Dos arrest

Neglecting protection against DDoS attacks and botnet attacks can be bitterly avenged. If your own website or webshop suddenly becomes unreachable or servers and firewalls collapse due to congestion, companies may have become victims of such a DDoS (Distributed Denial of Service) attack. The likelihood of becoming a victim of a large-scale DDoS attack is increasing due to the ever-increasing networking and digitization of society, the economy, and commerce. What can be done to prevent it from happening? First of all, there is no 100% protection against DDoS attacks. Critical and professional DDoS attacks cannot be completely defended with extreme perfection, but the consequences of DDoS with emergency and pension plans can be mitigated very well. Deterring DDoS attacks: that's how it works! In order to prevent DDoS attacks or their effect almost go nowhere, companies should pay particular attention to the "human factor" in the context of perfidious methods of social engineering, the scaling of the server structure, server capacity and access restrictions to the website, Here are eight DDoS protection tips: • Analysis of the backup requirement: not every company is equally susceptible to DDoS attacks. Particularly important are detailed DDoS strategies, security tests and tools for companies whose core business is in the Internet sector and e-commerce - online shops and digital publishers depend on their Internet offer being accessible 24/7 without disruption. Businesses should clearly understand which structures, systems, and business processes are vulnerable to DDoS. What would happen if certain processes failed? DDoS attacks result in downtime averaging half a day to a full day. How high would the economic damage and/or the loss of image? Which budgets are available on the other side for protective measures? Our planned investments in DDoS protection in a healthy relationship to possible damage? • IT team and employees "fit for DDos" make: Protection against DDoS attack waves is a top decision-making issue, especially for companies with Internet business models. DDoS should be a management task and be top-down in the company. After all, if servers fail for longer, customer relationships can be permanently adversely affected and enormous economic damage can occur. All IT staff, and especially the IT administrators, should be up to date on the latest DDoS issues and training. The DDoS defense strategy should also include other business units, such as online or shop employees who work close to traffic. • External security experts consult: Large, well-known brands, as well as larger medium-sized companies with complex websites and shop systems, can generally not refrain from using professional security firms. Such companies know typical DDoS patterns and attack strategies, simulate attacks, take a strong look at servers and the internal network, and offer internal network and/or external cloud solutions (see below) for 24/7 live protection. • "Anti-Bot": make the server "weatherproof": High capacities that can cushion loads and diversified server landscapes provide a first, but not sufficient, protection against DDoS attacks. This prevents companies from becoming part of gigantic bot networks themselves. The capacity, in terms of computing power and bandwidth, should be oversized and withstand stronger demand. • Establishment of access protection signs on the website: Another, accompanying strategy. Temporary login barriers such as captchas, which precede the easily accessible content for the visitor, make it difficult for botnets to work. • Internal filtering of traffic in the company: The most important building block in the DDoS security strategy should be filtering systems that detect the DDoS traffic, fish out and forward only verified and clean data. Such filter systems can be installed directly behind the vendor's web access point; do not require redirection, network interventions and work like virus scanners. With small-volume attacks such filters are very clear, in mass attacks; however, such filters often reach their limits. The cause: The upstream systems are so busy that the DDoS traffic no longer reaches the filter protection. • External filtering: protection through scalable and dynamic cloud solutions: While cloud business solutions bring their own and new risks to sensitive corporate data, they can effectively protect against DDoS. The more Internet traffic is routed directly away from the corporate infrastructure, the higher the protection. The cloud filters the incoming traffic and redirects the "clean traffic" back to the company. High-performance cloud solutions are also able to temporarily block entire IP blocks from the "attacking foreign country". If you want to be sure, invest in a solution that combines both variants. • Completing cyber insurance: For larger ISPs in particular, cyber insurance makes sense to prevent DDoS damage. In England and across the pond you are already there: the demand for "digital security policies" is increasing. More than a dozen insurance companies in Germany offer cyber policies for medium-sized businesses and larger companies. All insurance covers claims for damages caused by DDoS attacks, the complete breakdown of communication systems and hacker attacks. By combining the different components, companies can best build a corporate firewall to protect against DDoS attacks and prevent DDoS consequential damage.

