Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

The best question normally asked by employer during interview for the post of System Administrator or Network Engineer. How to prevent dos attack?

please don't copy and paste articles. I know the answer. Just want to know your practices....

user-image
Question ajoutée par Muhammad Tahir Masood , IT Project Manager (Infrastructure Support and IS Security) , Solution Founder Technology Company
Date de publication: 2013/09/26
Mostafa Abdo
par Mostafa Abdo , Senior Infrastructure and Security Architect , Devoteam

by using Honeypots

Use antivirus and a hardware firewall and thorouhly check the network policies.

YAHUL HAMEED HAMEED
par YAHUL HAMEED HAMEED , General Accountant , Al Wahdah Auto Radiant Factory

I am passionate about the work, to co-ordinate different department of employees with target achievement.

senthamil selvan
par senthamil selvan , IT Support Engineer , Dunia Finance

We can prevent by firewall 

 uses DNS redirection to persistently reroute all traffic through the Incapsula network.

Muhammad Jamil  Akhtar
par Muhammad Jamil Akhtar , Principal , Education Deptt. Govt. of the Punjab. Pakistan

A good administrator/Leader is the one who does not loose his temper under pressure and manages his duties in a nice way. Should have a polite and humble attitude.Planning must be prevailed in the right direction under the available budget / grant etc.

mujahid fareed
par mujahid fareed , System Consultant , King Abdul Aziz City For Science

Best Use SEP (Symantec Endpoint Protection)

Khalid AlJemy
par Khalid AlJemy , Information Security Auditor , Riyad Bank

Using intrusion detection system and intrusion prevention system 

JONATHAN VIRAY
par JONATHAN VIRAY , Technical Consultant , EUROTECHME

Computer attacks can take several forms, some of which include information gathering, local administrative access, remote access hacks, and, last but not least, denial-of-service (DoS) attacks. While gaining root access to a server is typically the ultimate goal, there are still numerous reasons a hacker would want to simply take a server out of commission.

For example, what would be the result of an organization-wide cyberattack that caused all of the company's web servers to shut down? This type of attack is not only possible but is also easy to perform, since most organizations purchase large blocks of IP addresses and manage them internally. A hacker simply learns this range in order to systematically target the entire block.

In this section, we investigate two denial-of-service attacks that work in such a manner. The first attacks the Server Message Block protocol used by Windows machines, while the second targets the Universal Plug and Play service (a relatively modern feature of Windows operating systems).

SMB Attack

The Service Message Block (SMB) protocol was designed to provide a platform-independent method of requesting data from file services over a network. Also known as the Common Internet File System, this protocol is most often affiliated with the Windows family of operating systems, although others can use it. So far, only Windows has been found vulnerable to the following attack.

SMB operates in the Application/Presentation layers of the OSI model. Because it operates in such high layers, SMB can easily be used in almost any network. TCP/IP, IPX, NetBEUI, and other lesser-known protocols can all work with SMB packaged data.

 

Under Windows Platform, preventing from attacks tips:

 

Practice1 - Keep an audit trail that describes what was changed and why

Locked in a file cabinet somewhere may be a document explaining the original purpose of your network design and its interdependencies. For any change to the network to be made, the document should be consulted and updated.

The lesson to learn here is to revisit your auditing trail and ensure that it encompasses both the details of your current changes and the reasoning behind your current infrastructure. With this method, both the common and uncommon configurations of your network are protected from the occasional error.

Practice2 - Create interdepartmental Standard and Emergency Operating Procedures

One of the reasons why network outages take so long to diagnose is because many network admins begin by only looking for errors in their own segments. Granted, the error may be in a single segment, but the evidence that will lead you to diagnose a problem may be across your Intranet and the Internet. You will be slow to respond because you responded to our own servers first. Often, it takes people far too long to realize that everyone in the company is working on the same problem.

The lesson to learn when developing a best practice is that you need better cross-group communication built in to your Standard Operating Procedures (SOPs) and Emergency Operating Procedures (EOPs). You need to know that administrators in your segment are aware of the implications their changes have on other segments of the network, and who to contact at other segments when any emergency occurs.

Practice3 - Understand that success can result in complacency

For your network team, it may have been a few years since a challenge of considerable magnitude has occurred. During this time, you may have grown comfortable with the high availability of your network and become complacent toward the potential for emergencies. Unfortunately, this attitude may only be changed as the result of a serious emergency.

