We cannot defend against all the attacks at the same. But we can prevent some of them and minimize the damage, only if we take necessary precautions. As we focus on cloud industry in these days, Brute Force and DDoS are the worst Nightmares of every Server Admin. But from those two, anonymous ddos attack is the most dangerous one. With the past 5 or 6 years, even a kid can launch DDoS attack to any IoT.
What is DOS or DDoS?
In the early 80’s DOS was Disk Operating System from Microsoft. But in the past 20 years, we refer it to Denial of Service which refers to an attack that reduces, restrict or denies access by consuming the entire resource which is dedicated to the website or web server. When a DOS is performed, if the sources are distributed, it’s called a Distributed Denial of Service or DDoS. DDoS is the most familiar name we know than DOS.
Preventing DDoS Attacks
How are we going to prevent a DDoS attack? The answer is Plan Ahead…..! The moment a server experiences a DDoS attack, it will be too late. There is not so much do other than enjoying its beauty.
Depending on the scale and scope of DDoS source, there are many steps to be considered to prevent DDOS.
First things First,
1.Bandwidth
When you step into a cloud, buy more bandwidth. It will cost you money. But you will be safe on the internet.
2.Filtering Requests using Reputation
Everything is smart these days. A phone is smart, TV is smart, Why not our server firewall? Why we are using inbuilt firewalls when UTM appliances are available? If you want to be safe, then you need to spend money on it.
UTM appliances or Unified Threat Management appliance is a hardware or software based firewall which is much more powerful than our inbuilt standard firewalls
The UTM Firewall has the ability to inspect and control in the multiple layers of the protocol stack. The UTM system can sense the number of requests and the amount of traffic coming from the individual IP Address and it will limit or block the connections from the particular IP Address and will keep you safe.
3.TCP Intercept
If there is a SYN Flood attack, the firewall can check whether the handshake valid or not. The firewall can take initial SYN request, send SYN ACK requests and if there is a final Acknowledgement, then the firewall can set up a valid session with the server. The malicious SYN flood attack will never make past the firewall
4.Load balancers or Application Delivery Controllers (LB or ADC)
If we are using Load balancers, we can implement cache engines. So that the requested contents is cached by a content delivery system in the Load Balancers, there is no need to go to the server. It will reduce the resource usage of the actual Web Server
5.Sandboxing
Consider a web server is providing many functions like login function or a search function etc. What if we separate those functions to different areas even to different systems? Even if an attacker compromises the login function, it will not affect other functions.
The traffic to the web server can be granted by a challenge like a captcha not only to the users but also to check the authenticity of the browsers
6.Third party DDOS protection Services
You can hire third-party DDoS protection services to protect your website or server from being DDoSed
Eg : Cloudflare
7.Disable ICMP packets (This won’t help much. Because there is no server which will not respond to an arp request)
What is Brute Force?
This attack has the same characteristics of the meaning of the word “brute”. The phrase “Brute Force” has many definitions. When it comes to cryptography, it is the process of trying many passwords or passphrases until the correct one is found to bypass the authentication
There is a quote by Robert Louis Stevenson “Nothing Made by Brute Force Lasts”
Let me tell you, even if he didn’t meant it for the IT world, he is right… Unlike DDOS, recovery from the Brute force is not much of a work. We can easily reset the password if we can find out the password is changed or account is compromised.
Preventing Brute Force Attacks
There are various aspects to be considered while securing a server or website
If you are securing a website you can set delay between failed login attempts.
Control the maximum failed login attempts in the account lockout policy of the server
On the public interface (WAN Interface) of the server, do not enable any service other than TCP/IPv4/IPv6
Do not open unwanted ports to the outside world. Open only necessary ports like 21 for FTP, 80 and 443 for World Wide Web Users
Enable windows authentication only if the service need them
Always keep a password policy at least with the below conditions
At least 8 characters long
Must contain alpha-numeric characters
Must contain symbols
If you are ready to use third party applications, then you may use some HIPS (Host-based Intrusion Prevention System) like RDP Guard
Filter the access to the server only from a particular IP which is whitelisted in the server
Wrapping UP
DDoS and Bruteforce are not easy to prevent, with better security practices and employing secure software solutions, one can mitigate the same.
If you need some high spec security, be ready to spend a lot of money. There is a limit for us to secure everything.
When we look at the diagram, it is clear that as security increases, functionality and usability decreases. So, It is better to keep an optimum level of all three factors.
Posts
