Denial-of-Service attacks

To develop network security strategies that will ensure that the organization’s network is protected from both internal and external security risks. A summary of the steps I can take to mitigate the risk in the following areas: Denial-of-Service attacks (DoS), Distributed Denial-of-Service attacks (DDoS), Masquerading and IP Spoofing, Smurf attacks, Land.c attacks, Man-in-the-Middle attacks.

Denial-of-service DoS attacks DoS attack is simply to send more traffic to a network address than the programmers who planned its data buffers anticipated someone might send. The attacker may be aware that the target system has a weakness that can be exploited or the attacker may simply try the attack in case it might work. According to AppliCure Technologies preventing Denial of Service Attack With dotDefender web application firewall you can avoid DoS attacks because dotDefender inspects your HTTP traffic and checks their packets against rules such as to allow or deny protocols, ports, or IP addresses to stop web applications from being exploited

Masquerade is a disguise. In terms of communications security issues, a masquerade is a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it or to gain greater privileges than they are authorized for. A standard strategy to resist this kind of attack is to create innovative algorithms that can efficiently detect the suspicious actions, which could result in the detection of imposters.

The concept of IP spoofing decreased due to the demise of the services they exploited, spoofing can still be used and needs to be addressed by all security administrators. According to Jonathan Hassell can prevent IP spoofing and its related attacks from affecting your network: Use an access control list to deny private IP addresses on your downstream interface.

SMURF attack, when your machine sends this spoofed packet to the broadcast address, all of the computers on the network will respond to the victim computers. However, there are a number of steps you can take to prevent this type of attack. One way is to ensure that routers are configured not to forward direct broadcasts.

Land.c is a DoS attack in which an attacker sends a host a TCP SYN packet with the source and destination IP address set to the host’s IP address. The source and destination port numbers are the same as well. Upon receiving a SYN packet, the host responds with a SYN-ACK to itself. Having sent this packet, the TCP routine normally expects an ACK packet to complete the TCP handshake.

A Man-in-the-middle attack According to Computer Hope it is an attack where a user gets between the sender and receiver of information and sniffs any information being sent to prevent man-in the-middle attacks we have to implement security and awareness training to ensure that our employees are not connecting to unsecure networks with their work devices.

Reference

http://www.applicure.com/solutions/prevent-denial-of-service-attacks

http://www.computerhope.com/jargon/m/mitma.htm

http://www.computerworld.com/article/2546050/network-security/the-top-five-ways-to-prevent-ip-spoofing.html