Denial of service attacks is a type of computer attack through which the ability of servers or computing resources to offer service is reduced or nullified. There are different scenarios in which it is applied, such as, for example, the saturation of online services through the mass sending of requests or the exploitation of vulnerabilities in programs or services that cease to function totally or partially. In most of these attacks, attackers use a variety of techniques and tools with which to hide their identity, which is a big problem to capture those responsible. Almost in most cases this type of attack is a big problem for those who receive it because it is not only that your potential customers cannot access your services, but your employees may also be unable to access resources or to the management of the service to act in it and try to prevent or mitigate the incident. To avoid all these dangers and a possible loss of reputation on the part of your customers to your company in addition to the possible economic losses, it is necessary to prepare for any situation like this and take the necessary measures to prevent being a victim of these attacks. In some cases, the attack is carried out through the use of multiple source computers, that is, the requests that are made to your services are from a large number of different computers, even geographically separated. This type is called distributed denial of service (DDoS) attack, and botnets are usually used to do it. Previous publications explained the basic types of DoS attacks and the classification that can be given to each attack depending on the layer of the OSI model that it affects, such as the application layer, or the infrastructure layer, which covers the transport and network layer of the OSI model. Undoubtedly, denial of service attacks may seem infallible because they take advantage of endless vulnerabilities within Internet protocols or even put us in a situation that may seem helpless if we are suffering from them, but by taking some measures prevention and control we can alleviate these circumstances and be prepared to emerge unscathed from many incidents of this type of attack. When implementing measures to avoid these attacks we must take into account the different vectors that can be used to carry it out. Protective measures of our network The first vector in which we can implement security layers is the network infrastructure since it is the entry route to the offered services. Some of the measures to take into account is, for example, in the case of having online services within a corporate network, the installation of a router between this network and the service provider (ISP), because we can easily configure layers of security such as an access control list (ACL), which controls access to our network based on the IP's of the applicants, and/or a firewall. In many occasions, this router is provided by the ISP, but it is not always the case, or it does not always allow us to configure these security measures, On the other hand, in the case that online services are hosted on external servers hosting, VPS or dedicated servers, the protection measures offered by the router and discussed in the previous paragraph should be implemented virtually, ie in an of server services, or through the provider's configuration panels. It is also necessary to assess and consular the DDOS protection measures that the provider already applies by default in its entire network. It is also advisable to have a considerable amount of bandwidth both from our system and from our service provider, in this way we can avoid DoS attacks of the ICMP Flood type, among others. In the case of not being able to have a greater bandwidth to implement a content delivery network, or CDN can be a quite effective solution in case you offer services to geographically distant areas and have a high volume of requests. A CDN is a network with geographically remote servers which are exact copies between them, in this way we would offer faster responses to web requests, increased cache capacity of our network as well as decongesting our service by increasing bandwidth total. Another of the measures we can implement is the installation of a reverse proxy which points to several servers in our network that have exact copies of the services we want to offer. In this way, we will be able to balance the number of requests that a server receives among others with the same functionalities and thus not saturate the service. In addition, this configuration offers other advantages, since for example our web would be tolerant to failures, or would have a cache, making our service faster. We can also execute the different services that we offer from our network in different machines, for example separating the mail server from the web server, executing the latter in a "demilitarized zone" (DMZ) of our network. Protective measures in our infrastructure Another of the fronts that we must protect is our server infrastructure as well as the devices that make up our networks, such as routers or switches. In the case of these devices, it is necessary to check the status of the software from time to time, that is, if they do not update automatically, check the version of our devices and if it is obsolete, obtain the latest version which will solve any problem. Security problem or vulnerability that has been discovered. Some of the denials of service attacks are carried out by exploiting the security flaws that the devices may have, so it is important to perform inspections for new updates on the manufacturer's official website. Disable all ports that are not necessary on our servers if the purpose of this is only to host a web service. In this case, the ports that must be open are 80 / TCP or 8080 / TCP for HTTP requests, or 443 / TCP for HTTPS requests. In the case of wanting to host a DNS service, we can have port 53 / TCP and/or 53 / UDP open. It is also advisable to delete all services that are not used, and thus avoid possible exploitation of it. When configuring a server to host our website, it is necessary to provide it with different security measures such as a firewall. In the case of web servers, in addition to firewalls, it is advisable to install a WAF, or "Web Application Firewall", specialized in controlling the connections to our site, filtering them, monitoring them and blocking them in the event that they consider malicious. The WAFs can be found in "hardware" or "software" type. Characteristics of the "Web Application Firewalls": • These types of firewalls can be installed on our server as such, or on another, that is integrated into our network. This must be taken into account, because it also consumes the processing capacity of our machines since it has to process the requests with the rules that we define before delivering them to the web server, so in the case of being receiving an attack and that the WAF service fails or is degraded, so can our website. • There is another way to make them participate in the security of our network since we can find providers that offer the service remotely, that is, in "cloud". The way this architecture works is that the company you hire the services to deploy the firewall on their servers, directing and processing there the web service traffic before being sent to your server without any threat. Some of the providers of these services are Akamai, CloudFlare, DOSarrest, and Sucuri, among others. • In addition to blocking denial of service (DoS) attacks, WAFs are also capable of detecting and blocking attacks such as "Cross-Site Scripting" or "SQL injection". As we can see, in some cases the WAFs are a quite optimal and simple solution, in addition, it can be used with a "semi-automatic" configuration because the services of this type have basic configurations that could already protect web services from attacks of denial of service. In any case, it is advisable to define customized configuration rules to adapt the WAF to our infrastructure and obtain a better protection taking full advantage of the characteristics of the WAF. As we discussed earlier, one type of denial of service (DoS) attacks is those distributed. Distributed Denial of Service (DDoS) attacks is usually made through botnets. You can check with the OSI tool if any of the servers in your network belongs to one of these distributed criminal networks and thus prevent you from being a fundamental part of these attacks whose sole purpose is extortion and money. Protection measures in our web applications When it comes to protecting web applications it is important to take into account different aspects of Cybersecurity that will increase the resilience of our system, and therefore the trust that our clients have placed in our services. In most cases the denial of service attacks directed at web applications are not carried out through system overload, service saturation or bandwidth exhaustion, but through the exploitation of vulnerabilities in our application, so the most important security rule is to install as soon as possible the security updates that are published and that solve possible security problems in the application that we use on our website. In the case of using applications with an ad hoc development, it is necessary to carry out audits to identify security problems and thus solve them. It is also highly recommended to have the CAPTCHA system in the forms of our website, in this way it will not be possible to execute an automated attack through them. Web applications that require privacy, that is, that directly or indirectly collect personal data, are required to use the TLS protocol to ensure confidentiality in their transmission over the Internet. In the case that private data is not used, it is advisable to consider the use of TLS, but taking into account that additional computational processing is necessary to deal with this protocol, so an overload of requests could lead to a denial of service of our system. In case it is necessary for many services, it is advisable to establish a limit of simultaneous connections that require said protocol. In the case of already being a victim of a denial of service (DoS) attack that is being directed to our websites, taking advantage of any vulnerability that the application may have, we can have a static copy of our website that shows basic information such as the number of phone of our company, the email address or the physical so that we can be contacted, in addition to content that does not need much processing to be shown and in this way not to leave at any time to give service.

