Distributed denial of service attacks (DDOS) and how to prevent them
Distributed Denial of Service Attacks are when a series of devices initiate flows of traffic to or from a location that causes and impediment of the network, server or Internet connectivity for a location. DDOS attacks occur for these reasons a) Political motivation to disrupt a network. b) Covering tracks when during the theft of data. c) intent to in the future ransomware the site. d) very poorly secured networks, may be subject to DDOS by automated viruses and worms, however this is most commonly occurs when updates to software have not occured for a long time.
It is most uncommon that Political Motivation is the purpose. Hackers are almost always interest in money or data they can get from a site that has money. Thus the vast majority (>99.999%) of all DDOS occurs due to b) Covering tracks during theft of data combined with substantial weaknesses on security and c) intent to future ransomware the sites combined with substantial weaknesses on security and d) extremely poor network security when systems have not been updated for years. ACD would guess that 90% of the time it is for reason b), c), however each DDOS is different.
The single largest reasons for network security issues is the lack of ensuring that the software updates have occurred on systems consistently and quickly after their release. Nearly all software has flaws. These flaws are discovered by hackers, and then the vendors, fix these flaws and make software updates available. Whether they are applied by the end user a different question. Certainly over time more and more vendors are having systems automatically update their updates, but if the updates are deferred or not applied or systems that do not have automatic functions to update them, then the user must make sure updates are applied.
The below systems should be secured:
- Conventional Computers, and Servers, Operating Systems on those computers. Windows, Linux,
- Routers, Switches, Firewalls, Wifi Access Points.
- External guest computers and devices. If they have not been updated they should not be allowed on the network.
- Internet of Things devices: Industrial control devices, thermostats, alarm systems, etc.
- Tablets, phones, andriod and Apple IOS devices.
- Anything that is connected to your network. Any device that is not approved to be connected to the network, or known what it does should be removed. It is possible that a hacker placed a device on your network without your knowledge.
Audit reports should be maintained related to the software upgrade schedule of all of these systems, and whether these systems are set for automatic updates, whether these updates can be deferred by the user, and/or whether these updates are occurring on a consistent basis.
Once it is confirmed that the software updates are applied on all of these systems, the next step to take if there is recurrance of the DDOS is to ensure that systems that may have been compromised prior to the software updates are inspected for hacks.
1) If a system has been compromised it should be removed from the network and the operating system should be wiped. It is the only way to ensure that the hack is gone. 2) Anti-Virus, Anti-Malware,
If you are experiencing or have experienced a DDOS attack, the first thing to do is to make sure that all syst
DDOS attacks most often are occuring at the time a) the attacker is also stealing data from the affected site. The purpose of DDOS is mask the theft of data and the destination location that that data is being taken to. By causing a DDOS at the time of the theft of data, the thief is able to overwhelm the security logging capabilities of firewalls and other security devices, thus the pathway of the theft can likely not be ascertained. The ultimate root of all Distributed Denial of Service Attacks is lack of proper security of systems at the site that is being attacked. This can be compounded by underpowered firewalls, gateways and other security devices, however at the root, these devices are not likely at fault for the issues related to DDOS (other than if they have not had software upgrades applied recently). Simply put, these systems can easily get overwhelmed at the even poorly crafted DDOS attacks.
s are initiated from the network source as single points of bottlenecks the lack of performance capacity on these devices only exibit DOS is more apparent sooner, but do not fundamentally fix the problem of internal network security. If the gateways have performance issue, it is usually an early warning sign that internal security flaws are not properly handled. Thus the only way to fix the problem and to make sure that it does not recur is to ensure that all systems on the internal network are fully secured. The vast majority of internal network security flaws are due to lack of software patches and upgrades on the operating systems devices connected to the network including: