A Layperson s Guide To DoS Attacks



Similar documents
Reference Architecture: Enterprise Security For The Cloud

VALIDATING DDoS THREAT PROTECTION

Acquia Cloud Edge Protect Powered by CloudFlare

CloudFlare advanced DDoS protection

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

CS5008: Internet Computing

How To Stop A Ddos Attack On A Website From Being Successful

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

How Cisco IT Protects Against Distributed Denial of Service Attacks

Firewall Firewall August, 2003

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

WhitePaper. Mitigation and Detection with FortiDDoS Fortinet. Introduction

DDoS Protection Technology White Paper

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Automated Mitigation of the Largest and Smartest DDoS Attacks

Four Steps to Defeat a DDoS Attack

Denial of Service (DoS) Technical Primer

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

A Decision Maker s Guide to Securing an IT Infrastructure

First Line of Defense to Protect Critical Infrastructure

Firewalls and Intrusion Detection

Complete Protection against Evolving DDoS Threats

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

Stress Testing and Distributed Denial of Service Testing of Network Infrastructures

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Types of cyber-attacks. And how to prevent them

IBM Security Intrusion Prevention Solutions

Why Is DDoS Prevention a Challenge?

The Business Case for Security Information Management

CS 356 Lecture 16 Denial of Service. Spring 2013

DDoS Overview and Incident Response Guide. July 2014

Frequent Denial of Service Attacks

Business Case for a DDoS Consolidated Solution

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Security Technology White Paper

On-Premises DDoS Mitigation for the Enterprise

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

FortiDDos Size isn t everything

Four Steps to Defeat a DDoS Attack

Load Balancing Security Gateways WHITE PAPER

1. Firewall Configuration

Network- vs. Host-based Intrusion Detection

Safeguards Against Denial of Service Attacks for IP Phones

LoadMaster Application Delivery Controller Security Overview

Introducing IBM s Advanced Threat Protection Platform

Achieve Deeper Network Security and Application Control

Abstract. Introduction. Section I. What is Denial of Service Attack?

How To Protect Yourself From A Dos/Ddos Attack

Radware s Behavioral Server Cracking Protection

How To Protect A Dns Authority Server From A Flood Attack

Achieve Deeper Network Security

Denial of Service Attacks, What They are and How to Combat Them

FortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

NSFOCUS Web Application Firewall White Paper

Technology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse

Denial Of Service. Types of attacks

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

How To Block A Ddos Attack On A Network With A Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Denial of Service (DOS) Testing IxChariot

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

DDoS Attack and Its Defense

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

SHARE THIS WHITEPAPER

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

The Reverse Firewall: Defeating DDOS Attacks Emanating from a Local Area Network

JUNOS DDoS SECURE. Advanced DDoS Mitigation Technology

Networking for Caribbean Development

DDoS Protection on the Security Gateway

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

RackConnect User Guide

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Big Data on the Open Cloud

Automated Mitigation of the Largest and Smartest DDoS Attacks

Secure Software Programming and Vulnerability Analysis

Distributed Denial of Service protection

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Cutting the Cost of Application Security

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Protecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution

co Characterizing and Tracing Packet Floods Using Cisco R

4 Delivers over 20,000 SSL connections per second (cps), which

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

IndusGuard Web Application Firewall Test Drive User Registration

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

Transcription:

A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover

Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4 4. Defending Against DoS Attacks 5 5. Conclusion 6 6. Notes 7 A Layperson s Guide to DoS Attacks Page 1

1. Introduction Flood! Ping of death! Teardrop! The terminology used by security experts may cause you to avoid wanting to learn more about it. But today s business is fueled by the Internet, and your organization is running mission-critical applications on the web. It may be up to you and your team to ensure that your sites continue to connect you with your customers, end users, suppliers and partners. Since DoS attacks are increasing in frequency, size and notoriety, it is important to gain a basic understanding of this type of Internet threat. Just as entities across the world are increasingly leveraging the Internet to conduct legitimate business, we are also seeing a sharp rise in the amount of internet attacks that seek to steal, disrupt or disable access to resources and systems. These attacks jeopardize the operation of the enterprise by disrupting sales, causing productivity loss and degrading brand image. Organizations should implement actions to protect not only against the short term effects such as site disruptions and business losses, but also against the long term effects such as brand image and reputation loss. The goal of this white paper is to inform and educate business users, particularly those who are not immersed in the world of information security or Denial-of-Service (DoS) attacks. A Layperson s Guide to DoS Attacks Page 2

