preview

Incident Handling Process of a DDoS Attack

argumentative Essay
1630 words
1630 words
bookmark

Though the phrase “hacker” has been popularized over the last twenty years largely due to corporate data breaches and pop-culture references, most people outside the security community are unaware that the term does not accurately describe all types of cyber adversaries. There are different classes of hackers, most often differentiated by skill level and motivations for placing attacks. A more correct label for identifying Internet activists performing malicious actions such as those associated with the WikiLeaks movement is “hacktivists”. Hacktivists are hackers specifically motivated to attack technological systems or organizations as a result of differing viewpoints on social or political issues (US Army, 2005, p. 37). Though most hacktivist driven cyber-attacks take form through digital vandalism or simple webpage defacement, more extreme incidents have involved large-scale distributed denial of service (DDoS) attacks knocking target organizations offline for extended periods of time. One of the most popular and well-developed hacktivist organizations is called “Anonymous”. Anonymous was recently popularized in the mainstream media after it placed several DDoS attacks on Egyptian government resources after the nation’s leaders blocked Twitter access to pro-democracy protestors back in January (Wagenseil, 2011). The hacktivists of Anonymous also defended Wikileaks by attacking organizations such as MasterCard and PayPal after the financial institutions prohibited monetary contributions from the public to the revolutionary wiki site. (Mills, 2011). More recently, Anonymous has set its sights on the Iranian government through “Operation Iran”. The effort is currently targeting critical Iranian resources with DDoS ... ... middle of paper ... ...tacks against WikiLeaks foes. PC Magazine. Retrieved May 2, 2011, from http://www.pcmag.com/article2/0,2817,2374023,00.asp Mills, E. (2011, April 29). Anonymous to target Iran with DoS. CNET News. Retrieved May 2, 2011, from news.cnet.com/8301-27080_3-20058700-245.html Pfleeger, C., & Pfleeger, S. (2006). Security in computing. Upper Saddle River, NJ: Pearson Education, Inc. US Army Training and Doctrine Command. (2005, August 15). Cyber Operations and Cyber Terrorism, Handbook No. 1.02. DCSINT Handbook. Fort Leavenworth, Kansas Vacca, J. R. (2009). Computer and information security handbook. Burlington, MA: Morgan Wagenseil, P. (2011, January 26). Anonymous ‘hacktivists’ attack Egyptian websites - Technology & science - Security - msnbc.com. MSNBC. Retrieved May 2, 2011, from http://www.msnbc.msn.com/id/41280813/ns/technology_and_science-security/

In this essay, the author

  • Explains that the term "hacker" is popularized due to corporate data breaches and pop-culture references, but most people outside the security community are unaware that it does not accurately describe all types of cyber adversaries.
  • Explains hacktivists are hackers specifically motivated to attack technological systems or organizations as a result of differing viewpoints on social or political issues.
  • Explains that anonymous was popularized in the mainstream media after it placed several ddos attacks on egyptian government resources after the nation’s leaders blocked twitter access to pro-democracy protestors back in january.
  • Compares hacktivists to traditional hackers in that both use similar toolkits and attack mechanisms to subvert their opponents’ technological systems. traditional hackers are often motivated by earning fame or money for placing successful attacks on highly visible organizations.
  • Explains that mastercard and paypal were both targeted by the hacktivist organization anonymous during "operation payback". both organizations' websites were targeted with ddos attacks due to preventing wikileaks from receiving donations or making credit card charges.
  • Explains that intrusion detection systems are devices that detect rogue, malicious, or suspicious behavior on a network or system, and notify system administrators to take preventative action.
  • Explains that intrusion detection systems follow one of two scanning mechanisms: signature based or anomaly-based, similar to how anti-virus applications scan a computer for malware or network traffic for known attack patterns.
  • Explains that firewalls are physical network devices or software applications that can filter traffic between systems or networks. they are effective at blocking specific types of traffic from reaching a network.
  • Explains load balancers monitor incoming traffic to an organization's resources, and can redirect volume to other systems within a cluster if certain assets are being utilized too heavily.
  • Explains the use of proxy servers and network address translation to hide internal network components to outsiders, making it more difficult for hackers to plan attacks.
  • Argues that non-technical solutions aimed at preventing network attacks start with a strong security policy, coupled with internal programs promoting employee security awareness. corporate policies should be comprehensive in identifying acceptable uses of technology, password management, anti-virus and antimalware scans, default system configuration, auditing, data back-up policies, and effective incident handling procedures.
  • Explains that a strong incident handling procedure is paramount to limiting the adverse reactions of an attack. it includes preparation, identification, containment, eradication, recovery and lessons learned.
  • Explains that the first phase of incident handling is "preparation", where administrators prepare critical documentation and procedures in the event of a security incident.
  • Explains the second phase of the incident handling process, which focuses on administrators identifying that a security incident has occurred after significant events have been gathered and analyzed.
  • Opines that administrators should contain a ddos attack on corporate web servers by temporarily reducing the maximum number of connection requests to prevent the network from completely failing, and allowing for forensic analysis to identify the attacker.
  • Advises administrators to eradicate any sign of the attack from internal systems. in the case of an attack on a corporate website, administrators may reconfigure firewalls to prevent specific types of malicious traffic.
  • Explains that the recovery phase focuses on restoring network resources to a “normal” state, similar to that which existed prior to the attack.
  • Explains the "lessons learned" phase of the incident handling process, where administrators document vulnerabilities with current systems or processes, and develop solutions to better secure assets moving forward.
  • Explains that 'anonymous' launches ddos attacks against wikileaks foes. pc magazine.
  • Cites pfleeger, c., et al. (2006). security in computing.
Get Access