Individual Assignment Essay

Having a strong web presence is not only important in today’s world, it is vital for survival in today’s super connected world. Companies, banks, agencies and private industries must be able to create an environment to interact with customers, government officials and other companies in order to thrive. Opening yourself up to anyone through the Internet often means opening your system up to the world. Today we are more connected than ever, and cyberspace is littered with a multitude of individuals, some with the intent to compromise network confidentiality, integrity and availability. Anyone with a computer and Internet access can become a victim or criminal over the web. As a result, networks and servers are under constant attack these days. Attackers are changing their techniques daily and are on a never ended endeavor to disrupt companies for their selfish reasons. Two such forms of disruption are Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. These forms of disruption have cost companies millions of dollars and are showing no signs of stopping. That is why it is up to security professionals to create the best safeguards and impose efficient and proper techniques to prevent, mitigate and discover these attacks before they inflict terrible harm. In the following assignment, these important topics of prevention, mitigation and discovery will be discussed as they relate to DoS and DDoS attacks on today’s systems. Specifically, three academic journals have been selected that relate to this topic. This essay will first briefly summarize each article that was selected and state the methods of prevention, mitigation or discovery as they relate to denial of service attacks. The second part of this essay will explore in detail the specific methods discussed in the summaries as they relate to a proposed technique and practical approach, which can be implemented, into a platform. The strengths and weaknesses of each method that is selected will also be discussed within the summary. 2 Brief Overview In order to better understand the reasons for discovering, mitigating and preventing these attacks, it is necessary to first review what exactly Denial of Service and Distributed Denial of Service attacks are and why these specific journal articles were selected for this assignment. DoS and DDoS attacks are extremely popular cyber attacks launched by attackers because of their effectiveness and ease. The goal of a DoS attack is for the attacker to render certain specific resources of the victims’ computer or server unusable or make them unavailable. The attacker does this by sending large amounts of traffic that appear to be legitimate request to the victim. As a result, the victim’s computer or server is tangled up and that particular resource cannot be used. These attacks expose a significant loophole not just in certain applications, but loopholes in the TCP/IP suite (Joshi & Misra, 2010). A DoS attack only occurs when a resource on a computer or network is slowed down or stopped completely by an individual maliciously. A DDoS attack is very similar to a DoS attack. However, this form of attack is launched on multiple computers or devices in an organized manner. The goal, once again, is to attack a specific target or multiple computers and servers and make them unavailable for use. The first ever reported DDoS attack occurred at a University in 1999. From then on, these attacks have become increasingly more complex and sophisticated. Their widespread effect has ranged from simply slower speeds on websites, to financial institutions losing millions for not being accessible to customers. The journal article â€Å"DDoS Prevention Techniques† was chosen because it does a fantastic job of explaining the differences between the two attacks, multiple DDoS tools that attackers use, and lastly ways to prevent and defend against the attacks. The second article selected is titled â€Å"Prevention of Attacks under DDoS Using Target Customer Behavior. † I selected this article because it not only gives an overview of this form of attack but also a specific method of protecting a potential server by blocking DoS attacks with behavior based actions. The last article I chose â€Å"A Novel Technique for Detection and Prevention of DDoS† also gives a brief overview of the attack as well as a specific method to help filter DDoS attacks on online banking websites. 3 Article One The article â€Å"DDoS Prevention Techniques† mainly centered around DDoS attack and the methods of preventing them as well as the tools that criminals use to execute these attacks. One example of a tool that these individuals use is Trinoo, which can be used to, â€Å"launch a coordinated UDP flooding attack against target system† (Joshi & Misra, 2010). Another tool that Joshi & Misra discussed was Trinity. This DDoS attack tool is IRC based and uses flooding methods of the TCP SYN, TCP RST, TCP ACK request. This tool not only can flood the TCP/IP but also flood the UDP and IP Fragment. This article offers various forms of preventative methods against DDoS attacks. They separated them into two groups: General Techniques and Filtering Techniques. Since the article gave a plethora of examples of general techniques I will discuss two of them as well as the advantages and disadvantages to these practical approaches. One method of preventing against DDoS attacks is â€Å"disabling unused services. † Attackers can’t take advantage of something if it is not available to them. So, the fewer applications and open ports that are on a given host, the less likely an attacker can manipulate any vulnerability on that host. Therefore, if a network application is unnecessary it should be disabled or closed immediately (Joshi & Misra, 2010). The advantage of this approach is that it minimizes the attack surface, thus protecting the host from receiving certain request from ports that can be used to flood the system. The disadvantage to this approach is that you limit the amount of applications you may need to help run your organization more efficiently. Another method of preventing these attacks is by using a firewall. A firewall can help mitigate against simple DDoS attacks by using simple rules such as implicit deny, or deny any for certain ports and IP addresses. However, the disadvantage of using a firewall to mitigate attacks occurs when sophisticated attacks are launched on ports such as Port 80 used for web traffic. A firewall, cannot tell the difference between legitimate traffic and malicious traffic that comes through the port (Joshi & Misra, 2010). This can lead to an attack still being carried out if the firewall cannot decide what is good and bad traffic. One filtering technique that was discussed in the journal article was the technique of â€Å"History Based IP Filtering. † During normal function, traffic seems to stay balanced and stable. Yet, during most DoS attacks they are carried out with IP addresses that have never been seen before on the network to flood the system. This form of filtration relies on an IP Address Database (IAD) to store the IP addresses that are used frequently. If an attack is launched and the source address does not match any in the IAD the request is dropped. The advantage to this form of protection against DDoS attacks is that it will keep unknown IP address from ever reaching the host. However, the draw back is that it will not keep out legitimate or real IP address that are already in the database. Also, â€Å"Cost of storage and information sharing is very high† (Joshi & Misra, 2010). So if cost is an issue for an organization, this method may not be best. These methods can be implemented fairly easy for any organization. Most security professionals should already have these measures in place such as firewalls and minimizing the attack surface with an emphasis on disabling unnecessary services. History based IP filtering is a costly alternative to those methods but can be an additional form of security. 