Discussion I

profileSolomon Kane
Discussion4.docx

Career Relevancy

Denial-of-Service (DoS) and Distributed Denial of Service (DDoS) attacks have become a major threat to present computer networks. These attacks attempt to make a machine or network resource unavailable to its authorized users. Usually, DoS/DDoS attacks exploit vulnerabilities in the implementation of TCP/IP model protocol or bugs in a specific operating system.

Background:

Denial of Service, or DoS, is an attack on a computer or network that reduces, restricts, or prevents accessibility of system resources to its legitimate users. In a DoS attack, attackers flood a target system with traffic to overload its resources. This in turn brings the system down, leading to disabling of the target’s website, or a significant slowing of the target’s network performance. The goal of a DoS attack is not necessarily to gain unauthorized access to a system or to corrupt a target’s data. Instead, the objective in a DoS attack is to prevent authorized users from using a system.

In general, DoS attacks target network bandwidth or connectivity. Bandwidth attacks overflow the network with a high volume of traffic using existing network resources, thus depriving legitimate users of these resources. Connectivity attacks overflow a computer with a large amount of connection requests, consuming all available resources of the OS so that the computer cannot process legitimate users’ requests.

Imagine a pizza delivery company that does most of its business over the phone. If an attacker wanted to target this business, they might figure out a way to tie up the company’s phone lines, making it impossible for the company to do business. That is how a DoS attack works; the attacker creates a blockade that prevents customers from connecting to the system, making it impossible to conduct business.

DoS attacks can harm the target in terms of time and resources. However, failure might mean the loss of essential services, such as email capabilities. In a worst-case scenario, a DoS attack can mean the accidental destruction of the files and other Internet programs people might be using at the time of the attack.

A Distributed Denial-of-Service (DDoS) attack is a large-scale, coordinated attack on the availability of services on a target’s system or network resources, launched indirectly through botnets on the Internet.

DoS/DDoS is one of the foremost security threats on the Internet, thus there is a greater necessity for solutions to mitigate these attacks.

While DoS and DDoS attacks can be eradicated, early detection techniques help to prevent DoS/DDoS attacks, and prevention is the greatest defense for a network. Detecting a DoS/DDoS attack is a tricky job. A DoS/DDoS attack traffic detector needs to distinguish between a genuine data packet and a bogus one, which is not always possible. The techniques employed for this purpose are not perfect. There is always a chance of confusion between traffic generated by a legitimate network user and traffic generated by a DoS/DDoS attack. Detection techniques are based on identifying and discriminating the illegitimate traffic increase and flash events from legitimate packet traffic.

One problem in filtering traffic is the volume. It is impossible to scan each data packet to ensure security from a DoS/DDoS attack. All the detection techniques used today to define an attack as an abnormal and noticeable deviation in network traffic statistics and characteristics. These techniques involve statistical analysis of deviations to categorize malicious and genuine traffic.

Implementing defensive mechanisms in appropriate places and following proper measures allows the heightening of organizational network security. First, be sure to use strong encryption mechanisms such as WPA2 and AES 256 for broadband networks to withstand against eavesdropping. Ensure that the software and protocols are up-to-date and scan the machines thoroughly to detect any anomalies. Update kernel to the latest release and disable unused and insecure services. Block all inbound packets originating from the service ports in order to block the traffic coming from reflection servers. Enable TCP SYN cookie protection. And lastly, prevent the transmission of the fraudulently addressed packets at the ISP level.

Prompt

Are DoS and DDos tactics appropriate for legitimate organizations to use against others? What fallout is considered appropriate fallout should an attack be used on others? Explain your answer.

Your initial and reply posts should work to develop a group understanding of this topic.

For your citation, you might use articles that show examples of DoS and DDoS attacks of the past, and what the outcome was.

Reply Requirements:

You must submit:

1 main post of 200+ words with 2 in-text citations and references (follow the Institution Writing Guidelines)