RLOT Task 2
With the availability of open source tools and resources to cybercriminals, it has become extremely difficult to combat distributed denial of service (DDoS) attacks. Typically DDoS attacks occur at the network layer by SYN flooding, ICMP flooding, and UDP flooding. Some times DDoS attacks fail at the network layer when this happens cybercriminals shift to application layer attacks. Application attacks occur by sending an overwhelming number of HTTP GET requests (HTTP flooding) or running a massive number of queries through the victim’s database query or search engine. This guide will address the information technology (IT) industry’s best practices to counter denial of service (DoS) and DDoS attacks. These countermeasures are patch management program, antivirus software, and host-based intrusion prevention systems.
Patch Management Program
One important aspect of security is patch management. Patching is software code that a vendor distributes to fix functionality problems or vulnerabilities for applications and network devices. Without a patch management program hackers could exploit vulnerabilities to gain access into the university’s information system, elevate privileges, and steal data. The amount of patches released can be overwhelming to the university’s network technicians. The patch management program will ensure that security risks are reduced to an acceptable level and reduce manpower requirements. The university will use an automated patch management system which will include the installation of a client agent. Each host on the network will be required to run the agent. According to Souppaya and Scarfone (2012) agents are “responsible for determining what vulnerable is installed on the host, communicating with the patch management servers, determining what new patches are available for the host, installing patches, and executing any state changes needed to make the patches take effect” (para 4.1.1). Agents need administrator privileges to perform these tasks. Using an agent-based patch management system reduces the risk of exposure of administrator passwords during installation of new patches.
Antivirus Software
The Internet was not designed with security in mind. New cyber threats are discovered daily, it is imperative that users have antivirus software to protect them. Not every cyber threat is meant to steal valuable data or cause damage, but that does not mean the attack is not dangerous. An attack that appears to be benign may lead to much worse attacks and more sophisticated cybercriminals. According to Zeltser (2011) “protecting endpoint computers from malware is critical to providing reliable operations, safeguarding data, and maintaining an acceptable compliance posture” (p. 41). Antivirus software is used to protect the host from incoming threats such as malware, spyware, spam, and data theft. The software detects, removes, and warns users of possible threats to the system. To prevent hosts from being used in any DoS/DDoS activities, the university will purchase and install antivirus software on all workstations. There are many components to protection software. The key components are real-time scanner, compressed file scanner, script blocking, instant messaging protection, and webmail protection. To provide effective protection the antivirus database definitions must be kept up to date.
Host-based Intrusion Prevention Systems
Any device that resides in the demilitarized zone (DMZ) is at risk of being compromised. The DMZ is designed to contain the compromise and prevent the compromise from reaching the internal trusted network (Conrad, Misenar, & Feldman, 2010). The key is to use defense a layered defense on the hosts within the DMZ. In addition to system hardening and patching, the hosts also require host-based intrusion prevention system (HIPS). HIPS can provide effective defense against known and unknown threats. HIPS combines a standalone firewall, intrusion detection, and intrusion prevention to provide access control, intrusion prevention, policy enforcement, and security (Causey, 2007). The primary focus of an intrusion prevention system is to protect host files and processes by blocking malicious threats. HIPS provides security based on protocol behavior (analyzes requests for comments (RFC)), pattern matching (static virus signatures), anomaly detection (baselines normal traffic), and system integrity (detects changes to critical files). Implementation of HIPS devices within the DMZ provides additional security measures to the host as well as a way to control traffic to and from the system.
Conclusion
Today’s cyber-attacks are even more dangerous than ever. Cybercriminals with the help of open source tools have increased the intensity of denial of service and distributed denial of service attacks. These attacks have devastating effects. However, applying additional security measures within the university’s network with defend against DDoS activities. Administering an agent-based patch management program is a key component to fixing functionality problems and vulnerability issues. The agent-based system reduces the risk of exposure of administrator passwords during installation of new patches. An effective patch management program will reduce the risk of intruders gaining access into the university’s information systems. As cyber threats become more sophisticated, endpoint computers must be protected. These computers require antivirus software for protection. Antivirus software should have a suite of tools to provide safeguarding browser activities, blocking various exploit attempts, controlling the system’s network activities, overseeing email attachments and spam. In today’s world organizations must segment their public facing web servers from their trusted internal network. The proper method to segment the web servers and the internal network is to create a DMZ. Web servers located in the DMZ may be compromised at any time. A DMZ prevents a compromise from reaching the trusted internal network. Hosts within the DMZ require a layered defense approach. This can be resolved with installation of HIPS. HIPS is an umbrella solution to protect servers and block malicious activities.

Reference Causey, B. (2007). Host-based intrusion prevention system. Information Security, 10(8), 55
Conrad, E., Misenar, S., & Feldman, J. (2010). CISSP study guide. Burlington, MA: Syngress
Souppaya, M., & Scarfone, K. (2012). NIST. Retrieved from http://csrc.nist.gov/publications/drafts/800-40/draft-sp800-40rev3.pdf
Zeltser, L. (2011). Not your mother’s antivirus. Information Security, 13(8), 41-48