful in attempting to convince management to open up their checkbooks for these safeguards.
An important section to understand in this reading was the 2 types of Dos Attack.
“There are two types of DDoS attacks – Attacks that target the Network (Internet bandwidth) and choke the Internet bandwidth used by the victim server, so that it cannot accept legitimate requests coming from genuine users through the Internet gateway & Attacks that target the vulnerabilities in applications in order to cripple server resources like CPU, RAM, Buffer memory, etc and make the servers unavailable for handling any legitimate requests.”
The interesting note in this reading for me was in the ways to mitigate dos attacks section. There was the mention of Honey pots. The article mentions how honey pots are not really used by most businesses, “but its a very interesting technique which involves the setting up of dummy servers with maximum vulnerabilities that are exposed to hackers as legitimate servers. When the hackers attack these systems, its possible to study the attack patterns, attack intentions and even find out attack sources.” It made me wonder why Honey pots are not used more often because I believe its a very interesting and efficient strategy if used properly.
Hi Jason,
A honeypot is a trap designed for hackers, and it acts like a bait to attract cyberattacks. After a honeypot successfully attracts an attack, an organization can study its attack patterns to organize the attack and identify the source of the attack. But what organizations need to avoid is too direct exposure, which makes attackers realize they are attacking a honeypot.
I only recently learned that computers that have downloaded malware (including your own) can operate as a Zombie or botnet during a DDoS attack without your knowledge. Since unsuspecting users’ computers are used as zombies to carry out the attacks against the victim server, it is difficult to trace down the actual attacker. Although every industry is affected by said attacks, in recent years, financial, educational, and healthcare institutions have been the most targeted. Since today’s attacks are more sophisticated than ever, traditional security measures like firewalls and traffic monitoring are insufficient. The article highlighted several approaches that can be taken to defend against a DDoS attack. However, it did not mention black-holing or sinkholing, most commonly used by internet providers. In the event of a DDoS attack, internet providers can create blackhole routes, which are used to redirect DDoS attacks away from their intended target. Even though the blackhole route would stop the attack, the creation of the blackhole route itself would still render the network inaccessible since all traffic is discarded.
I found the different mitigations against DDoS attacks interesting during the reading. From my own experience, I’ve seen security filtering in order to halt illegitatimate traffic applied at my company. Also, I’ve seen redundant load balancing used in networks to ensure availability of systems and applications in situations where one experiences an outage. Adding to load balancing procedures, I think it would also make sense to have some of your most critical systems and applications in high availability. Keeping these systems in high availability could allow them to achieve greater operational performance over time and could also potentially thwart DDoS attacks.
A distributed denial of service (DDoS) attack is mostly executed by flooding a system’s internet bandwidth or hardware with tons of requests and ultimately affects the system’s performance and availability.
The mode of these attacks are performed by infecting computers with malicious codes or messages to a target resource with fake traffic to overwhelm the system (botnet).
The botnet can be controlled through a command and control server (C2) server to coordinate an attack. Once an attacker has a botnet large enough to disrupt a system, they’re ready to attack.
The goal of a DDoS is to stop critical services and it uses TCP/IP network protocol to achieve this aims of performing a DDoS attack. I saw the TCP three-way handshake to the target computer by sending a SYN and a received SYN-ACK, but awaits the botnet computer to send out ACK packet.
.
A DDoS attack is a large-scale, coordinated attack on the availability of service on the victim’s system or network resources. It is launched directly through many numbers of compromised computers (botnet) on the internet.
Attackers launch a DDoS attack from a single system whenever a targeted system is smaller, however, when a targeted system’s hardware and server have strong capabilities then it can deny the service attackers from the DDoS attack, In DDos, the attacker creates malicious code to infect and control a huge number of computers which are connected to the internet, after infecting the computer the attacker uses the infected computers (zombies) to launch a coordinated DDoS attack against the one or more targets. The attacker floods the incoming messages in the target system essentially to consume the target’s available bandwidth and force it to shut down the target, so legitimate user’s services are down.
Prevention:
Use better anti-virus and anti-Trojan software and always keep the software up to date.
Increase awareness of security issues and prevention techniques in all internet users.
Stop the unwanted running services, remove unusable applications, and always scan received data from outside resources.
Properly configure and regularly update the built-in defensive mechanism in the core hardware and software of the system.
Mitigation:
1. Increase the bandwidth on critical connections to absorb additional traffic generated by the attack.
2. Replicate services to provide additional failsafe protection
3. Balance loads on each service in a multiple-server architecture to mitigate DDoS attacks.
4. Set router to access a server with a logic to throttle incoming traffic levels that are safe for the server.
5. Throttling helps in preventing damage to the server by controlling the DDoS traffic.
6. Can be extended to throttle DDoS attack traffic and allow legitimate user traffic for better results.
While reading through the article on Distributed Denial of Service attacks, I came away with thinking that the implementation of having a load balancer becomes imperative in helping to mitigate these kinds of attacks. In the section outlining the different prevention/mitigation measures, I took away that the use of a load balancer would be the most beneficial for both types of DDoS attacks that were outlined (network and application vulnerabilities). Using a load balancer with a pool of resources for distribution across different servers would combat a number of DDoS attacks. Large DDoS attacks would most likely still end up being successful, but there is not much in prevention that can mitigate those anyway in this instance. Having the use of a load balancer increases the chances that the DDoS attack would be stopped right at that point on the network. Although, it is best to implement multiple of the mitigation measures mentioned. As commonly is the case, a defense in depth approach offers the most amount of protection.
