Prevention of DoS Attacks: Methods and Strategies
VerifiedAdded on  2023/03/30
|12
|2585
|100
AI Summary
This article discusses the prevention of DoS attacks and explores various methods and strategies to ensure network security. It covers topics such as recognizing and identifying attacks, contacting the Internet Service Provider, investigating black hole routing, configuring firewalls and routers, and the role of intrusion detection systems in cyber-attack detection.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Abstract
A DoS attack doesn't depend on a software on its malicious activities like virus or malware. Instead,
it studies the computer network structure and how it communicates before finally taking advantage
of inherited vulnerabilities. The attackers will just send simple messages especially in e-commerce
website asking the users to log in their accounts and when they do so the servers are shot down and
in that case the malicious activities are taking place. This types of spoofing are very common
nowadays but the users cannot easily recognized such messages because they are almost the same
as the real messages from the service providers (Wang, Sun, Han, & Ma, 2019). We should use the
technology or anti-DDos service to give use more secured environment of the working. This
services will help us identify between the legitimate network traffic and the DDoS attack. This
services will require a specialist because to handle it needs the understanding of the difference
between the real messages and the scam. The most important thing here is the to identify such
DDoS attacks so that we can know how to handle them (Reddy, Wing, & Patil, 2019).
Introduction
Firewalls and routers should be configured in a way that it will always reject the outside traffic. The
configurations should be done by security experts because this is a one way of securing the network
also from such spoofing. It is therefore advisable to use the latest version of the firewalls for the
more advanced security features found in such software. We should also be keeping updating the
software daily because the vendors keep on updating because of advancement of hackers also hence
they should be more secured and invulnerable to any attacks (Wang, Sun, Han, & Ma, 2019). An
IDS is a software application. It sends the alerts as soon as they receive suspicious threats on the
network traffic since the monitor closely all the network traffic of the system. This is the most
secured way of monitoring the threats but sometimes it may not be a perfect solution when it stands
alone. The more technology advances the more skills hackers will acquire. To ensure maximum
security in the network traffics the various methods should be employed. Network intrusion
detection system (NIDS) is an independent platforms which will examine network traffics and
monitor multiple hosts through intrusion process. This process happens by connecting intrusion
through network hub, switch among others. The sensors points to monitor demilitarized zone
(DMZ). It capture all the networks traffics and make sure it analyze the content of each individual
packets just to check malicious traffic (Wu, Wu, Liu, & Jiang, 2019).
1
A DoS attack doesn't depend on a software on its malicious activities like virus or malware. Instead,
it studies the computer network structure and how it communicates before finally taking advantage
of inherited vulnerabilities. The attackers will just send simple messages especially in e-commerce
website asking the users to log in their accounts and when they do so the servers are shot down and
in that case the malicious activities are taking place. This types of spoofing are very common
nowadays but the users cannot easily recognized such messages because they are almost the same
as the real messages from the service providers (Wang, Sun, Han, & Ma, 2019). We should use the
technology or anti-DDos service to give use more secured environment of the working. This
services will help us identify between the legitimate network traffic and the DDoS attack. This
services will require a specialist because to handle it needs the understanding of the difference
between the real messages and the scam. The most important thing here is the to identify such
DDoS attacks so that we can know how to handle them (Reddy, Wing, & Patil, 2019).
Introduction
Firewalls and routers should be configured in a way that it will always reject the outside traffic. The
configurations should be done by security experts because this is a one way of securing the network
also from such spoofing. It is therefore advisable to use the latest version of the firewalls for the
more advanced security features found in such software. We should also be keeping updating the
software daily because the vendors keep on updating because of advancement of hackers also hence
they should be more secured and invulnerable to any attacks (Wang, Sun, Han, & Ma, 2019). An
IDS is a software application. It sends the alerts as soon as they receive suspicious threats on the
network traffic since the monitor closely all the network traffic of the system. This is the most
secured way of monitoring the threats but sometimes it may not be a perfect solution when it stands
alone. The more technology advances the more skills hackers will acquire. To ensure maximum
security in the network traffics the various methods should be employed. Network intrusion
detection system (NIDS) is an independent platforms which will examine network traffics and
monitor multiple hosts through intrusion process. This process happens by connecting intrusion
through network hub, switch among others. The sensors points to monitor demilitarized zone
(DMZ). It capture all the networks traffics and make sure it analyze the content of each individual
packets just to check malicious traffic (Wu, Wu, Liu, & Jiang, 2019).
