Fourth post of the Cyber Security Introduction series. Let's talk about the Denial of Service and Distributed Denial of Service attacks. Looking at how it happens, how you can prevent it and how you can recover from it when possible.
A DoS is an attack whose goal is to render the target (machine, network, etc.) inaccessible. This is done either through flooding traffic or through a tailored payload that will cause the machine to crash.
In a DoS attack the point of origin will be one machine.
With a DDoS on the other hand the attack originates from multiple sources. This is usually more powerful and destructive.
These attacks may be used as a way to ransom an entity by requiring a payment to stop the services from being unusable. The goal can be to force secondary and backup services to kick in, which themselves may be vulnerable to other types of attacks.
Below are the most common types of Dos / DDoS attacks:
TCP CONNECTION ATTACKS
This type of attack if often used through SYN Flood. The target receives a SYN packet to start a three way handshake and sends a reply. The attacker however does not reply which leaves the connection hanging and proceeds to repeat the following process.
APPLICATION LAYER ATTACKS
This attack is usually slower than the precedent as it targets issues directly in the application. These tend to be harder to detect as they do not necessarily surge the traffic. They are often used in conjunction with TCP CONNECTION attacks.
Here the attacker will look into splitting the traffic into multiple packets that are then reassembled on the victim's network. However the packets contain falsified payloads that break the reassembly process and thus overloads the server.
This is the most common type of attack where a network of bots controlled by a perpetrator will be used to send numerous request to one target specifically causing the network or server to be overwhelmed. The more bots the more powerful the attack.
Configure routers and firewalls to reject fake traffic. It is also important to make sure they are up to date with the latest patches.
Check that all devices are secured with antivirus, launch regular security scans and update software and firmware. Also make sure you change default passwords on IOT devices as they are the common source for bots.
Make sure you have extra network bandwidth as well as network redundancy. This will help mitigate surges in traffic at the beginning of DDoS attacks until active measures kick-in.
Use an anti-ddos service like Cloudflare or Advanced Amazon Shield they will help you identify and block non-legitimate traffic.
Contact you Internet Service Provider (ISP) as fast as possible as they might be able to re-route traffic into a null route where the fake traffic will get lost.
If your business is critical you can look into having a backup ISP to let you switch over in case of a DoS or DDoS attack.
The critical part to recovering from a DoS / DDoS attack is to analyze the details of the attack. Here are a key points to look at:
Which assets were attacked?
This will help you identify the goal of the attackers and the weakest point in the infrastructure.
What were the attack characteristics?
Was it a DoS or a DDoS? Was it using complex multi level attacks?
Is you application recovery ready?
Keep in mind that if a DoS / DDoS renders your services offline then all the users that have been denied access will try to re-access it as soon as it is back online. Are your services ready to handle large traffic?
This information will help you identify the areas in your infrastructure that needs a security review to be able to handle and mitigate DoS / DDoS.
Depending on your business nature you may disclose the attack to either clients or users of the platform. In some country, a police report might be compulsory.
Have a look at live information on DoS and DDoS major attacks!
Pixium Digital is an agile software development company with their headquarters located in Singapore. We focus on shaping our clients project from ideas to successful project launch.
Cyber Security is a big part of any project we have to deliver. Very often we have been the witness of lack of awareness or caution from various providers or clients we have worked with. We aim to share those little tips to the community so that with everyone's effort, we can make the web a safer place.