...Recent Denial of Service Summary & Recommendations “DoS (Denial of Service) attacks target network bandwidth or connectivity. Bandwidth attacks overflow the network with a high volume of traffic using existing network resources, thus depriving the legitimate users of these resources. Connectivity attacks overflow a computer with a large amount of connection requests, consuming all available operating system resources so that the computer cannot process legitimate user's requests.” (EC-COUNCIL 6-3) Our network has suffered a type of DoS attack that was carried out by many computers throughout the campus network; this is called a Distributed Denial of Service (DDoS), or a DoS attack that was initiated by many computers. Our systems were attacked by computers owned by the school and the attack was carried out using computers on the internal network. The computers were compromised by an individual (or group of individuals) that gained access to the network by using a network administrator’s password. This password was obtained by a piece of software that logs key presses on the computers. They then used the password to install a piece of software with administrative privileges. That piece of software is what brought down the registration server. The attacking software asked the registration server for a webpage over and over again. This request was make with different ports on the individual computers and the server attempted to fulfill each request....
Words: 589 - Pages: 3
...Hacking Countermeasures & Techniques Distributed Denial of Service (DDoS) Best Practices Guide to Counter DDoS attacks: This Guide will cover Best Practices to counter DDoS attacks like the attack on the Universities Registration System Server (RSS) by infected computers (Bots). The attack by rogue software installed on computers located in University Computer Labs resulted in the shutting down web access to the RSS system. Coordinated by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. This prevented students from accessing the Web site/server for legitimate traffic during the attack. (Schifreen, R. (2006)) This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. (Specht, S. M., & Lee, R. B. (2004)) These best practices would help prevent and/or reduce the effects of such attacks. Industry best practices to counter DDoS attacks start with documentation that addresses procedures to be followed before, during, and after an attack. (Schifreen, R. (2006)) The establishment of a Security Incident Response Team (SIPT) trained to react to incidents reduces damage and duration of outages. Best practices include; training, network configuration, patch management, access control lists, encryption, intrusion detection, intrusion prevention, and traffic shaping. (Cunningham, B, Dykstra, T, Fuller, E, Gatford, C, Gold, A, Hoagberg, M, Hubbard, A, Little, C, Manzuik, S,...
Words: 1240 - Pages: 5
...LOT2 Task 1 Diagram Below is a diagram which illustrates how the attack overwhelmed the Web Server. Executive Summary The attack performed on the network had the intention of making the online services provided to students unusable during a critical time of need for those systems. The attack was first performed by acquiring the Administrator password for the systems and using each system to perform a large quantity of requests for service to the web servers. By dissecting what occurred steps can be put in place to prevent such an attack in the future. This attack can be summarized in a few bullets: The attacker was allowed to install software without having Administrator rights The software used sniffed out the Administrator password either via the wire or possibly keystroke logging. Each client computer was able to send a large amount of HTTP requests to the web server. The web server accepted and processed each request. To begin with, it needs to be made mandatory that users on a machine cannot install new software to a machine. Instead, each machine should be preloaded with the tools that would be needed for a typical student to perform their work. In addition, the use of a file monitoring program, such as Tripwire, can be used to detect and notify if any changes have occurred to files or entire folders that shouldn't experience any changes. Next, if the software installed did indeed discover the password over the wire and was...
Words: 719 - Pages: 3
...Brandon Moore LOT2 Task 1 09/14/2011 Diagram Below is a diagram which illustrates how the attack overwhelmed the Web Server. Executive Summary The attack performed on the network had the intention of making the online services provided to students unusable during a critical time of need for those systems. The attack was first performed by acquiring the Administrator password for the systems and using each system to perform a large quantity of requests for service to the web servers. By dissecting what occurred steps can be put in place to prevent such an attack in the future. This attack can be summarized in a few bullets: The attacker was allowed to install software without having Administrator rights The software used sniffed out the Administrator password either via the wire or possibly keystroke logging. Each client computer was able to send a large amount of HTTP requests to the web server. The web server accepted and processed each request. To begin with, it needs to be made mandatory that users on a machine cannot install new software to a machine. Instead, each machine should be preloaded with the tools that would be needed for a typical student to perform their work. In addition, the use of a file monitoring program, such as Tripwire, can be used to detect and notify if any changes have occurred to files or entire folders that shouldn't experience any changes. Next, if the software installed did indeed discover the password over the wire and was able...
