Google, Microsoft, Apple, PayPal, Visa and MasterCard: Many of the world’s best-known websites have already been victims of Distributed Denialof Service (DDoS) attacks in recent years. DDoS attacks impact the Internet access, operating system, or services of a host with a greater number of requests than they can handle. Regular requests can not be answered very slowly or very slowly.
The attacks are becoming more intelligent
In recent years, the number of such attacks has increased dramatically. Distributed denial-of-service attacks have now become one of the greatest threats to the security landscape due to the increased spread of botnets. In the "Data Breach Investigation Report 2012", the telecommunication company calls Verizon DDoS attacks "more terrifying than other threats, whether real or imagined."
Useful security measures
The market research firm Stratecast has also noted in a recent study that distributed denial-of-service attacks are currently increasing by up to 45 percent annually. The following remarks show how businesses can secure themselves.
Recently, researchers have not only discovered that DDoS attacks occur more frequently, but also that their bandwidth and duration increase. If 50 Gbps attacks (the abbreviation Gbps stands for Gigabit per second) were only observed a few times a year, these attacks occur almost every week.
View
In addition, the attacks become more intelligent as they are now more controlled. Instead of firing only a prepared flood of data, the criminals start an operation and can then adjust the type of attack or the target according to the desired result.
And DDoS attacks will continue to grow. Fortinet's research group, FortiGuard Labs, has found that mobile botnets like Zitmo now have similar features and functions as traditional PC botnets, as more and more companies are allowing mobile devices on their networks. For 2013, FortiGuard Labs is predicting that many new forms of denialof service attacks (DoS) will emerge.
The consequences for enterprises: They must count on missing revenue through downtime as well as additional costs in connection with IT analyzes and restoration. Other risks include loss of employee performance, fines for missed service agreements, and damage to reputation.
The development of DDoS attacks underscores the urgency for companies to implement a comprehensive security strategy. You can take proactive steps to strengthen the defense, or generally reduce the risk of attack. However, instead of removing the entire DDoS traffic, a DDoS defense strategy should try to maintain critical services in particular, with minimal disruption.
The beginning is the assessment of the network environment and the elaboration of a response plan. This plan should include backup and recovery strategies and additional monitoring. For proactive protection the following approaches are also necessary:
Defense instances before firewall / IPS: Companies are often already equipped with a variety of security solutions, which are however powerless against high-volume DDoS attacks, which also have the appropriate intelligence. Not infrequently, powerful firewall or intrusion prevention systems (IPS) are flooded with data, which ultimately leads to the non-availability of the Internet connection and thus also to other services (websites, shops, mail or FTP servers). An effective solution can be to establish a DDoS defense system in front of the existing security systems (firewall / IPS).
DDoS defense at the web application level: Many DDoS attacks use permitted commands and requests to web pages or web applications. The only way to find out whether these requests are from real users or infected end-users is to use a challenge-response system. With the help of this, a request can be sent to the client depending on thresholds. If this answers correctly, access to the requested service can be granted. Otherwise, the query is rejected and the IP address is locked.
Multi-layer defense: Typical firewall systems are able to detect DoS and DDoS attacks and, if they only use a small bandwidth, can also be repelled. However, the firewall system's CPU is burdened because each attacking packet must be processed using a firewall rule. Companies should deploy appliances with a multi-layered defense model that will significantly reduce the available resources.
A multi-layered strategy is critical for the reliable protection against DDoS attacks. It includes dedicated on-premise solutions that protect against threats within the network. These solutions should provide anti-spoofing, host authentication techniques, packet-related and application-specific limits, state and protocol verification, baselining, hibernation, blacklists, whitelists, and location-dependent access control lists.
When organizations opt for DDoS solutions, they must ensure that they not only detect application-layer DDoS attacks and block generic or custom techniques and patterns of DDoS attacks. You must also have the ability to recognize acceptable and abnormal behavior patterns as a function of traffic.
This traffic profile is the key when it comes to detecting threats, quickly limiting them, and at the same time reducing false alarms. For even more effective protection, organizations should also ensure that DDoS solutions include advanced virtualization and location-dependent functionality.
Virtualization allows administrators to set up independent domains within a single appliance, preventing them from interfering with a different segment. This mechanism is also useful in defense escalation: instead of restricting to one set of policies, administrators have the ability to define multiple policies in advance. They can use other directives if the previous ones are insufficient.
Through techniques that take into account the geographic origin of the source addresses, harmful data traffic from unknown or suspicious foreign sources can be blocked. This reduces the burden on the backend server by eliminating traffic outside the company's geographic presence and market.
Backing Up DNS Servers: As part of a defensive overall strategy, organizations need to protect their critical assets and infrastructure. Many companies have their own DNSS servers, which are usually attacked in an attack. Once the DNSServers are affected, attackers can easily turn off the web presence and create a denial-of-service situation. Modern DNS security solutions protect against transaction ID, UDP source port and randomization mechanism bursts.
Visibility and control: Companies must also find a way to monitor their systems before, during, and after an attack. A holistic view of the IT environment gives administrators the ability to quickly identify network traffic and attacks, minimize risk, and implement preventive techniques in time. The best defense is a continuous and automated monitoring with alarm systems that trigger the emergency plan when they recognize DDoSTraffic.
Furthermore, it is important to have granular visibility and control over the network. A detailed insight into the network behavior helps administrators find the source of the attack, block the flood of data, and allow the traffic flow to flow unhindered. In addition, they are given the opportunity to carry out analyzes in real time or to evaluate historical attacks. In addition, advanced source tracking capabilities can help determine the address of an attack and even contact the perpetrator's domain administrator.
Another approach is to make the target of the attack temporarily unavailable. For example, if only a specific IP address or URL is attacked, IP packets whose destination address matches the attack target can be dropped on the router.
DDoS attacks will continue to grow in the future, as will other security threats. The continued development of DDoS technologies makes it necessary for companies to prepare themselves for proactive and proactive attacks to better protect themselves. Companies need to expand their emergency plans and re-analyze their network infrastructure. They must implement management and monitoring functions to develop a comprehensive understanding of their entire network.
Finally, IT administrators should be given the opportunity to deploy more resilient mechanisms that can quickly find the source of the threat, minimize the impact of the attack, and restore the services as quickly as possible. This is the only way to enable companies to avoid DDoS attacks and to fully concentrate on their business.
Here you can find the hacking with Kali manual.
No comments:
Post a Comment