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Denial of service attacks
A DoS "denial of service" attack is a process of trying to hold the website access resources so that
the users cannot be able to gain an access into such resources. In our scenario, DMZ might have
been exposed too much so the attackers will try to gain access into the web server hence causing
this trouble of the downtime in the website. A DoS attack doesn't depend on a software on its
malicious activities like virus or malware. Instead, it studies the computer network structure and
how it communicates before finally taking advantage of inherited vulnerabilities. Since there is DoS
attack on the web servers then the website is facing downtime which make the service delivery a bit
difficult and the customers wouldn't accept such issues. A DMZ from the vendor needs to be
upgraded to ensure security services are not compromised (Reddy, Wing, & Patil, 2019).
Denial of service attacks can happen in two forms such as:
1) Flooding attacks
This is the common form of attack which normally occurs when the system is attacked and all the
traffic in servers are affected hence cannot be handled. Ping flood is a DoS attacks which uses
technique of spoofing packets of informations in every computer in the targeted network. In our
case, ping spoofing will take advantage of the misconfigured networks devices of the customers
since this attack will try to send spoofing packets to the their computers and this will lead to the
information exposure of the customers. A SYN flood also will try and exploit the TCP
vulnerabilities of the connection sequence. It is normally refereed to as the three way handshake of
connection between the server and the host network. In this case, the target server receives a request
to start the handshake but through this SYN the handshake will not be completed. The connected
port will therefore be occupied and not available for more request from the users but in that process
the attackers are taking such advantage to send more requests hence the server is overworked and
this leads to the shut down. This attacks should be stopped immediately before it becomes the major
problem (Xu, Hu, Ho, & Feng, 2019).
2) Crash attacks
Crash attacks is the process which the attackers try to send the bugs which exploits packets flaws on
the systems of the targets but this attacks occurs less often. This leads to the system crashing hence
leading to the poor services delivery and hence disturbing the daily activities of the customers. All
this will lead to prevention of the legitimate users from accessing the online services such as
website services, emails and even bank account services. This attacks should be prevented as much
as possible to cover up the customers loyalty and the trust of the company (Wang, Sun, Han, & Ma,
2019).
In our case, the problem seems to be originating from the Remote Access Server. These servers are
only accessible by the vendors who connects the through the VPN so that they can offer the web
server services such as maintenance of the web application software. The securities on RAS should
be tighten to minimize this cases and also the vendor should work under the policies of the
company which governs the laws of the cyber crimes. In this case the vendor will be more careful
of the vulnerabilities which may cause such cyber crimes activities (Xu, Hu, Ho, & Feng, 2019).
2
A DoS "denial of service" attack is a process of trying to hold the website access resources so that
the users cannot be able to gain an access into such resources. In our scenario, DMZ might have
been exposed too much so the attackers will try to gain access into the web server hence causing
this trouble of the downtime in the website. A DoS attack doesn't depend on a software on its
malicious activities like virus or malware. Instead, it studies the computer network structure and
how it communicates before finally taking advantage of inherited vulnerabilities. Since there is DoS
attack on the web servers then the website is facing downtime which make the service delivery a bit
difficult and the customers wouldn't accept such issues. A DMZ from the vendor needs to be
upgraded to ensure security services are not compromised (Reddy, Wing, & Patil, 2019).