It can be a difficult change to make because network administrators are so often engaged in firefighting comparatively minor issues within an overall network of high availability. To change this attitude, you must look for the strongest components of your network and conceive of scenarios where their failure transpires. Envision failure in the areas of greatest success.

Practice4 - Network monitoring isn't enough, your adminstrators must know the configuration in detail

Even the most intuitive monitoring is little more than a magnifying glass. To be all-knowing, it would need to report on the affect of every setting of every program, service, host and router in the network, as well as all the interactions between these services and resources. Still, such an analysis would lack the business logic behind configurations and the needs of customers using the services on the network.

The real knowledge of the network must be something shared and accessible to all administrators so that the reports generated by monitors can be interpreted quickly and correctly. In order for this to work, this knowledge share must become part of the process of running your network.

Practice5 - Test yourself both locally and over the Internet

When your network serves customers on the Internet you need to test its availability by simulating their activity. This will help you understand the magnitude of a problem and lead you down the path to discovering your network's problems from your customers' experience.

This kind of real-world approach is invaluable if you want to make sure that you and your customers experience the same highs and lows of your network performance, and the long-term result of this approach is an appreciation of your customers' perspective beyond what is offered through you customer support department.

Practice6 – Your processes can harm you just like hackers

Are your processes an enemy from within? They can be if you don't evaluate them skeptically and with the attitude that they can harm you as severely as malicious attacks from hackers. You can make the assumption that because you have not experienced serious network outages your current processes are fine. But they may not be adequate to maintaining your current level of availability unless they can incorporate the full extent of your network administration, across all departments and along with all initiatives.

The practice to develop is an avoidance of relying on your apparently successful processes and to acquire an inward, critical element in your team that challenges the processes themselves.

Practice7 - Keep people aware of old configurations and their purpose

To develop and maintain an awareness of older, and often trusted, network configurations you need to pay special attention to your personnel changes during the development of your business and the expansion of your network infrastructure. Because it is unlikely that you will redesign your entire network infrastructure annually, configurations performed one year may stay around in your network until someone stumbles upon them. To prevent configuration settings being missed, you need to make new personnel aware of these configurations during orientation or as part of annual auditing.

Without this type of training, you may do a disservice to your personnel by putting them in a position where they could damage their network and possibly their reputation unknowingly. Keep this potential cause of emergencies on the minds of your new administrators and you will go a long way to encouraging that they investigate configurations before changing them.

Practice8 - When something is different, ask why

In any company, the work performed by one employee is as important as the work performed by any other employee. For this reason, an administrator auditing the configuration of a network needs to appreciate that each of the network's configurations, and the settings of the programs that use that network, are the work of a colleague and deserve the same respect that the administrator himself would like for his work. Consequently, when discovering a design that is unusual it is important for that administrator to investigate this peculiarity instead of taking it upon himself to force the design into conformity with some new initiative or standard.

The practice to develop is to go further in developing an inquisitive culture amongst your administrators and, in contrast, to discourage the rote or mechanical routine of processing network changes. You may appear to lose efficiency by having changes take longer with this attitude, but the savings are considerable when compared to the loss of service you can experience when administrators make changes without a solid understanding of the network's settings.

Practice9 - Know the trade-offs between simplicity, cost, and survivability

There is a tendency to praise simplicity above complexity for the benefit of administrative costs. While there is truth behind this approach, you must also consider the affect that simplicity can have on being able to support unforeseen problems. In designing your network in a simplified manner, you leave yourself open to the repercussions of a simple mistake.

The benefit of a complex network design is greater than the stability obtained through fault tolerance and redundancy. A complex design can benefit the complex business needs you are trying to support. When we simplify the way business information travels across our network, we need to consider whether or not we are serving our administrative needs second and our customers and users business first.

Practice10 - Protect yourself against hackers

Can you predict where a hacker will attack your network? Developing this anticipation comes from facing the reality of being hacked. While we do not want to say anything which could infer that hackers do anyone a service, to develop this intuitive awareness you need to "hack" your network yourself by imagining what a hacker would do to attack it. This will develop a sensitivity to where your network is exposed to hackers and help you in auditing your network's weak points.

More Questions Like This