Network Security News

Internet wasn't meant the exact replica of real world, with its threats and dangers projecting in cyberspace. The very nature of many protocols and services doesn't assume there could be denial-of-service and other kinds of attacks, nor deliberate misuse of the resources. Astaro Internet security mentions several basic ideas in their post How to protect your network from cyber-attacks.

It is said that there are three measures network administrators can take to avoid the types of network attacks that plague government websites in many countries nowadays. The three areas to focus on are network based mitigation, host based mitigation and proactive measures.

Network based mitigation:

• Install IDS/IPS with the ability to track floods (such as SYN, ICMP etc.)
• Install a firewall that has the ability to drop packets rather than have them reach the internal server. The nature of a web server is such that you will allow HTTP to the server from the Internet. You will need to monitor your server to know where to block traffic.
• Have contact numbers for your ISP’s Emergency Management Team (or Response team, or the team that is able to respond to such an event). You will need to contact them in order to prevent the attack from reaching your network’s perimeter in the first place.

Host based mitigation:

• Ensure that HTTP open sessions time out at a reasonable time. When under attack, you will want to reduce this number.
• Ensure that TCP also time out at a reasonable time.
• Install a host-based firewall to prevent HTTP threads from spawning for attack packets

Proactive measures:
For those with the knowhow, it would be possible to “fight back” with programs that can neutralize the threat. This method is used mostly by networks that are under constant attack such as government sites.

However, one could add that the prevention is in most cases much more productive than defense and counterattacks. Most attackers do use the brute force or known vulnerabilities exploits at random; if the problem isn't handled as soon as possible, the amount and thoroughness of attacks may grow, especially if the site or service, or whatever is being under attack is of much importance.

In other words, the optimal network security strategy is to use network monitoring and early prevention to detect possible threats, thus taking measures quickly, in as automated manner as possible. It also has social effect: if network prevents major assaults quickly and takes little or no damage, its reputation can repel most of probable attackers (not all the cyber-crimes are committed with the single purpose of deliberately harming the target).