Get with IT: How to Avoid Loss from DoS

Back in the days of network simplicity and limited computer functionality, DOS (Disk Operating System) was the big buzzword. Now the big buzzword in computing is a similar acronym that has an entirely different meaning: DoS, or Denial of Service, which is arguably one of the worst things for business today.

A DoS attack is merely the result of someone exploiting the open nature of computers, networks and the Internet by inundating systems to the point where they cannot respond to legitimate requests. DoS attacks can be intentional or unintentional. They target processor utilization and network bandwidth and typically impact operating systems, web applications and network infrastructure devices.

As simple as they seem on the surface, DoS attacks can create a load trouble for organizations that rely on their online presence to conduct business transactions.

A specific area of DoS that does not get the attention it deserves is the business risks associated with physical security systems — such as network-based access controls and IP video — being impacted by a DoS attack. Have you thought about what would happen if such an attack hit this area of your business? A DoS attack against your physical security environment could be especially troublesome when it results in your inability to: Permit employee badge access into or within your campus; process visitors for temporary system access; view real-time video camera surveillance footage; and monitor for security alerts.

Some say that DoS attacks only affect Internet-facing systems such as web servers, routers and the like, but that is not true. Many systems considered “internal” can be directly affected if an Internet connection or WAN links to remote facilities slow to a crawl. For instance, you may be using cloud-based services for identity management, video logging or managed security services — these could all go away if the Internet is not accessible. There’s also remote access: How will users gain inbound access to the network if a DoS attack is being carried out, especially after hours when key personnel are offsite?

Keep in mind that DoS attacks are not just inbound attacks that flood a network. Certain access control and video systems are directly accessible via the Internet, which means they can be directly exploited if they are misconfigured and unsecured.

There are a lot of moving parts, but the fundamental issue is that physical security controls and processes are just another computer or application that must be protected. Unlike other network security vulnerabilities that may or may not be an issue, DoS is something that every business is susceptible to, all the time — all it takes is a criminal hacker to choose your business as a target.

What can you do? First, be proactive and put controls in place on your network perimeter, such as tweaking existing routers and firewalls or using a Next-Generation Intrusion Prevention System, which can help in the event of an attack. You can also work with ISP and hosting providers to build in protective measures or at least have them available. There are also appliance and cloud-based solutions from vendors such as Corero Network Security, Prolexic, and CloudFlare; but, before you go down this path, start with simpler controls that can serve as a great starting point against DoS protection, such as system hardening, patch management, periodic security vulnerability scanning and manual analysis.

The most important thing is to not take the approach that many people take — sit back and wait until a DoS attack before doing something about it.

 

Kevin Beaver is a consultant with Atlanta-based Principle Logic LLC (www.principlelogic.com). He has authored/co-authored 11 books on information security, including Hacking for Dummies, Implementation Strategies for Fulfilling and Maintaining IT Compliance, and the Security on Wheels audio books and blog (www.securityonwheels.com). Follow him on Twitter, @kevinbeaver or connect to him on LinkedIn.

Loading