Denial of service attacks can happen in two forms such as:
1) Flooding attacks
This is the common form of attack which normally occurs when the system is attacked and all the
traffic in servers are affected hence cannot be handled. Ping flood is a DoS attacks which uses
technique of spoofing packets of informations in every computer in the targeted network. In our
case, ping spoofing will take advantage of the misconfigured networks devices of the customers
since this attack will try to send spoofing packets to the their computers and this will lead to the
information exposure of the customers. A SYN flood also will try and exploit the TCP
vulnerabilities of the connection sequence. It is normally refereed to as the three way handshake of
connection between the server and the host network. In this case, the target server receives a request
to start the handshake but through this SYN the handshake will not be completed. The connected
port will therefore be occupied and not available for more request from the users but in that process
the attackers are taking such advantage to send more requests hence the server is overworked and
this leads to the shut down. This attacks should be stopped immediately before it becomes the major
problem (Xu, Hu, Ho, & Feng, 2019).
2) Crash attacks
Crash attacks is the process which the attackers try to send the bugs which exploits packets flaws on
the systems of the targets but this attacks occurs less often. This leads to the system crashing hence
leading to the poor services delivery and hence disturbing the daily activities of the customers. All
this will lead to prevention of the legitimate users from accessing the online services such as
website services, emails and even bank account services. This attacks should be prevented as much
as possible to cover up the customers loyalty and the trust of the company (Wang, Sun, Han, & Ma,
2019).
In our case, the problem seems to be originating from the Remote Access Server. These servers are
only accessible by the vendors who connects the through the VPN so that they can offer the web
server services such as maintenance of the web application software. The securities on RAS should
be tighten to minimize this cases and also the vendor should work under the policies of the
company which governs the laws of the cyber crimes. In this case the vendor will be more careful
of the vulnerabilities which may cause such cyber crimes activities (Xu, Hu, Ho, & Feng, 2019).
2
3
Prevention of DoS attacks
A DoS attack doesn't depend on a software on its malicious activities like virus or malware. Instead,
it studies the computer network structure and how it communicates before finally taking advantage
of inherited vulnerabilities. The attackers will just send simple messages especially in e-commerce
website asking the users to log in their accounts and when they do so the servers are shot down and
in that case the malicious activities are taking place. This types of spoofing are very common
nowadays but the users cannot easily recognized such messages because they are almost the same
as the real messages from the service providers (Wang, Sun, Han, & Ma, 2019).
Methods of prevention
1) Recognition of attacks
We should use the technology or anti-DDos service to give use more secured environment of the
working. This services will help us identify between the legitimate network traffic and the DDoS
attack. This services will require a specialist because to handle it needs the understanding of the
difference between the real messages and the scam. The most important thing here is the to identify
such DDoS attacks so that we can know how to handle them (Reddy, Wing, & Patil, 2019).
4
A DoS attack doesn't depend on a software on its malicious activities like virus or malware. Instead,
it studies the computer network structure and how it communicates before finally taking advantage
of inherited vulnerabilities. The attackers will just send simple messages especially in e-commerce
website asking the users to log in their accounts and when they do so the servers are shot down and
in that case the malicious activities are taking place. This types of spoofing are very common
nowadays but the users cannot easily recognized such messages because they are almost the same
as the real messages from the service providers (Wang, Sun, Han, & Ma, 2019).
Methods of prevention
1) Recognition of attacks
We should use the technology or anti-DDos service to give use more secured environment of the
working. This services will help us identify between the legitimate network traffic and the DDoS
attack. This services will require a specialist because to handle it needs the understanding of the
difference between the real messages and the scam. The most important thing here is the to identify
such DDoS attacks so that we can know how to handle them (Reddy, Wing, & Patil, 2019).
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2) Contacting of Internet Service Provider
We should also contact our ISP for the re-routing of the traffic because this will help prevent more
attack. If the traffic is compromised then the process of re-routing will help prevent more attack and
also backup service is very important. Backup will help the lost packets and other informations back
into the servers. The attack will not continue with its malicious activities because all the servers has
been rebooted and hence they will not get full information in launching the attack. ISP will play key
role in DoS attacks and the most important is they can help prevent by rebooting and also backup
services (Wang, Sun, Han, & Ma, 2019).