Words: 725 - Pages: 3
...DDoS Attack Mitigation Username Online College Distributed Denial of Service (DDoS) attacks have been causing internet disruption for years. The types and frequency has evolved over time (The Growing Threat, 2012). Originally, multiple machines would ping a machine and take up its resources. Then attackers started to use the TCP handshake as an attack medium. They would request so many connections, that there would be none left for legitimate users. Now, the DDoS attacks are hitting at the application level. A DDoS attack at the application layer is very difficult to detect. The attack consumes less bandwidth than other DDoS attacks and the attack targets very specific protocols. Some protocols that they attack are HTTP, used for connecting to web pages, DNS, used for turning a web address to an IP address, and SMTP, used for email transfer (The Growing Threat, 2012). Since they use well known and frequently used protocols to exploit, these attacks easily bypass normal traffic inspectors. The protocols for web must be open on the firewall and IDS because if they weren’t, normal web traffic would not go through. This would make the internet useless for everyone. In order to mitigate this issue and still have connectivity, there are two things the University can do. First, the IT staff can deploy a Host-based Intrusion Prevention System (HIPS). This will be deployed to all of the University computers and centrally managed by a server in the data center. It...
Words: 727 - Pages: 3
...Recently the university web-based registration system was the subject of a DDoS (Distributed Denial of Service) attack. This type of attack is characterized by flooding the target system(s) with more network traffic than it can process, thereby forcing the system offline or limiting its ability to respond to legitimate traffic to a negligible level. It is different from a DoS (Denial of Service), in that multiple computers (potentially thousands) are used to increase the amount of traffic sent to the victim. The result of the recent attack was the complete shutdown of the web registration server and the inability of any student to register for classes for approximately 24 hours. It was further determined that the attack originated from inside our internal network; no evidence has been found that an outside attack was able to penetrate our protective layers. To that end, we have compiled a report detailing proposed protective measures that may help prevent such attacks in the future. The investigation determined that he attacker was able to obtain an administrator level password using a password-sniffing application. These applications scan network traffic and pick out username and password combinations. It is believed that since this software was deployed on a large section of our computers, it was simply a matter of time before it detected a password used by our Information Systems staff. Once the password was obtained by the attacker, he/she was then able to log into...
Words: 678 - Pages: 3
...SUBDOMAIN 426.4 - HACKING Competencies: 426.4.2: Preattack Planning - The graduate evaluates techniques used in footprinting and implements industry best practices to protect against this type of information asset vulnerability. 426.4.3: System Hacking - The graduate evaluates various network system hacking counter-techniques. 426.4.5: Hacking Web Servers - The graduate identifies known web server vulnerabilities and demonstrates industry best practices to protect against this type of threat. 426.4.6: Web Application Vulnerabilities - The graduate identifies common web application vulnerabilities and uses industry best practices to protect against this type of threat. Introduction: Maintaining a proactive approach on security requires that an organization perform its own hacking footprinting to see how much information is available to potential hackers. Some organizations do this using internal staff; however, it is much more common to see organizations hire external security consultants to perform these types of security reviews. This allows a truly unbiased outsider to attempt to gather as much information as possible to formulate an attack. Assume that you have been selected as the security consultant to perform a comprehensive security review for an organization of your choosing. Ensure that the organization that you select has a public website that you can access and at least one web application that you can use for this task. You will review the security...
Words: 1868 - Pages: 8
...Best Practices Guide for DoS/DDoS Prevention In this document are guidelines that can be implemented in order to prevent future Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks on the university. No one individual practice, contained in this guide, will act as a perfect form of prevention, but will instead act as an additional layer of security. By combining these practices, the chances of another DoS/DDoS attack succeeding will be greatly diminished. Acceptable Use Policies Acceptable Use policies define the types of actions that are allowed to be performed on systems and the network. These policies also define the actions that are to be taken if the policy is violated. For the university, a policy may be created which states that can only use the computers for functions related to the school. This usage could be limited to homework and research, for example. If the computer is used for anything else, penalties could range from temporary suspension of computer privilege to expulsion, depending on the number and/or severity of the offenses. This policy would have to be made publically available. This could be done in a number of ways, including, but not limited to, posting it in the computer labs, adding the acceptance of it to the login process, and redirecting the user to it if the user attempts to install software or access a prohibited folder. Incident Response Procedures Incident Response procedures define the steps to take if any incident...
Words: 1120 - Pages: 5
...21 Nov 2011 Defense Against Denial of Service (DoS) Attacks A. University Network Diagram illustrates nature of DDoS attack in Red Hacking POWER 10 11 Cisco 2517 RS232 NMS IN BAND RESET Speed 1 3 5 7 9 11 Link/Act Speed 13 15 17 19 21 23 Link/Act Speed 25 27 29 31 33 35 Link/Act Speed 37 39 41 43 45 47 In Use Link/Act Link/Act In Use Link/Act Console 47 45 Pwr Status Up RPSU Base Down Speed 2 4 6 8 10 12 Link/Act Speed 14 16 18 20 22 24 Link/Act Speed 26 28 30 32 34 36 Link/Act Speed 38 40 42 44 46 48 Link/Act 46 48 BayStack 5 520-48T-PW R Speed 1 3 5 7 9 11 Link/Act Speed 13 15 17 19 21 23 Link/Act Speed 25 27 29 31 33 35 Link/Act Speed 37 39 41 43 45 47 In Use Link/Act Link/Act In Use Link/Act Console 45 47 Pwr Status Up RPSU Base Down Speed 2 4 6 8 10 12 Link/Act Speed 14 16 18 20 22 24 Link/Act Speed 26 28 30 32 34 36 Link/Act Speed 38 40 42 44 46 48 Link/Act 46 48 BayStack 5 520-48T-PW R 12 1 2 3 4 5 6 7 8 9 Speed 1 3 5 7 9 11 Link/Act Speed ...
