Protection Against Denial of Service Attacks

Question: Discuss about the Protection Against Denial of Service Attacks. Answer: Introduction Information, data, products, systems and services are the key assets for an organization. The involvement of information technology in the processes and operations has led to the emergence of a number of different security attacks. One of the most frequently occurring security attacks is the Denial of Service (DoS) attack. It is an attack on the availability of the asset that is targeted by flooding the same with unnecessary traffic that leads to the deterioration and a gradual breakdown of the continuity and availability of the service (Kumar, 2016). There are a number of Denial of Service (DoS) attacks that are possible and have been created by the attacks to affect the availability of the system. These attacks have been described below. Internet Control Message Protocol (ICMP) Attacks These are the DoS attacks that alter the router capability and limit the router from successfully executing IP broadcasts. A huge amount of ICMP traffic is generated by the attackers on the IP broadcast addresses. These addresses provide the response in return that creates a lot of unnecessary traffic leading to a flood situation. The regular continuity of the service is then hampered and breaks down (Elleithy, 2015). Internet worms are also one of the common types of DoS attacks that scan and propagate a particular network. Once scanning of the network is done, network and the associated network devices are impacted by consumption of huge bandwidth and release of a lot of unwanted traffic. A number of different IP addresses are used by these worms to make sure that the source of the attack cannot be identified with ease. TCP SYN flood attacks are also DoS attacks that may be executed by the attackers to adversely impact the system assets. These are initiated by making use of spoofed or non-existent addresses which lead to the creation of half-open connections. The system resources are then devoted to complete these half open connections and the availability of the same is affected. UDP attacks are also used to give shape to the DoS attacks in which UDP flooding is used to increase the response time of the CPU (Othman, 2015). These are the attacks in which an attack broadcasts the broken and unorganized IP fragments on the network. These broken packets result in crashing down of the system as the resources get unnecessarily involved in rectifying the entire structure. Responsibility of the Attack The networking team is primarily responsible for the attacks as networks are the primary threat agents in this case. The team shall make sure that any of the deviating network activity is detected and reported immediately to prevent the attacks. Also, the security team along with the employees of the organization is also responsible as the proper security mechanisms shall be implemented to prevent these attacks (Prasad, 2014). There are a number of recovery measures that have been developed to make sure that these attacks are prevented and controlled. The system assets along with all other applications that are associated with the company must be protected by making sure that only authorized individuals are able to access them. Access control shall also be applied on the internal and external networks to prevent the malicious entities from gaining entry to the system (Loukas, 2009). System Scanning, Intrusion Detection and Prevention There are automated tools that are now available for the system and network scanning along with intrusion detection and prevention. These tools run non-stop for hours without the need of continuous monitoring and generate alerts in case of any malicious activity. There are also patterns and reports available which can be extracted from the tool to understand the network behavior, system behavior, performance and associated parameters (Karig, Lee, 2001). It is necessary to ensure that the system along with all of its components is kept up to date with the latest version. Patching is an activity that is done to update a piece of software or a system rather than making changes to the entire system at once. These activities will make sure that the attacks created for specific versions are prevented. Installation of firewalls and setting up of the proxy servers will make sure that required network and content filtering is done. The activity will prevent the malicious content to gain access to the system and will be prevented by the firewalls and the proxy servers to stay outside of the system boundaries. It is the first hand security that must be set up to avoid and prevent the attacks. Incident Response Team (IRT) In spite of the security measures and mechanisms, there may be scenarios wherein the attackers may succeed in executing a denial of service attack on one or more system assets. Incident Response Team (IRT) will play a significant role in this case as a complete account of the incident will be recorded by the team and a required response will also be generated. It will be the responsibility of the team to alert the resources to take the necessary course of action to minimize the damage and control the attack. There are also various tools that are now available which may be utilized by the IRT for incident recording, incident response, incident history and report extraction (Singh, Ghrera, Chaudhuri, 2010). Disaster Recovery The company shall also make sure that a disaster recovery plan and policy is in place. This plan will list out the steps that shall be followed during the occurrence of a security attack such as DoS. Also, the schedule and frequency of data back-ups and other strategies that shall be followed to control the damage will also be listed in the plan. It will be essential for the organization to recover the services and system to its regular processing and functioning to ensure that the productivity is not impacted. Disaster recovery will make sure that the downtime and degree of damage is as low as possible in case of an attack (Jain, Raghuwanshi, 2015). References Elleithy, K. (2016). Denial of Service Attack Techniques: Analysis, Implementation and Comparison. Retrieved 23 March 2017, from https://www.iiisci.org/journal/cv$/sci/pdfs/p129065.pdf Jain, S., Raghuwanshi, V. (2015). IJETT - Denial of Service Attack in VANET: A Survey. Ijettjournal.org. Retrieved 23 March 2017, from https://www.ijettjournal.org/archive/ijett-v28p204 Karig, D., Lee, R. (2001). Remote Denial of Service Attacks and Countermeasures. Retrieved 23 March 2017, from https://www.princeton.edu/~rblee/ELE572Papers/karig01DoS.pdf Kumar, G. (2016). Denial of service attacks an updated perspective: Systems Science Control Engineering: Vol 4, No 1. Tandfonline.com. Retrieved 23 March 2017, from https://www.tandfonline.com/doi/full/10.1080/21642583.2016.1241193 Loukas, G. (2009). Protection against Denial of Service Attacks: A Survey. Retrieved 23 March 2017, from https://staffweb.cms.gre.ac.uk/~lg47/publications/LoukasOke-DoSSurveyComputerJournal.pdf Othman, R. (2015). Understanding the Various Types of Denial of Service Attack. Retrieved 23 March 2017, from https://www.cybersecurity.my/data/content_files/13/72.pdf Prasad, K. (2014). DoS and DDoS Attacks: Defense, Detection and Traceback Mechanisms -A Survey. Computerresearch.org. Retrieved 23 March 2017, from https://computerresearch.org/index.php/computer/article/viewFile/1081/1079 Singh, N., Ghrera, S., Chaudhuri, P. (2010). Denial of Service Attack: Analysis of Network Traffic Anormaly using Queuing Theory. Arxiv.org. Retrieved 23 March 2017, from https://arxiv.org/abs/1006.2807