What is a DoS Attack?
According to NIST, a denial of service (DoS) is:
“The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided).”
a distributed denial of service (DDoS) is:
“A denial of service technique that uses numerous hosts to perform the attack.”
What types of DoS are there?
- Logical (layer 7)
- Destruction of Equipment
- Hardware failuire (ok it’s not an attack but plan for it)
What actions You can take to mitigate DoS Attacks?
Check out the resources from NIST and NCSC:
Denial of service attacks can be simple overloading the resources on a server, this could be achieved by running an “expensive” search query on a web/database server, or it may be overloading the network connection or equipment.
Resources that can be exhausted include:
- Network Bandwidth
Volumetric attacks use sheer numbers of connects to overload links and resources, specific types of volumetric attacks include:
- Distributed scale
- Reflection / amplification attacks
- ISP Based Defences
- Cloud WAF/Proxies
- Firewalls/Layer3+ (Next Generation) Firewalls
- Load balancing and auto-scaling
- Web Application Firewalls/Proxies
- Adequate resources/Redundancy/Multipathing
- Logical defences
Defending against DoS
DoS Defence generally requires a holistic view off cyber security posture, a single element will usually not be sufficient to defend against all types of DoS. The key thing with Denial of Service is to have designed for defence, ensured you have the ability to scale and that you have adequate resources for load. Essentially plan, plan and plan some more. Defence in depth and secure design our the key here.