Words: 1397 - Pages: 6
...Running head: Best Practice Guide Best Practice Guide for a DDoS Attack WGU – LOT2 Hacking Task 2 Abstract This paper will accompany a PowerPoint presentation about best practices for preventing a DDoS attack. This will be the best practice guide and will be mentioning and elaborating all of the points in the slideshow. Best Practice Guide for a DDoS Attack It is important to have a plan in place when dealing with a DDoS attack. This guide will serve as the best practice guide for the university. Outlined will be some of the best practices to help prevent a DDoS attack and will be followed by the university. The first thing that the university needs to do is create a response plan and practice the plan over and over. The worst thing that could happen is a DDoS attack starts to occur and nobody knows what to do or what their role is in stopping this attack. A team must be formulated and assignments can be broken down between team members to divide and conquer this attack. It is better to have five different people working on five different tasks or ways to stop the attack instead of five people working on one. The best way to understand the attack is to attack yourself and find the weak spots. Performing a vulnerability assessment on your network will give you a better understanding how your networks functions and where you can find single points of failure. Redundancy is being able to still continue working...
Words: 935 - Pages: 4
...Joseph W Costa LOT2 Task 2 5/24/2013 Best Practices in Prevention of DoS/DDoS Attacks This guide is meant to describe best practices for the detection and prevention of denial of service attacks, such as the event that recently occurred at the university. It was determined that based on current security guidelines and current controls in place, the university was still severely vulnerable from an internal aspect and all identified gaps need to be addressed and resolved. Each control described below will provide a more in depth look at the overall strategy of how a network should be protected but still allow for the functionality that is required to maintain normal operations. Know the Signs of an Attack An essential part of network security is knowing what the characteristics of an attack are, so they can be countered or prevented. When the university suffered an overwhelming internal DDoS attack, it required administrators to reevaluate its security guidelines based on what was known about the attack. As seen at the time of attack, certain characteristics were: Network performance unusually slow Website was unavailable for at least 24 hours Thousands of bogus HTTP packets sent to internal web server Taking these factors into account, it can be safe to say it was an actual attack rather than just legitimate network usage. Now that it is known what such an event would look like, identifying similar attacks in the future will be much easier and may allow...
Words: 1264 - Pages: 6
...Metro Manila Chapter ROSTER OF MEMBERS A. COMPANY MEMBERS 1. A & A MAQUINAS FERRAMENTAS CORPORATION Unit 406 Chunics Bldg.3368 Ramon Magsaysay Blvd. Sta. Mesa, Manila T – 715-8756 * 714-9421 Fax : 715-8756 E-Mail : aaequipment@tri-isys.com Member since: August 2006 Representative: RICARDO LUMBRE, JR. President& General Manager MARYLENE LUMBRE, Treasurer PRODUCT LINES/SERVICES Trading, Machineries for metal sheet fabrication, Design softwares Accessories fro electrical and industrial enclosures/Metal pannel accessories 2. ABCOR INDUSTRIAL CORPORATION No. 6 Fatima Lane, La Milagrosa Village Marikina Heights, Marikina City Metro Manila T – 941-2515 Fax: 941-0073 E-Mail : abcor_ind_corp05@yahoo.com.ph Member since: August 2001 Representative: JOSEPH ALAN T. ABRENICA Production Manager PRODUCT LINES/SERVICES Motorcycle parts / automotive components/ assembly of wire house racks Fabrication & Machining of tooling Requirements like Copper, Welding Tip & Crimping Tools for the Electronics Industry 3. ACME TOOLS MFG. CO., INC. 105 E. Delos Santos Avenue Mandaluyong City, 1554 Metro Manila T – 531-4906 * 531-5458 Fax: 532-1037 * 531-3968 * 534-5231 E-Mail : acme.ohco@quickweb.com Member since : October 1988 Representative: ALBERT YU General Manager PRODUCT LINES/SERVICES Manufacturer of bolts and nuts, forging & cutting tools 4. ACT MACHINERIES & METAL...
Words: 5218 - Pages: 21
