Understanding DDoS Attacks and Defenses

Verified

Added on 2020/05/16

AI Summary

This assignment delves into the realm of Distributed Denial-of-Service (DDoS) attacks, examining their characteristics, methodologies, and consequences. It also explores a range of defensive strategies employed to counter these attacks, including network security measures, traffic analysis techniques, and cloud-based solutions.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CYBER SECURITY IN ORGANIZATIONS
Cyber Security in Organizations
Name of the student:
Name of the University:
Author note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
CYBER SECURITY IN ORGANIZATIONS
Executive Summary
The report below does critical analysis of the DDoS attack scenario on the Australian Bureau
of Statistics census website. The literature is surveyed and possible reasons for the attack to
take place shall be identified and explained. Both, the government’s and IBM’s role in the
projects will be criticized with close relation to the policies and technicalities. Later, feasible
solutions are to be provided for the organization’s benefits.

2
CYBER SECURITY IN ORGANIZATIONS
Table of Contents
Introduction................................................................................................................................3
The DDoS attack on ABS census website.................................................................................3
Causes of the DDoS attack Debacle in ABS Census Website...................................................4
Lack of Proper Testing...........................................................................................................4
Lack of Geo-blocking mechanism.........................................................................................5
Failure to have tested a router restart or have a backup synchronization process in place....5
Limited tender process...........................................................................................................5
Measures to mitigate such problems in the future.....................................................................6
Measures to be taken by the Managements............................................................................6
Technical measures................................................................................................................7
Conclusion..................................................................................................................................8

3
CYBER SECURITY IN ORGANIZATIONS
Introduction
The Distributed Denial of Service (DDoS) attack is defined as an attempt that is
capable of disabling an online service. In this form of attack, the online server is
overwhelmed with traffic from various sources, thus making the server crash and disallow the
main users to access (Zargar, Joshi & Tipper, 2013). Attackers such as these tend to target
public domain websites or organizations with an aim to inject harassment and hence create a
ridicule out of it. They generally attack major banks and government websites (Darwish Ouda
& Capretz, 2013). This presents a critical challenge to the respective cyber security
respondents to make sure that the public can once again access and furnish information on the
websites. In this report, one such DDoS attack scenario is to be discussed in detail with keen
attention to the case study of the Australian Bureau of Statistics (ABS) census website. The
report shall further help to identify the gaps in the decisions taken by the management that
might have led to this scenario. Later, an improvement plan is to be crafted and presented that
shall benefit any organization to fruitfully conduct their work and business.
The DDoS attack on ABS census website
On 8 August 2016, the main event day of Australian census, the Australian bureau of
Statistics census website was subjected to numerous crashes. The government agency
claimed that the website crashed due to a chain of four consecutive Distributed Denial of
Service attacks. Reports also claim that each attack was of varying severity and nature. The
first three attacks had reported minor disruptions in the functioning of the system. Millions of
Australians could not access the website. However, about 2 million Census forms were still
submitted irrespective of the crash. Agencies also claim that these entries, that were made
during the crash period was safely stored and the public must not worry. Nevertheless, this
was not just the end of the road for the DDoS attackers; they launched another attack after

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
CYBER SECURITY IN ORGANIZATIONS
7:30 in the evening. This forced the ABS managers and cyber security heads to shut down the
system. By doing so, they made sure that the integrity of already stored data is preserved
efficiently.
"Do better next time: Senate report slams 2016 Census" (2018), reports that the
Australian Prime Minister, Malcolm Turnbull defended the government’s responsibility in
this cyber debacle. He mentioned that the attack was highly predictable and the government
cannot be blamed for that either. His statement induced clear implications that the software
farm who were in charge of the website and the system has a role to play in the hour of
failure. IBM was in charge of the website. They clearly failed to maintain the level of security
needed to govern a public website that deals with classified information from millions of
individuals around the country. Everybody in the government was blaming IBM for their
negligence with the website’s security constraints. As a result, multiple theories have come
up with different reasons that might have led to this attack. The responsibility of the IBM
management and that of the Australian Government shall both be discussed and few of the
root causes that led to this massive failure be presented in the next part of the report.
Causes of the DDoS attack Debacle in ABS Census Website
In this section, the report will try to identify the possible reasons that might have led
to this chain of DDoS attacks on the census website. As mentioned above, the government
has been busy trying to shift the responsibility of the failure onto the shoulders of the IT
contractor company, IBM in this case. Prime Minister, Turnbull claimed that IBM could
foresee one such attack coming their way, yet they refused to perform enough system and
server-testing making allowing the website to Go Live. This and several other reasons for the
same shall be discussed below.
Lack of Proper Testing

