Denial of Service (DoS) attacks are intended to prevent legitimate requests for a service from completing. It sounds so simple, but causes so much chaos. A device sends requests to the target machine at such a fast pace that the target device becomes overwhelmed with the requests and becomes unable to function. Website servers are a favorite target for denial of service attacks. Along with the attack, taking down a website gets the attack visibility. File servers are also very popular victims.
DoS attacks have two big weaknesses. The first is that they can be ended by terminating the connection to the internet. That’s right. Pull the plug in the internet connection and the attack ends. Of course that means everything online will be cut off. The other big weakness is that if an attacking request can be recognized then it can be traced. The attacker can be back traced and potentially identified. That’s a huge gamble to take. And that leads us to distributed denial of service attacks.
DoS attacks have been around since the early days of the internet. In the last twenty years they have evolved into different flavors. Now we have distributed denial of service (DDoS). These use multiple devices to create a widespread attack on the target. When an attack is coming from many different sources, back tracing it becomes incredibly difficult. The effort to back trace the attack often becomes cost prohibitive especially if the attack was executed using address anonymizing techniques.
It would seem like DoS attacks are not as scary to undergo as ransomware or data breaches. No one has stolen or locked down your data. There is still significant damage to an organization’s reputation. Customers have not been able to access the website. This means they may not be able to make purchases, check on their account balance, or make a payment. This leads to much frustration. Stock prices sometimes reflect these events as well. That’s not good even if it’s only occasionally.
Now, how do we protect ourselves against DoS attacks? Firewalls. On Day 54, I discussed firewalls and the many things they can do. One of those things being the ability to prevent traffic from entering the network based on a set of rules. Firewalls can be set so that if a rapid repeat of requests for a particular resource or service are received within a predetermined set of time, the requests can be blocked from the network. This will prevent a DoS attack from occurring.
Comments