Industry best practices toprotect the network against               DDoS attacks        Public University              By ...
INTRODUCTIONThe public university has faced a DDoS attack on its web-based registration system.The network was compromised...
How could the industry best practices protect theuniversity’s network?    1. Implementing a Patch Management System    2. ...
Implementing a Patch Management System Control and fix Operating Systems and Applications vulnerabilities:     Buffer ov...
Deploying Internal firewalls and IDS Create network segmentation Create a Demilitarized network zone (DMZ) for the webse...
Install an Antivirus solution on all workstations   Deploy an Antivirus software on all computers   Protecting file syst...
Improving Security Policies   Limit incoming connections   Use encryption for network communication   Minimize Remote A...
References EC Council (2010). Ethical Hacking and Countermeasures, Threats and  Defense Mechanisms, Clifton Park, NY: EC-...
Upcoming SlideShare
Loading in …5
×

Industry Best Practice against DDoS Attacks

3,579 views

Published on

Industry best practices to protect the network against DDoS attacks.
A Case Study

  • Be the first to comment

  • Be the first to like this

Industry Best Practice against DDoS Attacks

  1. 1. Industry best practices toprotect the network against DDoS attacks Public University By Marcelo Silva
  2. 2. INTRODUCTIONThe public university has faced a DDoS attack on its web-based registration system.The network was compromised after some password sniffers have been deployedand one of them has captured an administrator password and then the bots wereinstalled on some internal hosts, located in the university’s Computer labs, where theattacks were originated from.Thus, the internal network has proven be vulnerable, while the university perimeternetwork is well protected behind of some technologies such as firewall, NIDS andACLs.
  3. 3. How could the industry best practices protect theuniversity’s network? 1. Implementing a Patch Management System 2. Deploying Internal firewalls, IDS and creating a DMZ 3. Install an Antivirus solution on all workstations 4. Improving Security Policies 5. Investing in Security Awareness Program A best practice is a method or technique that has consistently shown results superior to those achieved with other means. (Wikipedia, 2013)
  4. 4. Implementing a Patch Management System Control and fix Operating Systems and Applications vulnerabilities:  Buffer overflow  Remote Code Execution  Elevation of Privilege Automate patches deployment Avoid administrator’s password exposure during patches deployment
  5. 5. Deploying Internal firewalls and IDS Create network segmentation Create a Demilitarized network zone (DMZ) for the webservers Filter internal traffic Deploy IDS sensors into the internal networks Deploy host-based IDSMany organizations continue to attribute a significant percentage of their corporate “cyberlosses” to inside attacks, indicating the need for more robust firewall filtering throughoutthe enterprise network segments. (Cisco, 2006)
  6. 6. Install an Antivirus solution on all workstations  Deploy an Antivirus software on all computers  Protecting file systems, Internet browsing and messaging activities (Virus, Worms, Backdoors, Rootkits, Trojans)  Deploy a centralized management system for the Antivirus
  7. 7. Improving Security Policies  Limit incoming connections  Use encryption for network communication  Minimize Remote Access (strong authentication, peer-to-peer VPNs)  Use secure protocols  Educate Users (Information Security Awareness Program)
  8. 8. References EC Council (2010). Ethical Hacking and Countermeasures, Threats and Defense Mechanisms, Clifton Park, NY: EC-Council Press. Cisco Systems (2006). Deploying Firewalls Throughout Your Organization. Retrieved January, 10, 2013, from http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1 018/prod_white_paper0900aecd8057f042.pdf. Wikipedia (2013). Best Practice. Retrived February, 08, 2013, from http://en.wikipedia.org/wiki/Best_practice

×