3) Investigations of the black hole routing
This process will direct the excess traffic to a black hole route and it is mainly applied by the ISP
because they have full control of the traffic. In this case, both the legitimate and illegitimate traffics
are redirected to this hole of which it is a set back process to us but advantage to us on the traffic
attacks. This process will help in prevention of the network and websites being targeted by the
attackers. We will not encourage this method so much but if the need be then we will ask the ISP to
do such routing (Reddy, Wing, & Patil, 2019).
5
We should also contact our ISP for the re-routing of the traffic because this will help prevent more
attack. If the traffic is compromised then the process of re-routing will help prevent more attack and
also backup service is very important. Backup will help the lost packets and other informations back
into the servers. The attack will not continue with its malicious activities because all the servers has
been rebooted and hence they will not get full information in launching the attack. ISP will play key
role in DoS attacks and the most important is they can help prevent by rebooting and also backup
services (Wang, Sun, Han, & Ma, 2019).
3) Investigations of the black hole routing
This process will direct the excess traffic to a black hole route and it is mainly applied by the ISP
because they have full control of the traffic. In this case, both the legitimate and illegitimate traffics
are redirected to this hole of which it is a set back process to us but advantage to us on the traffic
attacks. This process will help in prevention of the network and websites being targeted by the
attackers. We will not encourage this method so much but if the need be then we will ask the ISP to
do such routing (Reddy, Wing, & Patil, 2019).
5
4) Firewalls and routers configurations
Firewalls and routers should be configured in a way that it will always reject the outside traffic. The
configurations should be done by security experts because this is a one way of securing the network
also from such spoofing. It is therefore advisable to use the latest version of the firewalls for the
more advanced security features found in such software. We should also be keeping updating the
software daily because the vendors keep on updating because of advancement of hackers also hence
they should be more secured and invulnerable to any attacks (Wang, Sun, Han, & Ma, 2019).
5) Considering of front-end hardware
Front-end application software plays a major role here by analyzing and screening data packets of
the network traffic. The hardware has the big role to play because before the data enters into the
systems, then it priorities and also regulate by checking the security of the data before allowing it.
We should install this applications to help us prevent further attacks in-case they will not be
recognized by firewalls and prevented (Wu, Wu, Liu, & Jiang, 2019).
6
Firewalls and routers should be configured in a way that it will always reject the outside traffic. The
configurations should be done by security experts because this is a one way of securing the network
also from such spoofing. It is therefore advisable to use the latest version of the firewalls for the
more advanced security features found in such software. We should also be keeping updating the
software daily because the vendors keep on updating because of advancement of hackers also hence
they should be more secured and invulnerable to any attacks (Wang, Sun, Han, & Ma, 2019).
5) Considering of front-end hardware
Front-end application software plays a major role here by analyzing and screening data packets of
the network traffic. The hardware has the big role to play because before the data enters into the
systems, then it priorities and also regulate by checking the security of the data before allowing it.
We should install this applications to help us prevent further attacks in-case they will not be
recognized by firewalls and prevented (Wu, Wu, Liu, & Jiang, 2019).
6
Role of Intrusion-Detection Systems in Cyber-Attack Detection
An IDS is a software application. It sends the alerts as soon as they receive suspicious threats on
the network traffic since the monitor closely all the network traffic of the system. This is the most
secured way of monitoring the threats but sometimes it may not be a perfect solution when it stands
alone. The more technology advances the more skills hackers will acquire. To ensure maximum
security in the network traffics the various methods should be employed (Wang, Sun, Han, & Ma,
2019).
This type of method isn't recommended because it can only give us information of the detected
traffic flow since it is a passive technology. Alerts will only tell us the traffics as been found but it
can't help prevent such traffics from reaching the destinations. The positive side of this software is
only to detect and give the results of the traffic but it can't prevent it in anyway possible on such
traffics. Firewalls are much better because they use intrusion prevention systems(IPS) technology to
detect and prevent the malicious traffics by blocking them. Most experts therefore says IDS still as
the key role to play even though the don't prevent the attacks. We are therefore going to use this
method for justifications of the malicious traffics but we will relies on it in prevention of the same
traffics (Compton, R. A. 2019).
