How to protect your network from cyber-attacks

By Tim Cronin

There are three measures network administrators can take to avoid the types of network attacks that plagued US and South Korean websites including www.whitehouse.gov, NASDAQ, NYSE, Yahoo!’s financial page and the Washington Post. The three areas to focus on are network based mitigation, host based mitigation and proactive measures.

Network based mitigation:

• Install IDS/IPS with the ability to track floods (such as SYN, ICMP etc.)
• Install a firewall that has the ability to drop packets rather than have them reach the internal server. The nature of a web server is such that you will allow HTTP to the server from the Internet.  You will need to monitor your server to know where to block traffic.
• Have contact numbers for your ISP’s Emergency Management Team (or Response team, or the team that is able to respond to such an event).  You will need to contact them in order to prevent the attack from reaching your network’s perimeter in the first place.

Host based mitigation:

• Ensure that HTTP open sessions time out at a reasonable time.  When under attack, you will want to reduce this number.
• Ensure that TCP also time out at a reasonable time.
• Install a host-based firewall to prevent HTTP threads from spawning for attack packets

Proactive measures:

• For those with the knowhow, it would be possible to “fight back” with programs that can neutralize the threat. This method is used mostly by networks that are under constant attack such as government sites.

Tags: cyber-attacks, Host based mitigation, HTTP, IDS/IPS, Network based mitigation, Proactive measures, TCP