Denial of Service (DoS) attacks are destructive and no one wants to make a loss because their server was down and could not make sales. No one wants to lose customers because their streaming server is not always reachable when customers need it and so on. The point is Denial of service comes in different forms and could affect almost any business, system or infrastructure. To get a better understanding of what a DoS attack is or things that could represent DoS, read the part 1 of this article here where we have simplified what DoS is.
How then can we prevent our systems against DoS attacks or at least how can we mitigate its impact or reduce the likelihood of it hitting us? CyberPhorm is here to your rescue.
- Have an Intrusion Detection and Prevention System (IDPS): this is different from your antivirus and it comes first on this list for a reason. The role of the IDPS is often overlooked. This solution can be implemented as a unit or as individual components: An Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS). Many users may think having an antivirus is enough to protect against all cyber-attacks but there is a limit to the roles your antivirus can play. The IDS is able to detect abnormal behaviour and if the prevention feature is available and active, it should also take steps to stop the threat before the attack becomes successful. Remember, before a cyber-attack is considered successful, at least one of the main goals of security would need to have been compromised; i.e., Confidentiality, Integrity, and/or Availability (CIA). A network IDS is able to detect malware or abnormal behaviour from the perimeter before it actually gets to the host or target computer.
- System hardening: this involves blocking unused ports, killing unnecessary processes, activating and properly configuring security controls available on your server or system etc. One of the major aims of system hardening is to reduce the attack surface. i.e., Minimising the number of possible entry points for an attack. This also increases administration efficiency as they can focus more energy and resources on the most important areas and end points. There is also less to monitor and manage.
- Ensuring your firewall is active and properly configured: depending on your infrastructure, you might have a stand-alone network firewall, integrated firewall (with your router) or just a host-based firewall on your PC. Windows OS comes by default with a host-based firewall but how can you know if your PC firewall is properly configured? Click here to see basic firewall checks you can do for yourself on a Windows PC. If you have a server or infrastructure open to external networks or connections, one of the rules you can set on your network or perimeter firewall is for it to ‘drop’ all incoming ICMP packets (or pings). Many DoS attacks are achieved by sending rapid, excessive or oversize ICMP packets to the target which leads to too much for the target to process till it gets destabilised or crashes. However, the system will not need to waste any resources to process packets that are labelled to be dropped. By dropping the ICMP packets, you reduce the chances of a DoS, DDoS, or a Ping of Death attack.
- Implement multiple-layered security or defence-in-depth: for example, if you are running a website, you should have a web application firewall (WAF) apart from your network firewall, to protect at the application level of your infrastructure. For those interested in some technical side, you can check if your website has a web application firewall by simply getting a Linux machine, open a terminal and type ‘wafw00f yourdomain.com’. (Take note, those are zeros not the letter ‘O’). In addition, for regular PC users, ensure you have anti-virus protection with internet protection/security capability. With layered security implemented, a compromise of one segment of the infrastructure or system would not necessarily mean a compromise of the entire system. This is because there would be different layers of security that any form of intrusion would need to penetrate before it can be successful or before it can break the entire system.
- Buy the right hardware/software: there are hardware and software that better suit your personal or business needs. One piece of advice we often give at CyberPhorm is “businesses are different; do not compare your business with other businesses”. This reminds us that we are not meant to buy a particular hardware or software simply because it is the most expensive in the market, or because other people are buying them but because we have carried out a risk assessment, and decided which one is the best choice for our business. We have carried out a compatibility test to see if they integrate well with other necessary device or solutions we have etc. Most security solutions (hardware/software) now come with anti-DDoS features to help mitigate the likelihood of a successful DDoS attack against your company or infrastructure. Depending on the size of your network or Organisation, you might also want to invest in a SIEM solution (Security information and Events Management) to provide you with real-time analysis, threat monitoring and alerts. This could help you spot a threat before it leads to an attack.
- Increase or buy more bandwidth: this is an option but not the most effective against DoS or DDoS attacks. This is because increasing your bandwidth only means your network is able to accommodate more data at the same time, hence reducing bottlenecks or slow data transfer but this approach does not stop the attackers from attempting to sabotage your network. In a DoS or DDoS attack, attackers are able to increase the speed of the attack and the size of the packets they send, which means it is only a matter of time before the incoming DoS packets exhausts your bandwidth, and your server/network can no longer respond to legitimate clients.
- An extra tip for reading this far: do not click on attachments you are unsure where they have come from, or attachments that you do not trust the source. You might be letting in something called a trojan or other form of malware into your network or computer. This could be more dangerous because then the attack would be launched from within the network. An attack from within is usually more destructive and effective than an attack from outside.
This is a very informative read. Since moving to Outlook at my Organisation, some departments have been receiving lots of unwanted emails. Could this be an attempt at a DoS attack??
Hi Mory, this is more likely to be an attempt at phishing than DoS. You might want to check what emails you open, the links you click, and attachments you download. You should also raise this concern to the IT guys at your Organisation. They have a responsibility to look into it (no matter how trivial it might seem) before it causes big problems.
Nice tips given. With regards to the firewalls, a Demilitarised Zone (DMZ) could be setup. This would help separate the publicly accessible files or servers from the internal ones that don’t need to be accessed by the public
oh wow! very solid point and yes, you are right. You can implement multiple firewalls to create a DMZ. This is also a form of implementing defense-in-depth or layered security. Good one Queen.
Somebody essentially help to make significantly articles Id state This is the first time I frequented your web page and up to now I surprised with the research you made to make this actual post incredible Fantastic job
Hi i think that i saw you visited my web site thus i came to Return the favore Im attempting to find things to enhance my siteI suppose its ok to use a few of your ideas
You have a gift for storytelling.
I’m a fresh fan of this primo website serving up choice content. The creative owner clearly has got the magic touch keeping visitors plugged in. I’m jazzed to be aboard and looking forward to more dynamite content!
Its like you read my mind You appear to know so much about this like you wrote the book in it or something I think that you can do with a few pics to drive the message home a little bit but other than that this is fantastic blog A great read Ill certainly be back
Somebody essentially lend a hand to make significantly posts I might state That is the very first time I frequented your web page and up to now I surprised with the research you made to create this particular put up amazing Excellent job
Your writing style is so engaging and easy to follow I find myself reading through each post without even realizing I’ve reached the end
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
Your writing is so genuine and heartfelt It’s refreshing to read a blog that is not trying to sell something or promote an agenda
I couldn’t stop scrolling and reading, your content is truly one-of-a-kind. Thank you for all the time and effort you put into creating such amazing content.
Your posts always provide me with a new perspective and encourage me to look at things differently Thank you for broadening my horizons
Your posts always provide me with a new perspective and encourage me to look at things differently Thank you for broadening my horizons