If you follow much cybersecurity news (or even if you don’t) you’ve probably seen the phrase “denial of service attacks” (DoS).
But, what exactly does it mean? How does it affect your business? How concerned should you be about them?
Well, denial of service (DoS) is technical term that describes a resource that crashed or otherwise became unavailable.
For example, if you maintained an online retail business, and suffered a DoS, legitimate customers would have difficulty accessing your site until the issue was resolved.
While DoS can occur unintentionally, DoS attacks intentionally create circumstances to crash your resources.
To prevent attacks, you’ll need to understand the types and causes of DoS, as well as the tools and services available to mitigate them.
Let’s break it all down.
Types of DoS Attacks
The ‘denial’ in DoS occurs when a server, router, application, or other resource becomes overloaded with requests. Once overloaded, it becomes ‘laggy’, slow, or completely unable to respond to legitimate requests for a service.
These events can occur accidentally with improper implementation or design of your IT network, or if the resource deployed couldn’t adequately handle the need (request volume, bandwidth, etc.)
That said, more denial of service events happen through malicious attacks than accidents.
A denial of service event or attack can occur between a small number of devices, such as between a single endpoint and a router. However, it’s much more common to see distributed denial of service attacks (DDoS), which deploy a large number, or distribution, of sources.
Working together, these devices simultaneously send overwhelming amounts of traffic to crash internet-facing resources.
The less common, reflected denial of service attacks, (RDoS) work by first spoofing a device’s IP address. It then initiates communication that floods back from other sites to the spoofed IP.
While the classifications indicate scale and origin of attacks, they all work in similar fashion: by overwhelming resources with more traffic than they’re capable of handling.
How DoS, DDoS, and RDoS Attacks Work
All denial of service attacks rely upon resource overload.
For example, budget limitations force IT teams to design network capacity based upon typical expectations for bandwidth, number of users, traffic levels, etc. That’s perfectly normal.
Let’s say you expected traffic of 10,000 users per month. You wouldn’t want to spend the money on equipment to handle 1 million per month, would you?
Though some overflow capacity might be built in more robust systems, DoS attacks seek to intentionally exceed even overflow limits, such as bandwidth.
During an attack, legitimate users usually experience notably slower, or completely non-responsive resources.
For example, the 2016 DDoS request-overload attack on the Dyn-managed domain name service (DNS) caused that DNS service to fail to respond. This effectively shut down major sites such as PayPal, Spotify, Twitter, Yelp, and many others.
More sophisticated DoS attacks seek to exploit vulnerabilities or weaknesses in protocols.
For example, the transmission control protocol (TCP) requires three steps for communication:
- The initiating computer sends a synchronization (SYN) request to a resource
- The resource replies with a synchronization acknowledgement (SYN-ACK)
- The initiating computer replies to the resource with an acknowledgement (ACK) of its own
Many attacks abuse the TCP protocol in various ways, such as:
- Flooding the resource with spoofed ACK traffic (ACK Flood)
- Sending fragmented information packets (Teardrop)
- Failure to send ACK responses, in order to consume bandwidth (SYN Flood)
Each available protocol and open port provides an opportunity for a DoS attack.
How to stop Denial of Service Attacks
So, here’s the bad news: DoS attacks cannot be fully prevented. However, the effects can certainly be minimized, by using the fundamentals of IT and security:
- Design – Whenever possible, build in overflow into the design beyond expected capacity. This extra capacity buys time for teams to respond to an attack.
- Update – Patch and update known vulnerabilities.
- Harden – Eliminate unneeded protocols, and close unused ports to limit your attack surface.
- Enhance – Enable anti-DoS options or obtain add-on tools and resources to mitigate or monitor for denial of service attacks.
- Practice – Create a DoS playbook and practice drills, so your team remains prepared.
- Monitor – Check incoming and outgoing traffic from the resource, and look for anomalous behavior that might indicate an attack.
Keep in mind that the details for each of these steps will vary according to the resource protected, IT environment in which it is installed, capabilities of your IT team, and the risk the resource presents to your organization.
For example, a guest wi-fi router in a bus station probably isn’t as protected and hardened as an e-commerce application gateway for a high-volume retailer.
Keeping Yourself Protected
Nobody wants to deploy weak, vulnerable infrastructure. However, IT teams often become overwhelmed with deadlines, and frequently don’t have time to go back and check their work for problems.
Yet, waiting until a failure occurs can lead to major losses for your business, even possibly affecting jobs. Don’t wait until your business suffers an attack. Make sure your organization maintains the right preparations.
If you believe you could use a hand keeping your business protected from denial of service attacks, or any other cybersecurity concerns, simply reach out for a little assistance.
Blue Bastion, along with our partner division Ideal Integrations, can help.
Simply contact us at 412-349-6680, or fill out the form below, and let our team of experts help bolster your defenses against a wide variety of DoS risks.
Our friendly, highly-trained team can provide a no-obligation overview of services, and information on performing vulnerability assessments, hardening of resources, network and resource monitoring, and much more.
And, as always, stay vigilant!