SECURING CLOUD NETWORK NODES AGAINST DoS ATTACKS

Turnitin Score 15%
Boman K. Avong
Health Informatics and Administration
University of Maryland University College

Author Note
This research paper is prepared for ITEC 610 9043 taught by Dr. Richard Taylor of the University of Maryland University College

Abstract
Cloud computing is an emerging technological advancement and in recent times the technology has gained popularity because of its ability to increase system performance, efficient use of computer resources and also scalability. As with any internet technology, security is a big challenge for cloud computing services. Denial of Service (DoS) attacks targeted at cloud end node systems are possible because of how vulnerable these node systems are. The level of security at the node systems is not matched to that at the server level. Cloud node networks are the major entry points for DoS attacks and other malicious attacks in a cloud computing environment.
This paper will discuss various DoS attacks and techniques and also discuss the role of Distributed Denial of Service (DDoS) on distributed computer networks. I will also discuss how DoS attacks are the major threats to cloud services, entry points of DoS which are cloud end nodes and recommend how these attacks can be mitigated. DoS attacks on the cloud node computers are the major security challenges cloud services face. I will also recommend techniques that can prevent DoS on cloud node networks.
Introduction
Denials of Service (DoS) are malicious attacks made in an attempt to breach security by an intruder on vulnerable computer networks. Malicious messages are broadcasted to occupy the resources of a network node to disable functionality. The affected network node or server processes unwanted computing cycle and thereby network response becomes slow. It keeps node resources unavailable. How an adversary commits a DoS attack may vary. The most common form of attack is temporarily or permanently suspends host services connected to the internet. While DoS breaches through one network node, Distributed Denial of Service (DDoS) attacks are breached through multiple network nodes targeting one victim.
Many forms of DoS or DDoS attacks violate the security of a network such as Ping of Death, Operating System Attacks, Teardrop, Locking Authentication, SYN Flooding and Snork attacks. Attacks are targeted towards financial services, user traffic, DNS server, administrative servers and credit card payment gateways(Caroline, 2009). Because cloud services are vulnerable, server level security is needed to ensure cloud node from DoS attacks.

Fig 1: DoS Attack; Intermediate node zombie comprised by hacker and computer virus
Fig1 shows how a hacker using a hacker control server controls zombie terminals across the globe to target a victim node. This type of DoS is common because shutting down the source of the attack is very difficult because there are so many terminals that will need to be brought down.