According to our research, we found that the complains of the customers was really true by use of
this IDS. When we scan on the website traffic, we found out that there were malicious traffic in our
network. These are clear evidence that the traffic was compromised through vendors servers. It
helped us of malicious traffic alerts which was taking place in the website servers. After we have
used this method, then we can use other prevention methods. It plays an important role because it
analyses and also alert of the suspicious traffics (Wu, Wu, Liu, & Jiang, 2019).
We also faced some challenges using this method:
1) False positive
We experience some alerts but when we have a look at such problems then there were no threats.
This IDS is so notorious sometimes because it gives unnecessary alerts which posses some risk to
the team hence it might lead to unnecessary cost of trying to find out solution yet there is no threats
(Wang, Sun, Han, & Ma, 2019).
2) Legitimate risk
An IDS is sometimes very tricky because you should know what attack is to be able to identify. This
method is always is recommended for the senior experts since it requires time to really proof the
alerts posted by this method (Wu, Wu, Liu, & Jiang, 2019).
I will therefore recommend that, this IDS should not be used more often unless otherwise
recommend under certain circumstances. As the technology get more advanced, there is IPS which
will have an extra feature of preventing the attacks from the malicious traffics (Compton, R. A.
2019).
7
An IDS is a software application. It sends the alerts as soon as they receive suspicious threats on
the network traffic since the monitor closely all the network traffic of the system. This is the most
secured way of monitoring the threats but sometimes it may not be a perfect solution when it stands
alone. The more technology advances the more skills hackers will acquire. To ensure maximum
security in the network traffics the various methods should be employed (Wang, Sun, Han, & Ma,
2019).
This type of method isn't recommended because it can only give us information of the detected
traffic flow since it is a passive technology. Alerts will only tell us the traffics as been found but it
can't help prevent such traffics from reaching the destinations. The positive side of this software is
only to detect and give the results of the traffic but it can't prevent it in anyway possible on such
traffics. Firewalls are much better because they use intrusion prevention systems(IPS) technology to
detect and prevent the malicious traffics by blocking them. Most experts therefore says IDS still as
the key role to play even though the don't prevent the attacks. We are therefore going to use this
method for justifications of the malicious traffics but we will relies on it in prevention of the same
traffics (Compton, R. A. 2019).
According to our research, we found that the complains of the customers was really true by use of
this IDS. When we scan on the website traffic, we found out that there were malicious traffic in our
network. These are clear evidence that the traffic was compromised through vendors servers. It
helped us of malicious traffic alerts which was taking place in the website servers. After we have
used this method, then we can use other prevention methods. It plays an important role because it
analyses and also alert of the suspicious traffics (Wu, Wu, Liu, & Jiang, 2019).
We also faced some challenges using this method:
1) False positive
We experience some alerts but when we have a look at such problems then there were no threats.
This IDS is so notorious sometimes because it gives unnecessary alerts which posses some risk to
the team hence it might lead to unnecessary cost of trying to find out solution yet there is no threats
(Wang, Sun, Han, & Ma, 2019).
2) Legitimate risk
An IDS is sometimes very tricky because you should know what attack is to be able to identify. This
method is always is recommended for the senior experts since it requires time to really proof the
alerts posted by this method (Wu, Wu, Liu, & Jiang, 2019).
I will therefore recommend that, this IDS should not be used more often unless otherwise
recommend under certain circumstances. As the technology get more advanced, there is IPS which
will have an extra feature of preventing the attacks from the malicious traffics (Compton, R. A.
2019).
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Configurations of IDS
Configurations of IDS is quite simple. After the installment of the software then we have to specify
which network interface we need. We have to choose from various options which captures traffic
for detection of the suspicious activities. We will access all this configurations in the menu. We
have to choose the option using the checkbox (Wu, Wu, Liu, & Jiang, 2019).
We have to save CPU time for the purpose of the rules disabling if we are not interested. Especially
services not available in our network.
8
Configurations of IDS is quite simple. After the installment of the software then we have to specify
which network interface we need. We have to choose from various options which captures traffic
for detection of the suspicious activities. We will access all this configurations in the menu. We
have to choose the option using the checkbox (Wu, Wu, Liu, & Jiang, 2019).
