Ask the Expert

How can an enterprise-wide network prevent denial-of-service attacks?

How can an enterprise-wide network remain resilient against denial-of-service (DoS) attacks?

    Requires Free Membership to View

When many people think about denial-of-service attacks (DoS), they unfortunately think of only the standard SYN flood attack. This is where an attacker transmits a large number of SYN packets with the goal of overloading the target system with half-open connections. However, many new DoS attacks actually complete their three-way handshake and make a legitimate application request, such as an HTTP GET request, making it difficult to discern between good traffic and malicious traffic.

For large enterprise networks that are unable to tolerate downtime resulting from a DoS attack, I'd suggest researching anti-DoS products, such as those offered by Mazu Networks Inc., Prolexic Technologies Inc. and Cisco Systems Inc. Many of these products attempt to identify and exclude malicious traffic by creating a baseline of "normal" traffic, then comparing normal traffic patterns with traffic spikes that may be an indication of a DoS attack. They also do some interesting detection of DoS traffic by trying to find patterns in Time To Live (TTL) values, hashing payload data, and looking for other TCP/IP patterns that may be indicative of a DoS attack.

Unfortunately, no matter how effective these products are, it may be possible for an attacker to overwhelm an organization's incoming network bandwidth. This is why I strongly recommend becoming familiar with the security point of contact with your ISP. Having a good relationship with the security contact can mean the difference between getting help in the event of an incident or being forwarded on to sales to purchase additional bandwidth.

More information:
 

This was first published in July 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: