Small-to-medium sized businesses (SMB) are increasingly taking measures against network threats, like Denial of Service (DoS) attacks, which interrupt services and obstruct communications between intended users. DoS and Distributed DoS attacks can lead to network failure, and all organizations can be a target for this type of attacks: in 2011, for example, Microsoft’s ASP.NET server was affected and overwhelmed with server requests.
This incident shows how even the most knowledgeable organizations are at risk of a denial of service.
Even though Microsoft has released a workaround for their DoS Zero-Day Bug for the ASP.NET, the attack proved that such incidents are not at all a remote possibility and organizations should implement countermeasures to defend themselves. This type of threat is able to degrade significantly a server’s performance; a Web server can be overwhelmed and the system affected by interruptions, temporarily or indefinitely.
Obviously the main step towards the prevention of DoS attacks is designing a secure network; both the communications equipment and the systems data are prone to vulnerabilities.
The first line of defense is as simple as making sure the software runs updates regularly. Installing security patches as they are released helps prevent the exploitation of known vulnerabilities. The next important thing to do is once again very simple: ensure firewalls and anti-viruses are properly running, configured, and updated. Routers and firewalls should be configured to limit access to the Internet to chosen ports and software that actually monitor traffic should be installed.
One of the possible solutions for SMBs is the use of one of Microsoft server products that provide some security against network attacks.
Using Microsoft Windows IPSec, for example, is a possible good option. This used to be software provided by Microsoft as a standalone but is now an addition to the normal Windows Firewall. IPSec (Internet Protocol Security) protects communications over IP and uses cryptographic security services. It can be configured to ensure the protection of data when transmitted over the network, their integrity, authentication and confidentiality.
It is important for SMBs to try to block such attacks before they reach servers, but it also essential to plan to limit the attacks effects and prepare themselves in case of a denial of service situation: this can be achieved with a thought-out contingency plan.
In fact, other than to ensure network availability, it is important to safeguard enterprise information stored on servers. Protection of the information is ensured by performing periodic backups and through the use of remote storage. Having multiple storage options (even located at a different site) is one of the best solutions to limit damages when an attack (any attack, not just Denial of Service ones) is carried forward against enterprise data.
It is also important to protect the storage media from unauthorized personnel too. One must consider controlling access and the information within a system. To do this, enterprises need security protection mechanisms and access controls within specific layers and privileges.
Other than designing a secure network, businesses must take particular interest and concern to keeping themselves operational when hit by either a DoS or DDoS attack; enterprise must have in place or have developed a business continuity plan (BCP), which can help mitigate the disastrous effects of an attack. A BCP is used to improve an organization’s responsiveness and logical decisions during a crisis. The BCP will provide a quick, calm, and efficient response to such attacks, and is often used to reduce or prevent downtime.
In addition to the BCP, a disaster recovery plan (DRP) is also great to go through recovery procedures in case of such DDoS threats. The DRP process is often used to recover and resume normal operations quickly.
Again, one of the best practices is having a reliable backup and recovery solution. It’s the only form of insurance to ensure the availability and integrity of data is not permanently lost. Through backups, companies can restore system files when they fail, are damaged, corrupted, destroyed, or attacked.
As the number of DDoS attacks each year rises, one cannot stress enough the importance of performing backups, having a BCP and/or DCP, and using technical and protection mechanisms to control data and business network security.
From a security standpoint, these best practices do provide the necessary safeguards against DoS effects so that they are eliminated or at least mitigated.