Hacking Countermeasures & Techniques
Distributed Denial of Service (DDoS)

Best Practices Guide to Counter DDoS attacks:

This Guide will cover Best Practices to counter DDoS attacks like the attack on the Universities Registration System Server (RSS) by infected computers (Bots). The attack by rogue software installed on computers located in University Computer Labs resulted in the shutting down web access to the RSS system. Coordinated by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. This prevented students from accessing the Web site/server for legitimate traffic during the attack. (Schifreen, R. (2006)) This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. (Specht, S. M., & Lee, R. B. (2004)) These best practices would help prevent and/or reduce the effects of such attacks.
Industry best practices to counter DDoS attacks start with documentation that addresses procedures to be followed before, during, and after an attack. (Schifreen, R. (2006)) The establishment of a Security Incident Response Team (SIPT) trained to react to incidents reduces damage and duration of outages. Best practices include; training, network configuration, patch management, access control lists, encryption, intrusion detection, intrusion prevention, and traffic shaping. (Cunningham, B, Dykstra, T, Fuller, E, Gatford, C, Gold, A, Hoagberg, M, Hubbard, A, Little, C, Manzuik, S, Miles, G, Morgan, C, Pfeil, K, Rogers, R, Schack, T, & Snedaker, S, (2007))
Devising a plan that detects problems early requires proper training to recognize and report problems for both end users and Information Technology (IT) staff. IT staff and SIPT members should be trained on proper procedures to diagnose, respond to attacks and forensic incident handling. Collecting forensic data during