 |
| Fig. 1: How Denial-of-Service (DoS) attacks work |
DoS (Denial-of-Service) attacks were once the favorite weapon of hackers committed to disrupting the largest properties on the internet faded out into almost oblivion in favor of more financially motivated attacks. Awfully hard to protect against and potentially expensive, DoS could trigger outages of web sites and network services for organizations large and small.
Overview
DoS attacks
could also be a lucrative source for criminal activities, several of whom use
these cyber-attacks to extract from businesses for anywhere from hundreds of
thousands to millions of dollars. Generally, these profit-oriented
cyber-attacks required furtive, non-disruptive methods to get done their
objective of filching invaluable data. During the intervening years, DoS
attacks were used mainly for extortion. In this setting, the hackers make
threats to carry out a DoS attack unless a nominal fee is received by a certain
deadline. Pay and you get a nice complimentary “thank you” email; do not, and
your business will go through the consequences.
How Do
DoS Attacks Work?
A DoS is any
type of cyber-attack where the hackers try to stop legitimate users from
accessing any type of information or services. In a DoS attack, the hackers
usually, flood the network with excessive messages requesting the network or
server to validate and confirm requests that have invalid return addresses.
This will certainly result in a network or a server is not able to locate the return address of the hacker when sending out the verification approval,
causing the network or server to wait before ultimately closing the connection.
When the network or server closes the connection, the hacker sends out more
validation and confirmation messages requesting again with invalid return
addresses. Consequently, this process of back-and-forth validation and
confirmation sequences and server wait will start, again and again, keeping the
network or server busy. Accessing network information or services by excessive
messaging requests that tie up its resources are among the most extremely
feared threats in the present-day cybersecurity environment.
Denial-of-service
attacks do not just affect websites - individual home users can become victims
too. Denial-of-service attacks can be difficult to distinguish from common
network activity, but there are some indications that an attack is in progress.
A few years
back have seen a significant resurgence of Denial-of-Service (DoS) attacks. Not
only does this availability - threatening class of attack tightly and securely
making a return on the radar screens of today’s network and security teams, but
that the nature of the threat has significantly changed as well. If before the
target of these attacks were only large Internet businesses, now every
business, regardless of size or industry type, is at risk. Moreover, detecting
these attacks is becoming much harder compared to in the past, as sneaky,
low-bandwidth application layer variations focusing on wearing out backend
resources bring together the ever-familiar, high-volume attacks aimed to flood
the networks systems or knock-over vital network devices or services.
Returning
with vengeance
DoS attacks
have returned with a vengeance and with more intent than ever before. If way
back then the target was limited to large properties on the Internet, today it
is every business that is crawling on the internet. This development could be attributed
foremost to being becoming a favored method for socially and politically
inspired attacks. Without bias, they are an excellent fit in these instances.
Now, it is not only the valuable data the hackers are up to, but getting the
attention of the target is, and even more important is the public at large.
Largely, a noteworthy by-product of these cyber-attacks was the release of free
or low-cost toolkits for crafting DoS attacks and combining these toolkits with
easy access to botnets, paving the way for the return of DoS attacks to the
mainstream. They too contributed to a couple of attributes of the present DoS
topography that are especially indispensable to acknowledge. Starting with low
technical and financial barriers to entry means that just about anybody could
effectively execute a DoS attack these days. Second, and for the very same
fundamental reasons, it is currently easy to leverage the DoS modus operandi
for money-wise motivated attacks as well. These attacks could be carried out
either by directly disrupting the competition or by using DoS methods to
obscure or confuse for a multi-vector cyber-attack ultimately meant to steal
valuable information.
Understanding
the DoS Landscape
 |
| Fig. 2: Understanding DoS attack landscape | Source: https://spanning.com/ |
In a DoS attack, hackers (attackers) attempts to hinder or stop a legitimate user from accessing information or services by targeting the computer and its network connection, or computers and networks of the sites being used. The hacker maybe able to prevent any legitimate users from accessing email, online accounts (banking systems, other financial institutions, etc.), websites, or any other services that depend on the affected computer.
A hacker
could use spam email messages in launching a similar attack on a user's email
account. Any legitimate user email account, whether supplied by an employer or
through a free service such as Gmail, Hotmail, or Yahoo, are assigned a
specific quota, which limits the amount of data in an account at any given
time. Sending many, or huge email messages to the account, a hacker could use
up the quota stopping a user from further receiving legitimate messages.
The most
obvious type of DoS attack and by far the most common is when a hacker “floods”
a network system with data. For example, by typing a URL for a particular
website into the browser, a user is sending requests to that site’s computer
server to view a page. A server can only process a specified number of requests
at once, therefore if a hacker overburdens the server with too many requests,
it then cannot process the requests. This is called “Denial-of-Service” since
the site cannot be accessed.