What is Denial of Service Attacks (DoS)?
Denial of Service (DoS) attack is an attempt to lose valuable resources which may have sensitive critical enterprise system. Some types of DoS attacks even use up all of the process in cloud server. The receiving end of a DoS attack may reduce useful performances, such as e-mail solutions, Internet connections or Web access. Some forms of DoS attacks can occupy all the bandwidth or even can utilize full system resource, such as server memory(Hallberg, 2005). Some of the worst-case circumstances we analyze over previous times several decades are a Website, used by many individuals having to stop function because of excessive DoS attack.
Types of DoS attacks
DoS attacks usually do not result theft or security loss, however the effect can lead to loss of resources leading to millions of dollars when services are interrupted. Some types of DoS attacks are outlined below.
Ping of Death Attack: Intruders send traffic beyond what a server can handle, ping requests are more than 65,536 of data. When the packet data exceeds 65, 536 packets are splitted into small fragments and reassembled when data goes through the network. This is also vulnerability because attackers split packets and the total packets received will still be more than the allowed amount. Even if a network admin restricts more data transfer usage, still this is not an adequate security against a ping of death attack.
Teardrop Attack: It is an attack taking advantage of a weak point when restoring IP packet and potentially confuses the receiving system. The attacker forms a sequence of IP fragments with extending offset fields. When this excessive size of packets are received the received nodes tries to reassemble the malformed fragments and fails. As a result the node reboots or gives a critical error message.
Buffer Overflow: Data transferred to a buffer exceeds the amount of the storage capacity of the buffer. And as a result, data flows to another buffer where it is not meant to be stored. Buffers can only hold a certain amount of data and this leads to corruption of data because of overflow. Malicious attackers usually launch these buffer attacks with the intention of corrupting data, a special code with instructions on how to carry out the attack is sometimes imbedded in the overflow.
TCP SYN Attack: SYN flooding is an attack taking advantage of the TCP three-way handshake. An attacker sends large volume of connection that cannot be completed. Connection queues up and prevents service to authentic TCP users.
Smurf Attack: When a hacker knows the transmitted servers in a network, the hacker issues a ping command. The source IP address in this ping command is counterfeit and it searches as if the ping comes from an inner network. When the broadcast server gets the ping request, then it relays the ping request to the entire network and all the machines in the network return a response. These responses are again rerouted by the transmitted server to the target machine.
DDoS Attacks and Techniques
DDoS is an advanced level of DoS attack. Similar to DoS, DDoS also tries to stick the valuable services running on a server by broadcasting packets to the receiving server in a manner that the server cannot handle it(Ronghua & Peng, 2008).
Generally, DDoS follows of 3 segments: Master, slave and victim. The master is the main attacker who is the person behind machine. The slave is the network node which is controlled by Master. Victim (can be cloud node) is the target resourceful server. Master informs the slaves to launch attack on the victim’s computer. This is a coordinated attack. The attacker logs into the master node and commands the slave to launch an attack on a particular victim. Slaves then react by starting a TCP or Smurf attack on the victim. Distributed network environments are more vulnerable to DDoS attacks because of the presence of multiple machines. Each master pc controls a large number of slave computer as zombie server to perform the attack. So the real scenario is big enough for blustering the attack from a large number of machines rather from specific node.
Extremely DDoS attacks pay attention to the transport and network layers of OSI model. These layers are known as layer 3 and 4 accordingly. Through these layers, the attacker tries to flood the network and sends fake broadcast request like ICMP request or flood attacks. Attackers generally spoof all information in sending packets as well as the source IP packet size; the receiver now sees the request as a real request.
Methodology to Overcome DoS on Cloud Network Nodes
To protect cloud node and cloud network from becoming vulnerable to DoS attacks, many precautionary alternatives are applied by network administrators which include: * Implement router filters. This will reduce the exposure to several denial-of-service attacks. If attack is committed to the system, security patches need to install for preventing TCP SYN flooding. * All the inner and outer traffic must go through content filter or firewall so that malware, viruses and data sniffing can be prevented. The system administrator must have authority to monitor all users’ activity whenever needed. * Disable any unwanted network services. This can restrict the ability of an intruder to take advantage of those solutions to perform a DoS attack. * Restrict service and user by quota systems. Monitor the system efficiency and set up baselines for common action. Use the baseline to evaluate uncommon levels of disk activity, CPU utilization, or network traffic. * Routinely analyze physical security with regard to present needs. * Use “Packet Tracer”, “Nagios” or a similar tool to identify changes in settings information or other files. * Ensure spare parts and redundant server so that any critical server affected by DoS attack can be replaced immediately without service interruption. * Establish and sustain frequent back-up plans and guidelines, particularly for important settings information. * Establish and sustain appropriate security password guidelines, especially access to extremely privileged accounts such as UNIX root or Microsoft Windows Administrator.
By capturing traffic with Wireshark (a packet monitoring tool), a DoS attack can be identified. DoS attacks are commonly recognized as inflow of SYN floods from different networks. The GeoIP localization will need to be enabled if the source of the packet must be traced(Sang & Tae, 2003).

Fig 2: Wireshark window for packet capturing
How DoS affects Information Security System
Any purposeful attempt to cut off web application or network from its desired clients qualifies as a DoS attack. Such attacks have been efficiently implemented against cloud services. DoS attacks render services to go offline costing damages in millions of dollars. This also force IT staff to spend useful sources protecting network resources against intruders.

Future Improvements
Security issues are rising in the cloud computing environment. Cloud system authentication and access control are principle concern for secure data transaction. A user in the Cloud Computing environment has to complete the user validation process required by the service provider before attempting login. Validation keys will have to be strong to lower the level of risk to information stored in the database.
There are no solid security technologies in Cloud Computing. Since we consider Cloud Computing as the extension of the existing IT technologies so it is possible to apply access control and user authentication process from IT perspective. Access control is a security technique that restricts a process from another. Technologies used to authenticate a user are Id/password, public key validation, security question etc. Boost memory, higher bandwidth, capacity and reliability ensure server availability at any timestamp. Also improving security through advanced redundancy and error checking features will keep user material safe and secure in the cloud server(Thomas & Thomas, 2003).
Users of cloud environment complete the user authentication process as mandatory for the service provider whenever they use new cloud service. Generally a client signs up with personal information and a service provider provides a user ID and authentication method for user verification after the signup is completed. After then the client uses the ID and the verification technique to function user validation when the user accesses to use the offered cloud computing service. Unfortunately, there is a probability that safety of verification technique can be penetrated by an attack during the process of verification, and then it could cause several informative losses.

Conclusion
Cloud computing is a rapidly growing field, as new technology emerges it adopts these technology. Despite the security challenges of cloud computing, benefits of using cloud services outweighs the bad. The paper tries to explain all these security challenges of cloud computing and vulnerabilities. The impact of security vulnerability on cloud users and providers is usually DoS. Attackers target the cloud network nodes which are easier to penetrate and securing these cloud nodes with server level security will help reduce the risk of DoS attacks.

