AnalysisBy using some specific industry best practices we’ll be able to protect the university network against DDoS attacks, providing:Protection for Web ServersImplementing an automated system to manage patchesProtections against Password Sniffers and keystrokes Protection against Social EngineeringImplementing IDS and Firewall between internal networksImplementing Host-based IDS on all workstationsInstalling Antivirus software and keep them updated on all workstations Improve some security policies to separate regular accounts from administrative accounts
“A best practice is a method or technique that has consistently shown results superior to those achieved with other means.” (Wikipedia, 2013) Here we’ll present some industry best practices in order to protect the university’s network against DoS and DDoS attacks, by implementing a system to manage the patches and security hotfixes, firewalls between internal networks, and antivirus solution. Also, the University has to improve its security information policies and implement a security awareness program to educate both employees and students.The denial-of-service (DoS) is designed to consume resources in order to bring the services unavailable, by bringing them down or at least significantly slowing performance. In the same way, the Distributed Denial of Service (DDoS) has the same goal, but the attacks originated from multiple sources (hosts/networks) simultaneously. (EC-Council, 2010).
Patch Management SystemControl and fix the Operating Systems and Applications vulnerabilitiesSome vulnerabilities such as Elevation of Privilege on a SQL Server, could allow an attacker to inject a script into the user's web browser, and take action on behalf of a real user.Thus, a Patch Management system can help an Administrator to:Monitoring computers that are running without the authorized and published vendor’s patches and service packs;Deploy missing patches on the systems according to the priorities/levels (Critical, Major, Important).Automate patches deploymentCreate auto-tasks to run in a daily basis against the systems and schedule the patches deployment according to the maintenance windows and get all the servers, workstations and network devices such as Firewalls, Routers and Switches updated and fully patched.Avoid administrators using administrator passwords to deploy patches remotely on the networkUse some systems management software such as the Microsoft SCCM, LANDesk and VMware Update Manager to deploy patches remotely. This way you avoid expose unnecessarily admin password and you don’t have to login into local servers and workstationsCreate the deployment tasks to be ran by service accounts instead of Administrators accounts. This way, the admin password will be less exposed
“Many organizations continue to attribute a significant percentage of their corporate “cyber losses” to inside attacks, indicating the need for more robust firewall filtering throughout the enterprise network segments”. (Cisco, 2006)Deploying Internal firewalls and Intrusion Detection systems (IDS):Create a Demilitarized Zone (DMZ) for the University Web serversFilter internal trafficThe packets from all internal networks, including the Computer Labs networks, which should pass through the firewalls in order to reach out the web servers. Implement Network-ingress filtering to try to prevent source address spoofing traffic.Define Rate-limiting network traffic for some protocol such as ICMP.Deploy IDS sensors into the internal networksDeploy host-based IDSDetecting suspicious local activitiesControl binaries execution and files changing Monitoring the local systems according to the known signatures on the Intrusion Detection System.
The Antivirus software is a security tool against Virus, Worms, Malwares, Backdoors, Rootkits, and Trojans. By installing an antivirus software on all university computers, the local computers will be safe from suspicious/unauthorized software running, thus bringing more security for user’s activities such as Internet browsing and sending/receiving emails.Also, in order to monitor and perform engine upgrades and virus signature updates, we’ll deploy a centralized management system for the Antivirus. Therefore the updates will not be laid on the user's responsibility.
The public university should enhance its information security policies, establishing some procedures such as:Encryption usage for network traffics (IPSec/HTTPS/FTPS)Encryption and digital signatures for internal emailsLimit the number of incoming connection for specific systemsMinimize the Remote Access and enforce strong authentication (Smartcard / RSA Token +Active Directory account)Implement peer-to-peer VPNs for AdministratorsEducate Users by implementing an Information Security Awareness Program
Industry Best Practice against DDoS Attacks
Industry best practices toprotect the network against DDoS attacks Public University By Marcelo Silva
INTRODUCTIONThe public university has faced a DDoS attack on its web-based registration system.The network was compromised after some password sniffers have been deployedand one of them has captured an administrator password and then the bots wereinstalled on some internal hosts, located in the university’s Computer labs, where theattacks were originated from.Thus, the internal network has proven be vulnerable, while the university perimeternetwork is well protected behind of some technologies such as firewall, NIDS andACLs.
How could the industry best practices protect theuniversity’s network? 1. Implementing a Patch Management System 2. Deploying Internal firewalls, IDS and creating a DMZ 3. Install an Antivirus solution on all workstations 4. Improving Security Policies 5. Investing in Security Awareness Program A best practice is a method or technique that has consistently shown results superior to those achieved with other means. (Wikipedia, 2013)
Implementing a Patch Management System Control and fix Operating Systems and Applications vulnerabilities: Buffer overflow Remote Code Execution Elevation of Privilege Automate patches deployment Avoid administrator’s password exposure during patches deployment
Deploying Internal firewalls and IDS Create network segmentation Create a Demilitarized network zone (DMZ) for the webservers Filter internal traffic Deploy IDS sensors into the internal networks Deploy host-based IDSMany organizations continue to attribute a significant percentage of their corporate “cyberlosses” to inside attacks, indicating the need for more robust firewall filtering throughoutthe enterprise network segments. (Cisco, 2006)
Install an Antivirus solution on all workstations Deploy an Antivirus software on all computers Protecting file systems, Internet browsing and messaging activities (Virus, Worms, Backdoors, Rootkits, Trojans) Deploy a centralized management system for the Antivirus
Improving Security Policies Limit incoming connections Use encryption for network communication Minimize Remote Access (strong authentication, peer-to-peer VPNs) Use secure protocols Educate Users (Information Security Awareness Program)
References EC Council (2010). Ethical Hacking and Countermeasures, Threats and Defense Mechanisms, Clifton Park, NY: EC-Council Press. Cisco Systems (2006). Deploying Firewalls Throughout Your Organization. Retrieved January, 10, 2013, from http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1 018/prod_white_paper0900aecd8057f042.pdf. Wikipedia (2013). Best Practice. Retrived February, 08, 2013, from http://en.wikipedia.org/wiki/Best_practice