The Progression of DoS Attacks
 |
| Fig. 3: A DoS Attack Asymmetry |Source: https://www.citrix.com/ |
Although its simplicity of execution has aided in the return of DoS attacks, one major change of its comeback is having a uniformly profound effect as soon as it comes up to protect against them. Generally consistent with what is transpired all through the threat topography, DoS attacks are migrating up the computing stack. Simply “migrating” implies a departure from a place of origin, but it is more precisely accurate to say that they’re toting up fresh wiles to their resource. These suggest that these high-volume, boisterous, network-centered DoS attacks are not necessarily going away anytime soon, more so when they are joined by a new breed of DoS attacks that work at upper layers of the computing stack.
But for all
that is changed, DoS attacks remain steadfast on bringing about resource
burnout at some point in the end-to-end computing sequence - be it on the
network channels, the situation indices of network devices and servers, or the
application host's processing capacities. Keeping focused on this datum is
crucial to putting together a successful DoS alleviation policy.
High-level
mitigating policies for DoS
DoS
mitigation policies are classified into two general types, with each of these
types are several possibilities, each with its own pros and cons. These types
are the following: client premise-based devices and cloud-based service
offerings.
Customer
premise-based devices –
The first
DoS mitigating options in this type, and one that swiftly needs to be given
notice to as a lowly choice is the enterprise firewall or any intrusion
prevention system. Fair enough, these devices frequently do include a few DoS
safety mechanisms, certainly some more than others. Then again, these
mechanisms are largely restricted to neutralizing network DoS attacks and thus
provide no security against advanced variants. The necessity to intently track
down the state of packets and flows passing all through them makes these
devices vulnerable to DoS attacks.
The second
option is the dedicated DoS mitigation devices. While they normally proffer a
hardy set of multi-layer DoS defense devices, they as well have some failings.
To start with, dedicated DoS mitigation devices go through the very same
restriction as all other customer's premise-based solution; that of being
immaterial if the attack deluges the Internet connections and stops traffic
from reaching them in the first place. Moreover, they are too are likely
susceptible to SSL-based attacks which of course carry a heavy processing
penalty, particularly in the nonexistence of dedicated hardware for SSL
inspection and termination. One other identifiable trade-off to think through
is the extent to which one inimitable DoS prevention competency prevail over
that of a necessity to purchasing, deploying, and maintaining yet another
device at every Internet link of importance.
Cloud-based
DoS mitigation service offerings –
The key
benefit of cloud-based DoS mitigation alternatives is that dissimilar
customer-premise based options could account for any DoS attacks concentrated
on inundating the Internet bandwidth. In general, the two offerings of this
type, namely, the anti-DoS service providers and the content delivery network
service providers, prominently include data centers provisioned with huge amounts
of bandwidth. This methodology integrally enables cloud-based DoS mitigation to
better manage with volumetric-style attacks. Furthermore, these two types of
solution providers have on average put up considerable investments in a wide an assortment of DoS mitigation technologies, given that their businesses
basically rely on it.
Yet, there
are some very noteworthy dissimilarities to be acquainted with, notably in
addition to potential shortcomings. These include the following.
● Although
anti-DoS scrubbing centers provide considerable coverage to all an enterprise’s
traffic, these are always not on because that would be too expensive. They are
instead selectively being used by a customer every time an attack is detected.
This integrally makes them a poor option especially for higher-layer DoS
attacks, which as always do not include strength and so, not as easy to
pinpoint when they happen.
●
Higher-layer DoS attacks do provide significant variability in coverage. To a
certain extent, this is inevitable, because not one external provider will ever
understand the attributes of an application more than you do yourself.
● Even
though CDN’s are an always-on solution, generally they are merely utilized for
just a subsection of an organization’s particularly important, client-facing
sites and applications. But still, there are lots of methods attackers may well
go around or all through the CDN itself - for instance, by means of blasting
away at the controlling IPs or by way of submitting a deluge of requests that
may result in cache misses and that must be served by resource infrastructure.
Conclusion
The ideal
approach, which of course is not surprising is to follow-through an in-depth
defense policy that merges a cloud-based service and a customer-premise service
functioning in a complementary way. In view of the growing commonness of
application-layer attacks, a customer-premise solution – particularly an ADC –
stands to offer the biggest impact on capital investment. It is,
consequently, an immense area for most organizations to start with. Investing
in a DoS scrubbing service competent enough of foiling volumetric networking
attacks almost certainly must not be very far-off behind, especially if you are
a high-level profile target.
Previously a
tactical point of control in a good number of network systems, the latest ADC
represents a third, most often an ideal choice to pursue. Market-leading ADCs -
for example, NetScaler - bring together the affluence of DoS mitigation
competencies that answer for all layers of the computing stack. These even
comprise backings for compute-intensive SSL-based DoS attacks resulting in a
solution that provides more substantial coverage for DoS threat minus any need
to put into operation an additional set of dedicated solution services.
_______________
References:
Citrix | Citrix NetScaler: A Powerful Defense Against Denial
of Service Attacks
US-CERT | Denial of Service Attacks
eSecurity Planet | How to Prevent DoS Attacks
Technopedia | Denial-of-Service Attack (DoS)
As an Amazon Associate, we earn from qualifying
purchases. Should you choose to buy through our links we may possibly
receive a commission.