Get with IT: How to Avoid Loss from DoS

March 11, 2013
Building physical security resilience against Denial of Service attacks

How to Avoid Loss from DoS 

Back in the days of network simplicity and limited computer functionality, DOS (Disk Operating System) was the big buzzword. The progression of personal computers running on DOS was great news for business. Now the big buzzword in computing is a similar acronym that has an entirely different meaning: DoS, or Denial of Service, which is arguably one of the worst things for business today.

A DoS attack is merely the result of an attacker exploiting the open nature of computers, networks and the Internet by inundating systems to the point where they cannot respond to legitimate requests. DoS attacks can be intentional or unintentional. They target processor utilization and network bandwidth and typically impact operating systems, web applications and network infrastructure devices. As ‘simple’ as they seem on the surface, DoS attacks can create a load trouble for organizations that rely on their online presence to conduct business transactions. You may not even realize a DoS attack is taking place until one of your customers or business partners tells you.

A specific area of DoS that does not get the attention it deserves is the business risks associated with physical security systems — such as network-based access controls and IP video — being impacted by a DoS attack. Have you thought about what would happen if such an attack hit this area of your business? A DoS attack against your physical security environment could be especially troublesome when it results in your inability to: Permit employee badge access into or within your campus; process visitors for temporary system access; view real-time video camera surveillance footage; and monitor for security alerts.

Some may say that DoS attacks only affect Internet-facing systems such as web servers, routers and the like, but that is not true. Many systems considered ‘internal’ can be directly affected if your Internet connection or WAN links to remote facilities slow to a crawl. For instance, you may be using cloud-based services for identity management, video logging or managed security services — these could all go away if the Internet is not accessible. There’s also remote access: How will you and your users gain inbound access into the network if a DoS is being carried out, especially after hours when key personnel are offsite?

Keep in mind that DoS attacks are not just inbound attacks that flood your network. Certain access control and video systems are directly accessible via the Internet, which means they can be directly exploited if they are misconfigured and unsecured.

There are a lot of moving parts related to DoS attacks but the fundamental issue at hand is that physical security controls and processes are just another computer or application in your environment that need to be protected. All it takes is a criminal hacker on the other side of the earth to choose your business as the target. Unlike other network security vulnerabilities that may or may not be an issue, DoS is something that every business is susceptible to, all the time.

What are you doing about this risk? You can be proactive and put certain controls in place on your network perimeter, such as tweaking your existing routers and firewalls or using a Next-Generation Intrusion Prevention System, which can help in the event of an attack. You can also work with your ISP and hosting providers to build in protective measures or at least have them available when needed. There are also appliance and cloud-based solutions from vendors such as Corero Network Security, Prolexic, and CloudFlare; but, before you go down this path, there are some simpler controls you can put in place that can serve as a great starting point against DoS protection. System hardening, patch management, and periodic security vulnerability scanning and manual analysis are a few.

The most important thing is to not take the approach that many people take which is to sit back and wait until a DoS attack occurs to start doing something about it.

Kevin Beaver is a consultant with Atlanta-based Principle Logic LLC (www.principlelogic.com). He has authored/co-authored 11 books on information security, including Hacking for Dummies, Implementation Strategies for Fulfilling and Maintaining IT Compliance, and the Security on Wheels audio books and blog (www.securityonwheels.com). Follow him on Twitter, @kevinbeaver or connect to him on LinkedIn.

Today’s Homework: Integrate physical security and DoS into contingency plans

DoS attacks are often set aside as “one of those IT things” that will be addressed when the time comes. Don’t take this approach — it is bad for your physical security environment and can be detrimental to your business. One of the most overlooked, yet valuable things you can do is to integrate DoS response procedures into your incident response and business continuity plans.

DoS risk is a serious matter, not unlike malware infections, and deserves the proper attention and support from management. Look at your DoS risk as a whole and then drill down to see how your physical security systems would be impacted in the event of an attack. Finally, put reasonable controls in place to help minimize the impact and then document the steps needed to respond appropriately if a DoS attack occurs.