Denial of Service (DoS) John Dough
Insert a University
When defending a network against a DoS or DDoS type attack it is important to view it in the correct way. This type of attack can be defended in a number of ways. The first is to prevent malware from entering the network in the first place, which can be addressed by training employees on basic security measures. However this is more of a technique to reduce not prevent attacks. The second way to counteract a DDoS or DoS attack is by a stronger network design and infrastructure.
The first method in providing a countermeasure to a DDoS attack is to eliminate common security violations that could cause you or your network to be susceptible to malware. This entire concept makes me think of a very famous quote by Sun Tzu in the Art of War, “every battle is won before it is ever fought.” If a company can get its staff to marginally reduce the most common security errors then it can significantly improve its chances of preventing an attack. The most common errors are listed below (Perrin, C 2008). 1. Using unsecure emails/computers to send sensitive emails 2. Spamming coworkers and opening personal emails corporate computers 3. Basing passwords on personal information 4. Basing your security on what is currently popular or what vendor recommend, not your needs 5. Inexperienced security personnel working on your staff 6. Not including “testing” as a part of your implementation process 7. Making everything “sensitive” results in nothing being “sensitive” 8. Using badges or other items that can be duplicated or counterfeited
In addition, some DDoS attacks are the results of gathering data that was done in person. For example, gathering data on the practices of your company by a guest or a passerby. This sort of action can lead to dumpster diving, shoulder surfing, collecting business cards, leaving USB’s in a parking lot or lobby as though it were lost and other forms of social engineering. We are at a point in time in history where social networking has become part of not only our personal lives but our professional lives. Companies are making sites like Facebook, Twitter, MySpace, LinkedIn, etc an extension of their company. There are reports of intruders using social networking through these sites to gain information to attack a company. Staff who are on sites like these need to be careful of how much personal data they show and what is private on these sites.
A scenario I’ve recently been made aware of is a person who works at a major defense contracting company. They have many facebook friends and over 75 that are coworkers and work in a variety of government agencies. They “became friends” with a person who they really didn’t that well and that person now had a list of 74 other people to be potential victims and they each had friends that were in the same line of work. In fact, it lead to the internal facebook site which he shouldn’t have been granted access to, but was. He knew his one of his friends work email which lead to him figuring out most of the other peoples email and then launched a series of spam email attacks. Companies like this can’t stop people making friends on facebook with coworkers but do they need to promote joining their page and if so shouldn’t they be more careful of who they add. Some companies are beginning to keep some PII (Personally Identifiable Information) on their pages more private but trolling social networking sites is quickly becoming a popular form of social engineering.
There are also other actions that may seem like common sense but are frequently overlooked such as adhering to a procedures and policies handbook mainstay of not going to inappropriate sites. These sites can be laden with malicious files, spyware, adware or even XSS (Cross Site Scripting) attacks. Any one of these can lead to the opening an intruder is looking for.