Security Basics mailing list archives
Re: Diff ways to prevent DoS and DDoS
From: Don Thomas <don.thomasjacob () gmail com>
Date: Fri, 20 Apr 2012 16:14:21 +0530
From my experience, mitigating DoS (or DDoS) attack at the network
level involves IPS/ IDS systems, traffic analysis and resource regulation, 1st you need to think beyond your network firewalls and ACL on the router. Firewalls and ACL can never stop DoS attacks as they can stop only information you have asked it to stop. What you need is an IDS or IPS system, but again one which is simply not based on malware signature alone based pattern matching and behavior anomaly detection. Such systems may be more expensive than regular signature based IPS, but is a sure solution in protection against DoS attacks. Next will be traffic and application behavior profiling and analysis. Profiling or baselining helps you understand what is normal in your network. How much bandwidth a link / application / IP network / port is expected to use at the most, what applications are normally used, etc. Once you have profiled the network behavior keep a track of the bandwidth and do some in-depth traffic analysis (packet analysis or NetFlow is the technology for this) on the WAN routers as well as core switches. This will help detect when something out of the ordinary happens - like excess traffic on TCP ports from a certain IP, TCP scans, traffic from invalid IP Addresses, etc, any of which can be a possible DoS attack. This way you are ready to detect anomalies, attacks, malwares, etc that come beyond your firewalls and IPS. You could also add a flow based anomaly detection tool (like one from Lancope or ManageEngine) (NOTE: I work for ManageEngine) which can use NetFlow packets and do network behavior anomaly detection inlcuding malwares, scans and DoS attacks. Another step is resource regulation. Using resource control or regulation, you can ensure your resource is not used up. CAPTCHA is a step in resource regulation - it ensures non-human systems do not use up resources. But CAPTCHA helps mainly to minimize automatic posts to forums or blogs. Consider using QoS (Quality of Service) which can help police traffic usage by an application and limit or drop excess bandwidth usage. Cisco's core switches like CAT 6500 can do flow level policing to ensure resource regulation at IP conversation level. These steps should help to a large extend in preventing or mitigating DoS attacks. - Don Thomas Jacob On Tue, Apr 3, 2012 at 11:00 AM, sneha.anand.26 () gmail com <sneha.anand.26 () gmail com> wrote:
What are the different ways to prevent DoS and DDoS other than checking the frequency or having a CAPTCHA?? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Diff ways to prevent DoS and DDoS sneha.anand.26 () gmail com (Apr 03)
- Re: Diff ways to prevent DoS and DDoS Thugzclub (Apr 03)
- Re: Diff ways to prevent DoS and DDoS Littlefield, Tyler (Apr 03)
- RE: Diff ways to prevent DoS and DDoS David Gillett (Apr 03)
- Re: Diff ways to prevent DoS and DDoS Littlefield, Tyler (Apr 03)
- Re: Diff ways to prevent DoS and DDoS Todd Haverkos (Apr 03)
- Re: Diff ways to prevent DoS and DDoS Don Thomas (Apr 24)
- RE: Diff ways to prevent DoS and DDoS David Gillett (Apr 24)
- Re: Diff ways to prevent DoS and DDoS _ (Apr 26)
- Re: Diff ways to prevent DoS and DDoS Don Thomas (Apr 26)
- RE: Diff ways to prevent DoS and DDoS David Gillett (Apr 24)
- Re: Diff ways to prevent DoS and DDoS Thugzclub (Apr 03)