Introduction
Denial of service (DoS) and distributed DoS (DDoS) attack is a means to take control of a computer terminal or network resources to disrupt communications of a computer host with a connection to the Internet. A DDoS is an attack sent by more than two computer hosts or a coopted zombie computers in a botnet and DoS is an attack by one computer host. Either attack will flood an online computer or network with of incoming messages to overwhelm the targeted system thus denying service to the internet or communication with authorized users (US-CERT, 2013).
Often DDoS attacks are employed by a overloading an internet service by using up bandwidth on the application-layer and cause services to cease service by inundation of packet to the data base with application calls (US-CERT, 2013). Also an attack can be accomplished by resource flooding where an attacker(s) consumes a target network or computer resources. CPU, hard disk to degrade the equipment communication to put it in a state unavailable for legitimate users. This means of resource flooding can place into two types, malformed packet attack or a Protocol exploit attack (Keromytis et al., n.d).
Keep in mind a DoS or DDoS attack often has many victims in both the unaware compromised systems and the target network both suffer severely degraded services. It is important to note that network server requires a minimal amount of network bandwidth to function that is often disrupted and denied during DoS or DDoS activity (UMUC, 2013).
History documents the first DoS-style attack was executed by a 15 year boy aka “mafiaboy.” In February 7, 2000, the Canadian youth carried out a series of DoS attacks toward Amazon.com and eBay.com. His attacks brought a great percentage ...
... middle of paper ...
...MUC (2013) Interactive Case Study Module 4.Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing CSEC 640.
US-CERT (2013) Security Tip (ST04-015) Understanding Denial-of-Service Attacks. Retrieved from http://www.us-cert.gov/ncas/tips/ST04-015
Zade A,Patil S & Salunke D (2011) A Novel Technique for Detection and Prevention of Distributed Denial of Service Attack. Advances in Computational Sciences and Technology. ISSN 0973-6107 Volume 4 Number 2 (2011) pp. 221-225. Retrieved from http://www.ripublication.com/acst.htm
Wang X, Chellappan S, Boyer P & Xuan D (2006)On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks. IEEE transactions on Parallel and Distributed systems, vol. 17, no. 7, July 2006. Retrieved from http://www.computer.org.ezproxy.umuc.edu/csdl/trans/td/2006/07/l0619.pdf
The attacks targets the routing information which is being exchanged among nodes. The data in the table is altered and attacker then attracts or repel network traffic, generate false error messages, increase latency or even partition the network. The next node generally depends on the previous node(s) table to create routing paths.
The Aim Higher College’s system administrators and network engineers have described seeing some strange behaviors such as high levels of traffic from many hosts that are causing system outages. The web servers of the college have been shutting down frequently by this traffic, it must be from a hacker group trying to attack the school with malicious software. I will review the network traffic from the college’s intrusion detection system and use an intrusion prevention system to block off these threats from the hackers.
The Hacker Crackdown: Law and Disorder on the Electronic Frontier by Bruce Sterling is a book that focuses on the events that occurred on and led up to the AT&T long-distance telephone switching system crashing on January 15, 1990. Not only was this event rare and unheard of it took place in a time when few people knew what was exactly going on and how to fix the problem. There were a lot of controversies about the events that led up to this event and the events that followed because not only did it happen on Martin Luther King Day, but few knew what the situation truly entailed. There was fear, skepticism, disbelief and worry surrounding the people that were involved and all of the issues that it incorporated. After these events took place the police began to crackdown on the law enforcement on hackers and other computer based law breakers. The story of the Hacker Crackdown is technological, sub cultural, criminal, and legal. There were many raids that took place and it became a symbolic debate between fighting serious computer crime and protecting the civil liberties of those involved.
In 1980, James Anderson’s paper, Computer Security Threat Monitoring and Surveillance, bore the notion of intrusion detection. Through government funding and serious corporate interest allowed for intrusion detection systems(IDS) to develope into their current state. So what exactly is IDS? An IDS is used to detect malicious network traffic and computer usage through attack signatures. The IDS watches for attacks not only from incoming internet traffic but also for attacks that originate in the system. When a potential attack is detected the IDS logs the information and sends an alert to the console. How the alert is detected and handled at is dependent on the type of IDS in place. Through this paper we will discuss the different types of IDS and how they detect and handle the alerts, the difference between a passive and a reactive system and some general IDS intrusion invasion techniques.
2. How vulnerable is your company to a denial of service (DoS) attack or intrusion? What should be done about such vulnerabilities?
The 20 Enemies of the Internet. 1999. Radio Free Europe / Radio Liberty. Feb 20, 2001. <http://www.rferl.org/nca/special/enemies.html>.
Penetration testing has been well popularized by the media. Many companies are now offering penetration services to identify vulnerabilities in systems and the surrounding processes. This report will Discuss “Penetration Testing” as a means of strengthening a corporate network’s security. This report is divided into three parts. Introduction will give you a brief and basic overview of Penetration Testing and why we need Penetration Testing, The second part is the technical breakdown explains The strategy, model and type of Penetration Testing. In the conclusion, we will discuss both the value and limitation of Penetration Testing.
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
The term “cyber terrorism” refers to the use of the Internet as a medium in which an attack can be launched such as hacking into electrical grids, security systems, and vital information networks. Over the past four decades, cyber terrorists have been using the Internet as an advanced communication tool in which to quickly spread and organize their members and resources. For instance, by using the instantaneous spread of information provided by the Internet, several terrorist’s groups have been able to quickly share information, coordinate attacks, spread propaganda, raise funds, and find new recruits for their cause. Instantaneous and unpredictable, the technological advantages these terrorists have obtained from using the Internet includes
Waterman, Shaun. "Obama Hits Pause on U.S. Action in Face of Crippling Cyber Strikes from Syria, Iran." Washington Times 28 Aug. 2013. Print. (Source B)
DOS (Disk Operating System) . (n.d.). In DOS History. Retrieved January 14, 2012, from http://www.fortunecity.com/marina/reach/435/dos.htm
Every day millions in some cases billions of dollars are made by businesses from income brought in by online sale of products and services. As businesses continually develop and expand their client base with online products and services so does the desire by criminals to exploit vulnerabilities in their e-commerce setup. The mass worldwide internet usage growth within the last 20 years has been “an approximate 16 million users in 1995 to an estimated 2,937 million in March of 2014” As the importance of e-commerce increases so does the need to protect the technological infrastructure that will carry out online transactions for each business regardless of its size. I will attempt to highlight and review the history of a few cyber crimes to show the progression of the crimes within the last 30-40 years. I also plan to review how the economy and consumers are impacted by cyber crimes. Finally I will make an effort to contribute with information gathering on how to lower the risk of a cyber attack from and individual user to a large scale business.
Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors. In fact, according to several studies, more than half of all network attacks are waged internally. To determine the best ways to protect against attacks, we should understand the many types of attacks that can be instigated and the damage that these attacks can cause to data. The most common types of attacks include Denial of Service (DoS), password, an...
Taylor, R.W., Caeti, T.J., Loper, D.K., Fritsch, E.J. & Liederbach, J., 2006, Digital Crime and Digital Terrorism, 1st Edition, New York: Pearson Education, Inc.
The internet offers high speed connectivity between countries, which allows criminals to commit cybercrimes from anywhere in the world. Due to the demand for the internet to be fast, networks are designed for maximum speed, rather than to be secure or track users (“Interpol” par. 1). This lack of security enables hacker...