A distributed denial of service attack is performed by overloading a system internet bandwidth with a ton of requests which ultimately affects the system’s availability and ability to perform. These attacks are performed by infecting computers through malicious software. One method of performing a DDoS attack mentioned in the article is by misusing the TCP/IP network protocol. You can mitigate DDoS attacks by monitoring the network traffic and establishing what is and isn’t considered normal traffic. Once this line is established, you can better determine what should be blocked.
This article introduced DDoS, explained why DDoS is hard to detect and mitigate, and provided some steps for prevention of DDoS. The reason why DDoS is hard to detect and mitigate is that zombie computers don’t have fixed IP addresses. Moreover, they don’t communicate with the victim servers directly. The article provided 7 steps that can be used based on specific environment. Moreover, entities can apply other steps if needed to prevent DDoS.
Hi Hang,
Good post. I myself did not quite understand why they are called zombie. From my understanding, DDOS and DOS are very similar and their ultimate goal is to cause harm. Fortunately, there are prevention methods to minimize those kind of risks. Network hacking is very bad for an organization as everything depends on it and having ways to secure as much as we can is beneficial for the sake of the organization.
Hey Ornella,
I believe they are called zombies because typically computer owners that have been attacked are unaware that they have even been infected. In a sense, since their computer is being used illegitimately they are like “the walking dead”. Think any zombie movie, book, etc. These creatures typically are completely unaware of what they’re even doing, hence the “zombie” token to compromised systems.
A denial of service is any action, or series of actions, that prevents a system, or its resources, from functioning in accordance with its intended purpose. The main purpose is to affect the availability of a website / service. It could cause a web server to stop responding or even prevent an email from being sent. This is usually due to a vulnerability in the software that runs the service or perhaps a design failure or flaw with the system surrounding the operation of that service. It is imperative to keep the operating system and applications up to date with the latest versions / patches.
This article explains what a DDOS is and ways on how to prevent it from happening. DOS and DDOS are very similar as they are both targeted network. We cannot be sure that a network is secure 100% but we can take action to minimize the risks to secure our network. The ultimate goal of DOS/DDOS is to cause harm.
If attacked, DDOS affects the availability of a network which will cost the reputation of an organization. It will also stop outsiders who has not done business with them fear investing their money.
One prevention that I really liked that was mentioned in the article was the fact that having an alternate network path and applying load balancing for incoming traffic would reduce the risk posed by DDoS attacks. Cloud computer is another way to secure the network. These preventions are in fact mandatory when it comes to securing a network because you really want to keep unauthorized people from accessing your network. You also want to make sure that the operation of the system works well and you have installed alters or filters that would catch those attacks.
Alerts*
I agree,
Organizations also stress on uptime of a network because it only takes a couple of unreliable days for the consumer to lose patience. Or even worse, if the attack hits a high-availability system that results in high impact and could potentially devastate an operation. It’s often why an organization may opt to have devices isolated on their own enclave or boundary to prevent DDOS attacks or exploits. Though this makes the systems more susceptible from the inside because patching systems becomes more difficult. There are tradeoffs to everything it seems.
This article walks the reader through DoS and DDoS attacks, as well as some prevention and mitigation techniques against these types of attacks. I found the information on DDoS attack “enhancements” to be interesting. In addition to the attacker, zombie computers, and victim server, some bad actors use handlers/controlling computers. The handler computers logically sit between the attacker and the zombie computers. This could give the bad actor more computing power in the attack and build in an extra layer of separation from the attack to help in hiding from investigators. Bad actors can also use “reflector computers”, which don’t even need to be infected, for a larger attack on the victim system. In this set-up, each zombie computer would spoof the victim system’s IP address and send requests to multiple reflector computers. Each reflector computer would then send their reply to the victim system. Lastly, bad actors can encrypt the communication between the systems in the DDoS attack to make it difficult to trace the attack back to the initial attacker system.
This article serves as an intro to DDoS (Distributed Denial of Service) Attacks, it’s components, difficulties in detection & mitigation, types of DDoS attacks, & some steps organizations can take to prevent/mitigate them. DDoS attacks, put simply, are cyber-attacks in which the attacker uses several “zombie” computers to flood targeted servers with excessive information to prevent legitimate access. The components of these attacks are the attacker (master computer) & the victim (attacked server), but may also include “zombies” (which make it a DDoS attack), controlling computers, & amplifying networks. Controlling computers issue commands to the “zombies”, and the amplifying network increased the number of requests given by “zombies”. The difficulty organizations face in dealing with these types of attacks is because they are being carried out by the unsuspecting “zombie” computers with no fixed IP addresses, and even if it they are identified more can just be created. This makes it very difficult to determine who the actual attacker is. The two types of DDoS attacks are those that target the network & those that target the vulnerabilities in applications. Some of the listed steps to prevent/mitigate DDoS attacks include honeypots & hosting a website on cloud infrastructure. Honeypots, although uncommon, is the idea of setting up dummy servers with a large number of vulnerabilities so that when the system is attacked the attack patterns & intentions can be discovered. The idea of setting up a website up on cloud infrastructure is for those who do not have network security/devices in house. Of course, the most helpful solution would be for the “zombies” to protect their computers in the first place so that the attacker cannot infect their systems.
This article mentions the functionality of DDoS as it happens when zombie computer-controlled by attackers flood the targeted servers. The reasons why DDoS attacks are hard to detect and mitigate is
– user computers are hard to suspect when they will attack – hard to trace down the actual attacker
– there is no fixed list of IP addresses that zombie computers use – the connection is through a broadband connection
– more requests from fewer devices is harder to detect more computers with fewer requests coming from each
Some of the solutions recommended by author Rajesh include:
– statistical pattern identification to understand when the attack is coming via traffic filtering
-to decrease the risk f=of availability impact, alternate network paths and load balancers important
– Having the web browser hosted on the cloud would help because of the experts and more professional security controls provided by the cloud provider