5
CYBER SECURITY IN ORGANIZATIONS
It can be easily guessable that the It contractor company did not apply the right testing
procedures before publishing the website and its integrated systems. Several reports claim
that the attack was fairly minor in shape and could have been blocked at its course if the
website had very little security features present. This, despite being a high-risk project, the
lack of proper testing methods implemented in the buildup is indeed a shame. IBM must have
possibly done Load testing on the website. Load testing helps to test the performance of a
system in real-time conditions of heavy traffic on the server (Meira et al., 2012). However,
DDoS testing was necessary to be conducted. A DDoS test helps to address how much
prepared is a system against possible threats of Denial of Service (Karami, Park & McCoy,
2016).
Lack of Geo-blocking mechanism
According to "Did the Census really suffer a denial-of-service 'attack'?" (2018),
another possible step, which the IBM management failed to implement in the system was
enabling Geo-blocking mechanism in order to prevent the occurrence of a DDoS attack. This
would allow the website to block access of traffic from countries that are known to be the hub
of DDoS attackers. According to Broadhurst & Chang (2013), China, Vietnam, Taiwan and
South Korea are the countries from where most of the world’s DDoS attacks are originated.
Therefore, geo-blocking could have denied this issue from happening at all in the first place.
Failure to have tested a router restart or have a backup synchronization process in
place
IBM’s failure to have restarted the router, governing the entire system could be one of
the dominant reasons for the attack. The delay in doing so allowed the attackers the ping
access to the server and they were not stopped in their course. The lack of a back

6
CYBER SECURITY IN ORGANIZATIONS
synchronizer was also prominent. The server could not recover from the failure and was
hence needed to be shut down.
Limited tender process
Multiple reports all around Australia slammed the Government for the lack of an open
tender process in the selection of the IT service provider for the project. It is believed that
IBM was selected from a very limited set of tender applications and hence some sections of
the media doubt the government’s policy in choosing the right farm for the project.
Measures to mitigate such problems in the future
Any organization that deals with chunks of classified or private data of the public,
must assert to follow certain technical norms and procedures in order to prevent the same.
Below, a list of possible procedures will be discussed, which organizations such as these must
adapt to and gain overwhelmingly from it, later.
Measures to be taken by the Managements
Firstly, to abide by this case and to take it as a lesson, to conduct open and fair tender
selection is necessary. Any organization, especially those in the Government sector, must
make sure that they choose the best of service providers from a pool of many. Numerous
service providers must be allowed to participate in the tender process and each of their
presentation must be judged with keen details to the technicalities of the service they would
provide.
As the perfect IT service provider is selected from a pool of several other competitive
tenders, the organization must take initiatives to meet with the farm frequently and keep them
updated about the supremeness of a public domain project. The details about the project and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
CYBER SECURITY IN ORGANIZATIONS
the security concerns that it is destined to face shall also be mutually discussed before the
project is initiated.
The organizations must have a 24*7 facility to monitor DDoS attack opportunities
(Lee et al., 2012). It is also necessary to keep instances ready that would help to handle the
situation as soon a server is hit with DDoS attacks. The organization must also have adequate
tools and techniques to scale the damage caused and recover back from it as soon as possible.
The Boston Children’s Hospital DDoS attack case can be brought to light to highlight
the right measures to be undertaken in order to mitigate the aftermaths of the attack. The
hospital management responded as fast as possible and activated their multidisciplinary
incident response team. This team quickly identified the critical problems that led to this
attack and the effects it had. Later, they took help of Radware’s Emergency Response Team
to perform the mitigation of DDoS attacks ("DDoS Case Study: DDoS Attack Mitigation
Boston Children’s Hospital", 2018).
Technical measures
To foresee, adapt and technically mitigate such attacks is the sole duty of the IT
service provider company. The company must make sure that they have done every possible
bits of testing before they publish any project. As in this case, it was assumed that IBM had
conducted the load testing on the server quite efficiently, however, what they neglected was a
DDoS stress testing. It is necessary to conduct such tests to ensure that the server and the
system is capable of running without interruptions and has a secured environment (Pescatore,
2014). Having identified the volume of traffic on the website, the companies must plan
beforehand of the bandwidth they must provide. This is to be tested vigorously in the testing
phase, under real-time circumstances of DDoS simulant traffic.

