Ddos Prevention Best Practices

To begin with, system hardening should be implemented on all University workstations, and especially the Web servers. This means turning off any unused services, jampack all ports except those that are specifically needed for the operating roles of the servers, and ensuring that an antaplus solution Is in organize and regularly updated. Additionally, a strong patch management policy and procedure should be used to make unnecessary University computing assets up to date.This is to second pr cause the exploitation of newly discovered vulnerabilities, and is carve up of the hardening process. all(a) publicly available services, such as Web facing servers, DNS servers, and application servers, should be discriminated from semiprivate university resources. The separation should include enclosing the public servers in a DMZ. The DMZ should have firewalls in abode on both sides of the network, to protect from external threats, and Internal ones. This separation also Isolates the se rvers from the rest of the network, in the event one of them is compromised.Furthermore, PLANS should be implemented to break up broadcast domains, and IP subletting used to control outwork traffic, except isolating the public systems from the internal network finesses. Also, A split DNS scheme that consists of an external DNS server separate from an Internal DNS server can help limit the Impact of DNS Dos style attacks. Network place Translation (NAT) should remain in place, as it also has the effect of hiding the internal network from the Internet. Moreover, the cylinder block of IGMP or ping attempts should be blocked, at least externally, so that attempts to Identify systems from the Internet are reduced.As part of cogency planning, servant should be made to plan for excess. This should help to absorb any Dodos attacks by having can of resources to maintain network operations. This Includes having more than adequate switch and router bandwidth, CAP. And frame/packet proce ssing ablest. Additional consideration should be made to use different Internet Service Providers (ISP) for redundant connections. In the event of an attack, this has the pull in of having alternate paths to the Internet, providing redundancy and load sharing.When upgrading or replacing network equipment, anta-DoS capable devices should be carefully evaluated and selected. invasion Detection/Prevention Systems (DIPS) should be deployed, with the emphasis on prevention at the network perimeter. An inline device ordain be more effective placed behind the external facing firewall. The firewall is configured to permit only if traffic that Is desired, blocking all opposite traffic, while the DIPS Is designed to block specific traffic and allow the rest. An DIPS device that uses both signature- 1 OFF positives, and therefore a better chance of detecting attacks.The DIPS device should be capable of sending alerts via email, SMS, and pager communication methods to Taft. The DIPS shoul d also be configured to alter the firewall filtering rules on the fly, in the event an attack is occurring. A period of fine tuning is necessary to reduce off-key positives, and ensure information is not lost due to miscommunication. Ingress and egress filtering needs to be implemented. This involves configuring the firewalls to block unreliable IP addresses as specified in RFC 1918, using Access Control Lists (Calls).This go forth help prevent IP address spoofing, and computing assets from being used to attack other organizations outside the University IP address pace. Egress filtering should only allow IP addresses to leave the University that fall within the range of allocated addresses. record monitoring and review of all network and server devices should be performed regularly. In addition, IT staff should be alerted when rummy activity or events are detected. For instance, repeated failed attempts to access a network device might fence a password hacking attack. Performanc e baselines of essential network and server equipment needs to be documented.This will issue a metric of network utilization under normal operating conditions. Excessive use of resources above equipment baselines might indicate a Dodos attack. Also, establishing a performance baseline will aid in capacity planning and provide data for scalability and growth planning. A honesty with relaxed security should be installed. Its purpose is to wad hackers away from actual University computing assets by providing an easier target. It needs to be completely isolated from all other critical assets. The honesty should also be monitored, as data obtained from attacks can be used to prop up the rest of the network.An Incident Response Plan (RIP) needs to be drafted and provided to all University administrative staff. electric potential items in the plan should include Points of Contacts (POCK), and handling procedures if an attack is suspected. In conjunction with the RIP, an Emergency Resp onse squad (RET) comprised of senior network and information security personnel, as well as members of the management team, should formalized. This team will be tasked with the responsibility as first responders to an attack. The RET should also have a Plan of legal action (POP) more detailed than the RIP.Items in this Lana should include detailed network documentation, disaster recovery plans, any traffic continuity plans, ISP support numbers, etc. The combined effect of all of the measures previously describe, will significantly change magnitude the impact of a Dodos attack. By no means is this document complete, and should be considered as a victuals document. As new threats emerge, additional or even different methods may be required to be put in place. Technology also improves over time, therefore a periodic review of the practices described should be conducted, and this document adjusted accordingly.