References
Almorsy, M., Grundy, J., & Ibrahim, A. S. (2011, 4-9 July 2011). Collaboration-Based Cloud Computing Security Management Framework. Paper presented at the Cloud Computing (CLOUD), 2011 IEEE International Conference on.
Amanatullah, Y., Lim, C., Ipung, H. P., & Juliandri, A. (2013, 13-14 June 2013). Toward cloud computing reference architecture: Cloud service management perspective. Paper presented at the ICT for Smart Society (ICISS), 2013 International Conference on.
Bradley, R., Pratt, R., Thrasher, E., Byrd, T., & Thomas, C. (2012, 4-7 Jan. 2012). An Examination of the Relationships among IT Capability Intentions, IT Infrastructure Integration and Quality of Care: A Study in U.S. Hospitals. Paper presented at the System Science (HICSS), 2012 45th Hawaii International Conference on.
Bush, A. A., Tiwana, A., & Arun, R. (2010). Complementarities Between Product Design Modularity and IT Infrastructure Flexibility in IT-Enabled Supply Chains. Engineering Management, IEEE Transactions on, 57(2), 240-254. doi: 10.1109/tem.2010.2040741
Caroline, M. (2009). Twitter crippled by denial-of-service attack. Retrieved from http://www.cnet.com/news/twitter-crippled-by-denial-of-service-attack/
Da Silva, L. F., & Brito e Abreu, F. (2010, Sept. 29 2010-Oct. 2 2010). An IT Infrastructure Patterns Approach to Improve IT Service Management Quality. Paper presented at the Quality of Information and Communications Technology (QUATIC), 2010 Seventh International Conference on the.
Gholami, B., Kaviani, F., & Zabihi, E. (2009, 28-30 Dec. 2009). Web 2.0, a Boost in IT Infrastructure Flexibility and Team Collaboration. Paper presented at the Computer and Electrical Engineering, 2009. ICCEE '09. Second International Conference on.
Hallberg, B. (Ed.). (2005). Networking: A Beginners Guide (4th Edition ed.): McGraw-Hill.
Jie, W., Jian, C., Leckie, J. O., & Shensheng, Z. (2004, 14-16 Sept. 2004). Managing e-government IT infrastructure: an approach combining autonomic computing and awareness based collaboration. Paper presented at the Computer and Information Technology, 2004. CIT '04. The Fourth International Conference on.
Lynda, M., Robert, D., & Deborah, L. (2009). Corporate Information Strategy and Management: Text and Cases: McGraw- Hill Irwin.
Mark, S. (2011). Information Security: Principles and Practice. New Jersy: John Wiley & Sons.
Marques, F., Sauve, J., & Moura, A. (2006, 3-7 April 2006). Business-Oriented Capacity Planning of IT Infrastructure to Handle Load Surges. Paper presented at the Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP.
Png, I. L., Tan, B. C. Y., & Khai-Ling, W. (2001). Dimensions of national culture and corporate adoption of IT infrastructure. Engineering Management, IEEE Transactions on, 48(1), 36-45. doi: 10.1109/17.913164
Riliskis, L., & Osipov, E. (2013, 23-26 Oct. 2013). Coexistence of cloud technology and IT infrastructure in higher education. Paper presented at the Frontiers in Education Conference, 2013 IEEE.
Ronghua, W., & Peng, N. (2008). Containing Denial-of-Service Attacks in Broadcast Authentication (pp. 1-3).
Sang, H., & Tae, H. (2003). Fuzzy Logic Anomaly Detection Scheme for Directed Diffusion Based Sensor Networks.
Scheibenberger, K., & Pansa, I. (2008, 7-7 April 2008). Modelling dependencies of IT Infrastructure elements. Paper presented at the Business-driven IT Management, 2008. BDIM 2008. 3rd IEEE/IFIP International Workshop on.
Shaikh, F. B., & Haider, S. (2011, 11-14 Dec. 2011). Security threats in cloud computing. Paper presented at the Internet Technology and Secured Transactions (ICITST), 2011 International Conference for.
Thomas, D., & Thomas, D. (2003). Past and Future Internet Disasters: DDoS attacks survey and analysis (pp. 10-12).
Zhijun, K. (2008, 19-19 Dec. 2008). A Framework for Investigating the Impact of IT Infrastructure and E-Commerce Capability on Firm Performance. Paper presented at the Business and Information Management, 2008. ISBIM '08. International Seminar on.