You could do the following things to minimize  the DoS  attack:
-  
 Effective robust design
-  
 Bandwidth limitations
-  
 Keep systems patched
-  
 Run the least amount of services
-  
 Allow only necessary traffic
-  
 Block IP addresses
Due  to the power of DoS attacks and the way they work, there  is nothing  that can be done to prevent a Dos attack entirely
| The DoS and DDoS  attacks in combination with malicious codes  implantations are easily  launched but difficult to completely stop. With the  nature of TCP/IP  and programming issues that are often overlooked, the current  Internet  is still vulnerable to various forms of DoS and DDoS attacks. There is   no "silver bullet" solution to this, like many other security  issues. | 
-  
 Timely application of patches and system updates, especially to potentially exposed machines. For example, update and maintain a current build of BIND on DNS servers.
-  
 Deployment of only strictly necessary network services
-  
 Intrusion detection systems
-  
 Firewalls
-  
 Anti-virus software
-  
 Good password policies
-  
 Use of Tripwire or other similar tools to detect changes in configuration information or other important files
-  
 Paying heed to "Top 20" vulnerability lists provided by the information security community and evaluating these risks against one's environment
-  
 Establishment and maintenance of regular backup schedules and policies
-  
 As a network is only as secure as its weakest link, protection of mobile and remote machines with personal firewall/intrusion detection software
However, in mitigating DoS or DDoS attacks, it requires  good  network design to be able to control the point of entry or the  gateway. As for  mitigating new attacks, it is essential to have  filtering capability based on  packet header and content within the  network or at the critical gateways in  order to filter malicious  traffic as a response to such attacks while waiting  for a permanent  solution from suppliers to be applied to the devices. Applying  all  known patches and fixes to all devices in the network to prevent known   attacks is necessary. Finally, it is important to have the relevant  referrals in  the policy and legislations to address the issue of DoS  and DDoS to ensure an  effective cooperation between service providers  and law enforcement agencies  .
 
0 comments:
Post a Comment