8
CYBER SECURITY IN ORGANIZATIONS
The Geo-blocking technique is a necessary inclusion. Through this, the server can
block traffic from particular geographical locations. In this case, where a census website is to
be made functioning, the geo-blocking mechanism would help to block specific countries
from where
DDoS threats are maximum, as mentioned in one of the above sections.
The IT providers in addition to the regular signature-based firewalls and router reboot
mechanisms might use several other mitigation or DDoS defensive tools. The use of load
balancers help to balance the amount of traffic across numerous servers within a defined
network access with the prime aim to create more network availability (Jia et al., 2014). In
addition, with the increasing need for cloud-server security, the need for cloud based anti-
DDoS tools also increases. These tools are helpful to filter out malicious access attempts and
thus prevent the systems from possible DDoS traffic (Osanaiye, 2015).
However, from a rich man’s point of view, it can be stated that it is always the best for
a large organization like a government sector to build their own secluded server. The largest
web companies like Google, Facebook and many others have their self-owned servers and are
hence aloof of any possible DDoS attacks. This not only increases the security of the website
and the system, but also enhances the speed and working of it. From this and all the above
mentioned ways, organizations can gain heavily in all aspects.
Conclusion
From the above report, the importance of DDoS protection can be concluded. The
case study of the Australian Bureau of Statistics census website helps to recognize the
graveness of a DDoS attack on a public sector initiative. From the case study it is made clear
that both the Government and the IT company is at fault and they could have done more to
have mitigated the situation or even could have prevented it in the first place. The

9
CYBER SECURITY IN ORGANIZATIONS
management should be more responsible towards taking measures to avoid and handle such
circumstances. The technological procedures to mitigate these attacks must also be kept in
mind while developing and maintaining such public websites.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
CYBER SECURITY IN ORGANIZATIONS
References
Broadhurst, R., & Chang, L. Y. (2013). Cybercrime in Asia: trends and challenges.
In Handbook of Asian criminology (pp. 49-63). Springer New York.
Darwish, M., Ouda, A., & Capretz, L. F. (2013, June). Cloud-based DDoS attacks and
defenses. In Information Society (i-Society), 2013 International Conference on (pp.
67-71). IEEE.
DDoS Case Study: DDoS Attack Mitigation Boston Children’s Hospital.
(2018). Security.radware.com. Retrieved 19 January 2018, from
https://security.radware.com/ddos-experts-insider/ert-case-studies/boston-childrens-
hospital-ddos-mitigation-case-study/
Did the Census really suffer a denial-of-service 'attack'?. (2018). The Conversation.
Retrieved 19 January 2018, from https://theconversation.com/did-the-census-really-
suffer-a-denial-of-service-attack-63755
Do better next time: Senate report slams 2016 Census. (2018). NewsComAu. Retrieved 19
January 2018, from http://www.news.com.au/technology/online/australias-2016-
census-had-significant-and-obvious-oversights-report-finds/news-story/
6edcf8f897b2361965bd72683ee6edbe
Jia, Q., Wang, H., Fleck, D., Li, F., Stavrou, A., & Powell, W. (2014, June). Catch me if you
can: A cloud-enabled ddos defense. In Dependable Systems and Networks (DSN),
2014 44th Annual IEEE/IFIP International Conference on (pp. 264-275). IEEE.
Karami, M., Park, Y., & McCoy, D. (2016, April). Stress testing the booters: understanding
and undermining the business of DDoS services. In Proceedings of the 25th

11
CYBER SECURITY IN ORGANIZATIONS
International Conference on World Wide Web (pp. 1033-1043). International World
Wide Web Conferences Steering Committee.
Lee, S. M., Kim, D. S., Lee, J. H., & Park, J. S. (2012). Detection of DDoS attacks using
optimized traffic matrix. Computers & Mathematics with Applications, 63(2), 501-
510.
Meira, J. A., de Almeida, E. C., Le Traon, Y., & Sunye, G. (2012, April). Peer-to-peer load
testing. In Software Testing, Verification and Validation (ICST), 2012 IEEE Fifth
International Conference on (pp. 642-647). IEEE.
Osanaiye, O. A. (2015, February). Short Paper: IP spoofing detection for preventing DDoS
attack in Cloud Computing. In Intelligence in Next Generation Networks (ICIN),
2015 18th International Conference on (pp. 139-141). IEEE.
Pescatore, J. (2014). DDoS attacks advancing and enduring: a SANS survey. Tech. Rep.
Wang, B., Zheng, Y., Lou, W., & Hou, Y. T. (2015). DDoS attack protection in the era of
cloud computing and software-defined networking. Computer Networks, 81, 308-319.
Xylogiannopoulos, K., Karampelas, P., & Alhajj, R. (2016, January). Real Time Early
Warning DDoS Attack Detection. In Proceedings of the 11th International
Conference on Cyber Warfare and Security (p. 344).
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against
distributed denial of service (DDoS) flooding attacks. IEEE communications surveys
& tutorials, 15(4), 2046-2069.