Matt Miller Education, Vulnerability Walkthrough Denial of Service, vulnerability

What is a Denial of Service Attack?

In today’s blog, we are going to explore a common category of attacks: denial of service attacks. You are likely familiar with the term, as it has been used commonly in the news. But what exactly is a denial of service attack, and more importantly, what are some steps you can take to prevent it from negatively affecting your organization. We will cover what a denial of service attack is, what are some common variants and examples, and steps you can take to protect yourself.

Denial of Service Attack

Generally, in information security, attacks are geared to undermine either the confidentiality, integrity, or availability of a system. Denial of service attacks are designed to attack the availability aspect. This can be anything from your website, your employees’ ability to log in to their computers, or a critical finance application right before payroll. In general, a denial of service attack is designed to block access to system resources, such that when a legitimate user needs that resource, it is not available.

A denial of service attack can be local to a system, on your organization’s internal network, or originate from a completely external source. An example of a local denial of service attack is the infamous fork bomb. A fork bomb continually spawns processes in a loop until all of the resources on a system are consumed and it crashes. On an internal corporate network, an attacker can run a script that intentionally guesses the wrong password for every user account multiple times, until all of your employees are locked out of their account. Finally, the most well-known denial of service attacks are external. The most common example of this would be if an attacker had a large network of systems he controls (called a bot net). Then the attacker would program that bot net so that all machines in it would request a website at the same time. This is known as a distributed denial of service attack. If the attacker has enough machines under their control, and especially if protections are not in place, this can overwhelm a website and legitimate users will not be able to get to the website. This can lead to lost revenue, unavailability of a critical service (like a government website), or a loss of reputation for the victim. This has affected major companies and websites such as Amazon, CNN, and eBay.

Steps to Protect Yourself

As there are hundreds of different types of denial of service attacks, and the techniques vary from one to another, the way you protect yourself will depend entirely on what type of attack you are trying to prevent or mitigate. In general, for all types of denial of service attacks, you want to make sure you are alerted as soon as possible to the ongoing attack so that you can take action and be sure you have a documented and rehearsed incident response plan to guide your actions in the event of an attack. In general, to protect against a local denial of service attack, basic security concepts such as hardening systems and locking down permissions to the least privilege necessary is your best bet. An internal penetration test is one of the most effective ways to test the mitigating controls you have in place. For external attacks, there are steps you can take as well, such as having load balancers in place to push external traffic to multiple servers. Additionally, consider working with your internet service provider to determine what help they can provide. Finally, ensure you have redundancy built into all of your critical services.