RLOT Task 2
With the availability of open source tools and resources to cybercriminals, it has become extremely difficult to combat distributed denial of service (DDoS) attacks. Typically DDoS attacks occur at the network layer by SYN flooding, ICMP flooding, and UDP flooding. Some times DDoS attacks fail at the network layer when this happens cybercriminals shift to application layer attacks. Application attacks occur by sending an overwhelming number of HTTP GET requests (HTTP flooding) or running a massive number of queries through the victim’s database query or search engine. This guide will address the information technology (IT) industry’s best practices to counter denial of service ...view middle of the document...
1.1). Agents need administrator privileges to perform these tasks. Using an agent-based patch management system reduces the risk of exposure of administrator passwords during installation of new patches.
The Internet was not designed with security in mind. New cyber threats are discovered daily, it is imperative that users have antivirus software to protect them. Not every cyber threat is meant to steal valuable data or cause damage, but that does not mean the attack is not dangerous. An attack that appears to be benign may lead to much worse attacks and more sophisticated cybercriminals. According to Zeltser (2011) “protecting endpoint computers from malware is critical to providing reliable operations, safeguarding data, and maintaining an acceptable compliance posture” (p. 41). Antivirus software is used to protect the host from incoming threats such as malware, spyware, spam, and data theft. The software detects, removes, and warns users of possible threats to the system. To prevent hosts from being used in any DoS/DDoS activities, the university will purchase and install antivirus software on all workstations. There are many components to protection software. The key components are real-time scanner, compressed file scanner, script blocking, instant messaging protection, and webmail protection. To provide effective protection the antivirus database definitions must be kept up to date.
Host-based Intrusion Prevention Systems
Any device that resides in the demilitarized zone (DMZ) is at risk of being compromised. The DMZ is designed to contain the compromise and prevent the compromise from reaching the internal trusted network (Conrad, Misenar, & Feldman, 2010). The key is to use defense a layered defense on the hosts within the DMZ. In addition to system hardening and patching, the hosts also require host-based intrusion prevention system (HIPS). HIPS can provide effective defense against known and unknown threats. HIPS combines a standalone firewall, intrusion detection, and intrusion prevention to provide access control, intrusion prevention, policy enforcement, and security (Causey, 2007). The primary focus of an intrusion prevention system is to protect host files and processes by blocking malicious threats. HIPS provides security based on protocol behavior (analyzes requests for...