The DDoS (Distributed Denial of Service) are the logical evolution of DoS (Denial of Service) attacks. Therefore, before talking about DDoS, I prefer to remember what a DoS attack is, translated into Spanish as "Denial of Services". This type of attacks consists of generating a massive amount of requests to the server, causing an overload of the same and, consequently, the fall of the service. DoS attacks are very easy to stop. It is enough to identify the IP address of the machine that is making the mass requests, and its access is blocked. DDoS attacks are a more sophisticated modality, which is translated into Spanish as "Distributed Denial of Services". For this reason, DDoS attacks are much more devastating and more complex to stop. There are several teams that make these massive and constant calls to the server. The calls coincide in pattern, but there may be hundreds or thousands of computers participating, and often, the computers used for these DDoS attacks are personal computers infected with malware. Do you hear the term zombie used in computing? Well right here is when it comes into action! If we have our services in the cloud, a DDoS attack could pose a big performance problem. This problem can be partially solved if we have scalability ... but unfortunately this would not be a total solution, and would also pose another problem: the increase in unforeseen costs. Luckily, although still in the preliminary phase, Microsoft has just launched a new and advanced DDos protection system that protects Azure resources against threats of distributed denial of service (DDoS) attacks in OSI 3-7 layers, through monitoring and automatic mitigation of network attacks. This protection offers: o Automatic monitoring and mitigation of always active network attacks o Adaptive adjustment based on the unique knowledge of the Azure platform o Protection at the application level with the Azure Application Gateway web application firewall o Integration with Azure Monitor to perform analysis and obtain knowledge o Protection against unforeseen costs of a DDoS attack How does this DDos protection service work? The vast array of Azure datacenters around the world allows Microsoft to identify DDoS attacks in near real time, through heuristic traffic analysis. The protection takes advantage of the scalability and elasticity of Microsoft's global network to incorporate massive DDoS mitigation capabilities in all Azure regions, and protection is achieved because Azure cleans traffic on the perimeter of the network before it affects to the availability of the service. The implementation and configuration of this service is very simple and completely simplified, since no intervention by the user is necessary. The protection will eradicate attacks instantly and automatically when it is detected. This immediate response will save the stability of our services. In addition, if our infrastructure is forced to scale due to a DDoS attack, the contracting of the protection service will assume the unforeseen costs involved. The protection against DDoS attacks is natively integrated with Azure Monitor, so it exposes metrics and attack telemetry, as well as flexible warning mechanisms that warn us if we receive an attack. How much does this service cost? For now the protection against DDoS is only available in preview version. During this time, the service will be completely free. In the future, the protection service will have a fixed monthly cost in addition to a data processing fee. All customers who decide to try this service, Microsoft will send you an updated information about the prices 30 days before the service enters the phase of general and final availability. How does remote DDoS protection work? Remote proxy DDos protection provides an extra layer to prevent hackers from reaching your network or services. This type of solution hides your real IP and sends all the traffic that comes to your website through a mitigation network. The entire process occurs without your visitors noticing and without compromising the responsiveness of your page. Remote protection is a layered approach to proactive and reactive security. Your proxy provider continually tracks site security and identifies risks before they become a reality. Solutions may or may not be cloud-based and rely on firewalls and intrusion prevention systems that mitigate the main threats, be they volumetric attacks or bruteforce intrusion attempts. One of the big reasons for choosing the alternative is that remote DDoS protection increases both the security and performance of your HTTP applications. In addition, the cost-effectiveness and convenience of the preventive solution help protect your business and prevent contingencies. Therefore, DDoS is not only a threat to retailers, financial services and gaming companies that have high demand for availability. They are also intended for critical business applications that your organization relies on to manage day-to - day operations - email, sales automation tools, and CRMs can be affected by them.