Dealing With Denial-of-Service Attacks Sheldon Armstrong January 7, 2014 Tech In a denial-of-service attack, or DoS, an intruder tries to prevent you from using the Internet to access information or services by overwhelming your network, website, or accounts with information. Because a server can only handle a finite number of requests simultaneously, if an attacker floods the server with requests, it effectively shuts the site down. The same principle works with email when an attacker floods your account with spam. In a distributed denial-of-service attack, or DDoS, an intruder takes over a computer or computers remotely to launch a denial-of-service attack on another network or website. The attack is considered distributed because many computers are used to attack one target. In a DDoS attack, the owners of co-opted computers are usually unaware that the security of their computer has been compromised, though they may experience degradation of service. Identifying a Denial-of-Service Attack Because disruptions of service happen from time to time on the Internet anyway, it is difficult to pinpoint or identify the onslaught of a DoS attack. However, you may be experiencing a DoS or DDoS attack if it is unusually difficult for you to open files or access websites, if a particular website you are searching for is continuously unavailable, if you cannot access any websites, or if you are receiving an overwhelming abundance of spam. Preventing a Denial-of-Service Attack Unfortunately, it is impossible to avoid becoming the victim of a DoS attack without blocking legitimate traffic from your site as well. However, you can ensure your computer or network is not compromised and used to attack other networks by installing anti-virus software and keeping it up to date, by installing a firewall and configuring it to control traffic coming into and leaving your site, and by using spam filters for your email and following standard email security procedures. Dealing with a Denial-of-Service Attack If you realize you are under DoS or DDoS attack, contact your Internet service provider or network administrators for technical assistance. You will probably be unable to determine the source of the attack. Your best security is to be prepared with backup or alternatives in the event a DoS attack takes place. Backup Plans Before it happens, imagine a scenario in which you undergo DoS attack and come up with a realistic plan of how to react. One option is to have a secondary network that is a mirror of the main network but with a different IP address. Understand that there is always the possibility of an attack, and have alternate methods of communication available, such as wireless and land phones. Low-bandwidth alternatives like email and text messaging will keep you from becoming completely cut off. Have a confidential emergency message board to which urgent contacts can go if you get cut off from regular communications channels. Sinkholing sends traffic to an IP address that analyzes and rejects bad traffic, but this is insufficient during a major attack. As a temporary last resort, blackholing involves sending all traffic going to the attacked site to a null route or a non-existent server. Denial-of-service attacks have mainly been made against high-profile targets such as government sites, banks, retailers, and gaming networks. However, anyone is potentially vulnerable, and so becoming aware of what is involved in such an attack is the first step in instituting security procedures and backup precautions. This article was contributed by Sheldon Armstrong, a regular contributor here at The Tech Scoop. He writes this on behalf of CyberSecurityU, your number one choice when looking for positions available in cyber security. Check out their website today and see how they can help you get started with your career.