2. An Introduction to DoS and DDoS Attacks According to the Imperva Hacker Intelligence Report, a DoS attack aims to take down a site in order to make it inaccessible to its users. This may cause serious financial damage to the site, both directly and indirectly by damaging its reputation. 1 DoS attacks have evolved and the Distributed-Denial-of-Service (DDoS) A DoS attack aims to take down attack has emerged. The main difference a site in order to make it between a DoS and DDOs attack is that inaccessible to its users. a DoS attack uses one computer and one internet connection while a DDoS attack uses a large number of computers and internet connections that are often distributed globally. In DDoS attacks, an individual or organization takes control of hundreds, thousands and even millions of computers that are then used to target other systems. In a DDoS attack the victims comprise both the targeted system as well as all the systems that the perpetrator maliciously gains control over and uses to launch the attack. Since the victim gets flooded by incoming traffic spread across many different points of origin, it is very difficult to differentiate between legitimate and malicious traffic. For simplicity, we will refer to DoS and DDoS as DoS for the rest of this document. Historically, DoS attacks focused on the network and server layers (the lower layers) of the technology stack. Over time, these attacks have been moving higher up the stack, targeting the Web application layer as well. Defending against attacks targeting the web application layer is more complex. According to Imperva, over the last few Industry reports indicate that DoS years, attackers have moved their DoS attacks up the stack and into the Web attacks are growing in number. application layer in order to decrease costs, as Web app DoS is more efficient and avoids detection as many anti-dos solutions are traditionally focused on lower layers. 2 Industry reports indicate that DoS attacks are growing in number. Information collected by Rackspace corroborates the same trends. In line with industry trends, we are also seeing an increase in the magnitude of DoS attacks. A Layperson s Guide to DoS Attacks Page 3

3. Types of DoS Attacks In simple terms, DoS attacks affect systems or networks by exhausting resources or exploiting vulnerabilities. DoS attacks may be broadly classified into different types based on the techniques used by the attackers. In its Hacker Intelligence Report, Imperva categorizes DoS attacks as IP attacks on the network bandwidth, TCP attacks on the server sockets, HTTP attacks on the Web server threads and Web application attacks on CPU resources. 3 Some of the older types of DoS attacks include the Flood Attack, Ping of Death attack, SYN attack, Teardrop attack and Smurf attack. In Flood attacks, an attacker deliberately sends more traffic to a server than it can handle with the objective of making it unavailable to users. The Ping of Death attack takes advantage of a weakness in the early implementations of the TCP/IP protocol. In those early versions, sending a ping packet that was larger than specified would crash the system. SYN attacks exploit vulnerabilities in the TCP/IP protocol with the objective of exhausting server resources so that it is does not respond to legitimate traffic. The Teardrop attack involves sending corrupted IP packages to confuse and crash the targeted system. DoS attacks have been evolving rapidly and newer threats are a much more advanced class of attack. The challenge with [application-layer attacks] is that these attacks are harder to detect; they re more stealthy, they don t generate a large network bandwidth but they re equally capable of taking down a network, 4 according to Arbor Networks. Newer forms of DoS attacks avoid signature-based defenses, leaving networks vulnerable. A few examples of these types of threats include: ICMP Flood or Smurf, in which an attacker depends on misconfigured network devices and uses a fake source IP address that makes it appear as if the attack is coming from inside the network. Slowloris is a highly targeted attack that enables one web server to take down another web server by holding open the maximum number of web connections for as long as possible. It does this in a stealthy mode without visibly affecting other services or ports on the target network. Zero-day DDoS attacks refers to attacks that target new or unknown vulnerabilities for which a fix may not be currently available. A Layperson s Guide to DoS Attacks Page 4

