In threats can come from individual hackers or

In the digital age, the security of the applications and networks are of paramount importance. The networks are under increasing threat from various hackers around the world. The threats can come from individual hackers or a group of hackers. The importance and demand for security professionals who safeguard the networks from such attacks is increasing day by day as organizations are increasingly becoming aware of the consequences of such threats. The attacks can come in various forms and can be in different layers such as network, transport or application layer. Application layer vulnerabilities  can be due to insecure coding or use of vulnerable components. Hackers can exploit such vulnerabilities to deface the applications, steal/modify/delete customer data or bring down the applications or systems. Such attacks which bring down the system thereby causing system downtime are called Denial of Service (DoS) attacks. DoS attacks can be over different layers of OSI model. DoS attacks such as UDP flood, ICMP flood, SYNC floods etc which aim to flood the network or consume the network resources to deny genuine traffic are best handled at the network or infrastructure level using firewall rules and IDP/IPS. Application level (Level 7) DoS attacks are hard to detect as these are slow traffic and appear as normal traffic with complete TCP connections and follow protocol rules. These type of attacks can target the applications directly bypassing the firewall and can be hard to detect. DoS attacks usually originate from one source. System administrators put in place various methods various filters to detect such attacks. When DoS attacks are detected, Intrusion detection system (IDS)/firewall would be able to stop the attacks by blocking the traffic from the source where the attacks are detected. However hackers are able to overcome such defenses by employing Distributed Denial of Service (DDoS) attacks. DDoS in as attack where the malicious traffic is originated from different sources. The attack may originate from sources around the world and converge on one system or network. As the traffic is originated from multiple sources, the IDS/Firewalls will find it difficult to identify and block such an attack. The attackers can use their own systems or can exploit other vulnerable systems to route the attack. Increasingly attackers are using botnet where they exploit the vulnerable systems using social engineering such as phishing emails or by exploiting any existing vulnerabilities and infect them with malicious programs or malware. The hacker then launches the attack on the target system using the botnet.Most common form of Level 7 DoS are related to HTTP traffic such as targeting the web server and application. Others forms of attack can target services such as DNS, SMTP, SSH etc.Different types of Application layer DDoS attacks and possible prevention techniques:- Ensure that the web server and all the components used by the application (that are developed in house or third party) are updated with latest patch levels. Web server or other components with known DoS vulnerability can be leveraged to launch an attack on the system.- Password bruteforce attack on the login page can lead to account lockout and can cause DDoS. The effective way to prevent such attack is to have a time throttled lockout mechanism.- HTTP GET / POST Flooding – Flooding the network with huge number of GET requests choking the resources. Look for requests coming without user agent or many requests coming with same content length, look for requests with same IP address but different user agent, IP addresses rotated frequently etc- HTTP Slowloris – Opening partial connections to the server and holding it as long as possible without closing the connection. Use Hardware Load Balancers that accepts only full http connections. Using hardware load balancers with an http profile configured will be the best method to stop such an attack. Because the load balancer will inspect the packet’s and will forward only those http request to the web server which are complete.- Billion Laugh (XML Bomb) – Applications using XML parsers can be attacked using DTD entities which can easily use up the memory  .- Buffer overflows – Applications vulnerable for buffer overflows can be crashed or can be exploited to run user inserted code.Some of the best practices which can help in defense against DDoS attacks:- Using WAF (Web Application Firewall) – It is an application firewall for HTTP traffic with rules configured to block malicious HTTP traffic. Using WAF can help to some extent in guarding against HTTP attacks.- Close unused ports.- Lookout for zero-day vulnerabilities – new attacks for which patch has not been released.- Look out for requests coming without user agent or many requests coming with same content length.- Look for requests with same IP address but different user agent, IP addresses rotated frequently.- Limiting the number of requests from a single IP address per unit time.- Limiting the number of simultaneous open connections from a unique IP address


I'm Isaac!

Would you like to get a custom essay? How about receiving a customized one?

Check it out