4 Article Two The second article that will be discussed is titled, â€Å"Prevention of Attacks under DDoS Using Target Customer Behavior. † This article discusses a method using an algorithm to determine if request to a specific server should be blocked or allowed in real time to mitigate the attack. The algorithm is used to maintain a list of users and to stop attacks from unknown users. The purpose of this tool is to prevent only authorized clients onto the server. This method accomplishes this by first determining which category the requesting client should be registered or non-registered. The tool uses an anomaly-based system during peak times to help determine if certain requests are deemed malicious or not. A client will deemed malicious if the client sends repeated request during peak hours and deemed an anomaly client, or possible attacking client (Kuppusarny & Malathi, 2012). This tool can track which request made on the server are authorized or unauthorized. Once the request is deemed unauthorized, the client is then placed in a group of non-registered users and blocked temporarily until the peak time is finished. This proposed method also features a count system for the amount of request a client may attempt, which are â€Å"Access Count† and â€Å"Warning Counts. † The article explains this in depth by stating, â€Å"The access count is the count that can be incremented every time the client sends the request. The Warning Count is the count that can be incremented once the unregistered client sends anomalous request† (Kuppusarny & Malathi, 2012). This count system helps to determine if the request are legitimate and if so are only temporally blocked during peak times in order to keep systems running and not flooded with request. This feature also presents a permanent block alternative as well. This occurs once the warning count reaches it’s threshold (Kuppusarny & Malathi, 2012). This can be extremely useful when defending against DDoS attacks because it works in real time. The chart below illustrates how this method is carried out for all users trying to request information from the server. This tool could easily be implemented for any organization looking to defend their systems as well as monitor customer and client user data. The only disadvantage that may occur while implementing this will be the temporarily lockout mechanism that legitimate users may encounter if they enter too many incorrect requests. Inconvenience for some users is the only drawback. However, this approach is extremely promising because it does not completely block IP addresses like some filtration systems. They are placed in a certain unauthorized category away from authorized clients and systems. And once they meet certain requirements their request may be authorized if they do not go over the warning count. Also as an added security feature if the client goes over the warning number of request and is also unauthorized they are blocked completely. 5 Article Three The final article that will be discussed is titled â€Å"A Novel Technique for Detection and Prevention of DDoS. † This article was dedicated around a specific method for detecting and preventing DDoS attacks. This method focused on using the Hidden Markov Model. Very similar to the previous method in being an anomaly based system that uses request behavior to block or authorize users. This method also uses an algorithm to track user behavior and determine whether the requests are legitimate or an attack. However uses a different form of authorizing request before allowing access into the system. During the Anomaly Detection Module of the system when resources are scarce and the server is under heavy traffic the filter is applied. The system uses a history to maintain each of the client’s IP addresses. If â€Å"unusual† behavior is detected through the algorithm the server then goes into a special detection mode. It, â€Å"reply’s with the captcha to that client. † And if a correct CAPTCHA response is not received within three responses, it then checks the request history sequence. If the difference between the request for the CAPTCHA is less than the threshold allowed, the client is blocked. (Patil, Salunke & Zade, 2011). This model is a great tool in defending against DDoS and also monitoring traffic on a server as a whole. When traffic begins to reach its peak this system can help alleviate between legitimate and flooding traffic. This model was put to the test in this article with a fake bank system. The testers used a script in java that repeatedly requested the log in page for a fake account. The server responded with CAPTCHA pages to verify if the requester was legitimate. After three failed attempts the IP address was blocked. This type of method should be implemented across systems everywhere. The only foreseeable disadvantage would be from those users who enter the wrong CAPTCHAs more than three times and are blocked out of the system. Other than that this method would be a great tool in the defense against DDoS attacks. 6 Conclusion Denials of Service and Distributed Denial of Service Attacks have proven to be a huge hassle for security professionals. Criminals are becoming more sophisticated in their attack schemes and are leaving security teams in a never ending game of catch up. It only takes one loophole in a defense strategy for an individual to wreck havoc on a system. None of these methods will stop DoS and DDoS attacks entirely. However, in the future we must look for tools that include multiple defense strategies to stop these forms of attack. Layering a computer network offers many benefits especially if one level of defense falls, it will not compromise the entire system. The fight to defend cyberspace against these malicious attackers is forever ongoing, but with the right tools and defense strategies we can help maintain a safer and productive Internet experience for all users. 7 Work Cited