Re: Diff ways to prevent DoS and DDoS

[Don Thomas <don.thomasjacob () gmail com>]

> From my experience, mitigating  DoS (or DDoS) attack at the network
level involves IPS/ IDS systems, traffic analysis and resource
regulation,

1st you need to think beyond your network firewalls and ACL on the
router. Firewalls and ACL can never stop DoS attacks as they can stop
only information you have asked it to stop. What you need is an IDS or
IPS system, but again one which is simply not based on malware
signature alone based pattern matching and behavior anomaly detection.
Such systems may be more expensive than regular signature based IPS,
but is a sure solution in protection against DoS attacks.

Next will be traffic and application behavior profiling and analysis.
Profiling or baselining helps you understand what is normal in your
network. How much bandwidth a link / application / IP network / port
is expected to use at the most, what applications are normally used,
etc. Once you have profiled the network behavior keep a track of the
bandwidth and do some in-depth traffic analysis (packet analysis or
NetFlow is the technology for this) on the WAN routers as well as core
switches. This will help detect when something out of the ordinary
happens - like excess traffic on TCP ports from a certain IP, TCP
scans, traffic from invalid IP Addresses, etc, any of which can be a
possible DoS attack. This way you are ready to detect anomalies,
attacks, malwares, etc that come beyond your firewalls and IPS.

You could also add a flow based anomaly detection tool (like one from
Lancope or ManageEngine) (NOTE: I work for ManageEngine) which can use
NetFlow packets and do network behavior anomaly detection inlcuding
malwares, scans and DoS attacks.

Another step is resource regulation. Using resource control or
regulation, you can ensure your resource is not used up. CAPTCHA is a
step in resource regulation - it ensures non-human systems do not use
up resources. But CAPTCHA helps mainly to minimize automatic posts to
forums or blogs. Consider using QoS (Quality of Service) which can
help police traffic usage by an application and limit or drop excess
bandwidth usage. Cisco's core switches like CAT 6500 can do flow level
policing to ensure resource regulation at IP conversation level.

These steps should help to a large extend in preventing or mitigating
DoS attacks.

-
Don Thomas Jacob


On Tue, Apr 3, 2012 at 11:00 AM, sneha.anand.26 () gmail com
<sneha.anand.26 () gmail com> wrote:
> What are the different ways to prevent DoS and DDoS other than checking
> the frequency or having a CAPTCHA??
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------