We have to save CPU time for the purpose of the rules disabling if we are not interested. Especially
services not available in our network.
8
We can now integrated with the log module only after enabling. We can also use different IDS alerts
but applying usual procedure.
Network intrusion detection system (NIDS)
This is an independent platforms which will examine network traffics and monitor multiple hosts
through intrusion process. This process happens by connecting intrusion through network hub,
switch among others. The sensors points to monitor demilitarized zone (DMZ). It capture all the
networks traffics and make sure it analyze the content of each individual packets just to check
malicious traffic (Xu, Hu, Ho, & Feng, 2019).
9
but applying usual procedure.
Network intrusion detection system (NIDS)
This is an independent platforms which will examine network traffics and monitor multiple hosts
through intrusion process. This process happens by connecting intrusion through network hub,
switch among others. The sensors points to monitor demilitarized zone (DMZ). It capture all the
networks traffics and make sure it analyze the content of each individual packets just to check
malicious traffic (Xu, Hu, Ho, & Feng, 2019).
9
Conclusion
Configurations of IDS is quite simple. After the installment of the software then we have to specify
which network interface we need. We have to choose from various options which captures traffic
for detection of the suspicious activities. We will access all this configurations in the menu. We
have to choose the option using the checkbox. According to our research, we found that the
complains of the customers was really true by use of this IDS. When we scan on the website traffic,
we found out that there were malicious traffic in our network. These are clear evidence that the
traffic was compromised through vendors servers. It helped us of malicious traffic alerts which was
taking place in the website servers. After we have used this method, then we can use other
prevention methods. It plays an important role because it analyses and also alert of the suspicious
traffics (Wang, Sun, Han, & Ma, 2019).
10
Configurations of IDS is quite simple. After the installment of the software then we have to specify
which network interface we need. We have to choose from various options which captures traffic
for detection of the suspicious activities. We will access all this configurations in the menu. We
have to choose the option using the checkbox. According to our research, we found that the
complains of the customers was really true by use of this IDS. When we scan on the website traffic,
we found out that there were malicious traffic in our network. These are clear evidence that the
traffic was compromised through vendors servers. It helped us of malicious traffic alerts which was
taking place in the website servers. After we have used this method, then we can use other
prevention methods. It plays an important role because it analyses and also alert of the suspicious
traffics (Wang, Sun, Han, & Ma, 2019).
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Reference
Wang, B., Sun, Q., Han, R., & Ma, D. (2019). Consensus-based secondary frequency control under
denial-of-service attacks of distributed generations for microgrids. Journal of the Franklin Institute.
Xu, W., Hu, G., Ho, D. W., & Feng, Z. (2019). Distributed Secure Cooperative Control Under
Denial-of-Service Attacks From Multiple Adversaries. IEEE transactions on cybernetics.
Wu, C., Wu, L., Liu, J., & Jiang, Z. P. (2019). Active Defense Based Resilient Sliding Mode Control
under Denial-of-Service Attacks. IEEE Transactions on Information Forensics and Security.
Compton, R. A. (2019). U.S. Patent Application No. 15/692,762.
Reddy, T., Wing, D., & Patil, P. (2019). U.S. Patent Application No. 16/110,102.
Wang, B., Sun, Q., Han, R., & Ma, D. (2019). Consensus-based secondary frequency control under
denial-of-service attacks of distributed generations for microgrids. Journal of the Franklin Institute.
Xu, W., Hu, G., Ho, D. W., & Feng, Z. (2019). Distributed Secure Cooperative Control Under
Denial-of-Service Attacks From Multiple Adversaries. IEEE transactions on cybernetics.
Wu, C., Wu, L., Liu, J., & Jiang, Z. P. (2019). Active Defense Based Resilient Sliding Mode Control
under Denial-of-Service Attacks. IEEE Transactions on Information Forensics and Security.
Compton, R. A. (2019). U.S. Patent Application No. 15/692,762.
Reddy, T., Wing, D., & Patil, P. (2019). U.S. Patent Application No. 16/110,102.
11
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.