4. Defending Against DoS Attacks One of the consequences of the variety of DoS attacks is that it has become challenging for protection technology to keep up. As a result, an organization s defense strategy will depend on the specific situation at hand, because no single approach will be capable of defending against the variety of DoS attacks. Others seem to agree. According to Gartner s Anton Chuvakin, No single type of a security safeguard can reliably stop all DoS attacks, and thus, enterprise DoS defense strategy must involve multiple components and safeguard types. He goes on to state that the defense calculus for denial of service is different because no organization can prevent or block all DoS attacks on its own. 5 A layered approach leveraging multiple technologies, security experts and security processes can provide a more effective protection to help mitigate the risks from DoS attacks. Rackspace hosts systems for thousands for customers and offers a range of defense mechanisms to help protect customers hosted environments. The technology components of a DoS defense strategy may include the following: Firewalls and Load Balancers: These provide basic threat prevention and protection with features like Blocking, Whitelisting, Packet Inspection, and Virtual Private Networks. Intrusion Detection & Prevention Systems (IDS): An IDS inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack. An IDS also watches for attacks that originate from inside a system. The primary difference between an IDS and Intrusion Prevention System (IPS) is that in addition to detecting intrusions, an IPS also actively blocks intrusions. Web Application Firewalls (WAF): A WAF inspects web traffic and dynamically learns from incoming traffic and adapts to allow legitimate traffic. Unlike traditional firewalls, WAFs have the ability to inspect http and https traffic. DDoS Mitigation Services: Rackspace DDoS Mitigation Services is a hardware-based program that helps keep customer systems online in the event of a DDoS attack. Features include network-wide packet scanning, granular traffic analysis, server-level anomaly detection and a three layer approach to help detect, identify and filter hostile traffic 24x7x365. When an attack occurs, DDoS processing is offloaded from the customer s configuration to the Rackspace infrastructure allowing the customer to continue to do business as usual even during the attack. The Rackspace DDoS Mitigation Service includes expertise from trained security technicians who recommend mitigation techniques and take action when attacks occur. While we cannot guarantee that your system won t be attacked, we recommend our DDoS Mitigation Services to customers who want to a higher level of protection and faster recovery from DDoS attacks. A Layperson s Guide to DoS Attacks Page 5

5. Conclusion Dealing with DoS and DDoS attacks has become one of the costs of internet applications and infrastructure. These attacks tend to be sophisticated, and no single approach can be effective against all forms of attack. Attacks are highly situational and avoidance can never be guaranteed. However, a comprehensive and pragmatic security policy, together with a combination of mitigation technologies and assistance from experienced security and network technicians, can help provide guidance and mitigate risks. This paper is just an overview of DoS and DDoS attacks. We hope that it has helped you start to understand the challenges you may face as you deploy your cloud application or hosted solution. If you would like to have a deeper conversation based on the specific business and technical needs of your application, don t hesitate to reach out to Rackspace. Our Fanatical Support personnel are ready to help. A Layperson s Guide to DoS Attacks Page 6

6. Notes 1.-3. Imperva s Hacker Intelligence Initiative, Monthly Trend Report #12 (September 2012) 4. TechTarget (SearchSecurity) article DDoS attacks growing in size, break attack bandwidth barrier, Arbor Networks says (February 7, 2011) 5. Gartner Report: Denial of Service: A Comparison of Defense Approaches by Anton Chuvakin A Layperson s Guide to DoS Attacks Page 7

DISCLAIMER All rights reserved. This whitepaper is for informational purposes only and is provided AS IS. We strongly recommend that you engage additional expertise in order to further evaluate applicable requirements for your specific environment. RACKSPACE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS DOCUMENT AND RESERVES THE RIGHT TO MAKE CHANGES TO SPECIFICATIONS AND PRODUCT/SERVICES DESCRIPTION AT ANY TIME WITHOUT NOTICE. RACKSPACE RESERVES THE RIGHT TO DISCONTINUE OR MAKE CHANGES TO ITS SERVICES OFFERINGS AT ANY TIME WITHOUT NOTICE. USERS MUST TAKE FULL RESPONSIBILITY FOR APPLICATION OF ANY SERVICES AND/OR PROCESSES MENTIONED HEREIN. EXCEPT AS SET FORTH IN RACKSPACE GENERAL TERMS AND CONDITIONS, CLOUD TERMS OF SERVICE AND/OR OTHER AGREEMENT YOU SIGN WITH RACKSPACE, RACKSPACE ASSUMES NO LIABILITY WHATSOEVER, AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO ITS SERVICES INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. Except as expressly provided in any written license agreement from Rackspace, the furnishing of this document does not give you any license to patents, trademarks, copyrights, or other intellectual property. Rackspace, Fanatical Support, and/or other Rackspace marks mentioned in this document are either registered service marks or service marks of Rackspace US, Inc. in the United States and/or other countries. Third-party trademarks and tradenames appearing in this document are the property of their respective owners. Such third-party trademarks have been printed in caps or initial caps and are used for referential purposes only. We do not intend our use or display of other companies tradenames, trademarks, or service marks to imply a relationship with, or endorsement or sponsorship of us by, these other companies. A Layperson s Guide to DoS Attacks Page 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information