Security in Obscurity

Guide to counter denial-of-service (DoS) and DDoS attacks: Hardening of systems to block infection (Part 2)

The methods to counter DoS attacks should include hardening of systems to block infection, December 2018

What can you do to counter a denial-of-service attack? There are a number of ways to counter denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. This thought focuses on hardening of systems to block infection and is a part of a four part series on countering DoS and DDoS attacks including:

Detection of Compromised Systems
Hardening of Systems to Block Infection
Remediating an Attack In Progress
Offsetting Risk with Cloud Services

Hardening of systems to block infection

Compromised systems is the key way in which DoS and DDoS attacks are launched against a target. By hardening your systems to ensure they are secure you can reduce the likelihood that they are to be leveraged as part of the attack. The hardening provides for a preemptive control in reduce the risk of compromise. There are a number of preemptive measures that can be taken to harden a system ranging from tooling to policies.

Installing antivirus software on all workstations

Antivirus is software located on a system that can identify potential known malicious threats. The software can scan any hard drives or other media attached to a system to find threats and remediate them. Additionally, antivirus can help block identified threats from actually compromising a system, limiting the damage that malware can inflict upon a machine. [1] Antivirus is an industry standard in system security to help protect a machine from malicious attacks that can compromise the system and every platform run on systems, can be exploited to the attackers gain, if not properly secured by antivirus. [2]

Ensuring that all machines running on a network contain antivirus, will help to protect them from infection. Uninfected machines reduce the surface area of which attacks can compromise the systems to becoming zombies in a DDoS attack. Antivirus offers technical administrators the ability to provide notification of detected malicious activity on a machine. If detected, a security team can further inspect the machine(s) and provide any additional remediation that is need to keep it secure and from becoming a slave in a denial-of-service attack.

Patch Management

Patch management is the installation of software updates or patches which can fix vulnerabilities in software or the system operating system that attacks can take advantage of to compromise a machine. Patching a system is an important way to counter DDoS attacks. Ensuring the patches are properly installed on a machine can significantly reduce the surface area that attacks can target in compromising systems to use as slaves in a DDoS attack.

Patch management helps counter DDoS attacks in this way because many of the vulnerabilities used by attackers against a system, in an attempt to compromise it, are typically vulnerabilities which have had known fixes for a number of years. [3] Patching is considered an industry standard in securing systems. It is recommended by the SANS institute as a critical security control to implement in an environment. [4]

Ensuring machines have the most up-to-date patches installed on the system make attacks to gain access a network much less likely to be successful. The patch process can be automated. This will provide you many benefits to mitigate DDoS attacks. Automated patching means the patching process will ensure that updates are installed in a timely manner. This will allow you to more quickly remediate against newly discovered vulnerabilities before they can be leveraged by an attacker to compromise a system in preparation for a DDoS attack.

Increasing security policies

Security policies are an integral piece to providing an overall security architecture. [5] There are many different controls that can be implemented to counter a DDoS attack. In particular, a password policy should be considered chiefly among them. If an attacker is able to compromise computers, they can be used as slaves by capturing an administrative password and launch a DoS attack on the network.

A proper password policy would protect and prevent accounts from being compromised. Guidance should help ensure that the passwords being used are complex. Setting a strict password requirement as to what a password must include in order to be in compliance with the policy makes it less susceptible to brute force hacking attempts. Additionally, password expiration dates should be included in a password policy to ensure that compromised passwords have a shelf life of use before they become obsolete as the password changes.

---

Preemptive hardening of your systems is a good security control to reducing the risk that your systems would be compromised and therefore utilized in a DoS attack. Addressing vulnerabilities found on the system as well as leveraging anti-virus will close gaps that make a system susceptible to compromise. Additionally strong security policies can add rigor to your security program to ensure that systems are properly maintained so as to prevent compromise.

Note: Parts of this thought were previously used in content I submitted while in Grad School during my Hacking Countermeasures course.

---

Resources Consulted

[1] Rouse, Margaret. (2014, November). Firewall. Article Link

[2] Bott, Ed. (2010, November 23). Do you really need antivirus software? Article Link

[3] Leyden, John. Psst, hackers. Just go for the known vulnerabilities. (2015, February 23). The Register. Article Link

[4] Application Software Security. (n.d.). Article Link

[5] Glenn, Michael. (2003, August 21). A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a Service Provider Environment. Article Link