DoS, DDos and DeOS… Oh My!!

In the security industry, we classify our security infrastructure in a variety of ways. One important classification method is called the “CIA Triad,” which refers to three security objectives defined by the Federal Information Security Management Act (FISMA). These three objectives are Confidentiality, Integrity and Availability. The goal of any information security team is to protect against these three objectives, and the goal of an attacker is to compromise one or more of these objectives.

An attack on confidentiality, as defined by FISMA, is “the unauthorized disclosure of information.” An attack on integrity is “the unauthorized modification or destruction of information.” An attack on availability is “the disruption of access to or use of information or an information system.”

In my own estimation as a subject matter expert, a majority of people consider attacks against our confidentiality and integrity our greatest threat. While there are very real and very damaging attacks against our data confidentiality and data integrity, threats against our information and system availability can cause greater damage of epic proportions. The consequences of attacks against information and system availability may potentially cause businesses around the world to cease operations for good. We call this attack on availability a “Denial of Service” (DoS).

According to Radware, the first DoS occurred in 1974 from one machine to 31 victim computers and forced them to reboot simultaneously. In just over 40 years, we’ve gone from single device DoS attacks to Distributed DoS (DDoS). DDoS consists of hundreds of thousands of unknowing participants, called a “botnet,” that attacks victims simultaneously. The most notable and perhaps largest DDoS attack in history was the 2016 attack against the managed DNS provider, DYN. DNS services were made unavailable on the East Coast of the United States for several hours on October 21, 2016, due to an unconfirmed, but staggering, 1.2 Tbps stream of data against the popular DNS provider. As a result, major websites (like Amazon.com) were unavailable to users on the East Coast until the threat was neutralized.

Due to the ever-increasing number of unsecured internet devices, commonly referred to as the “Internet of Things” (IoT), the risk of larger and larger DDoS attacks continues to grow. Cisco predicts this growth of unsecured IoT coupled with poor incident response will result in a new kind of DoS known as “Destruction of Service” (DeOS).

DeOS is defined as a DDoS that “could eliminate organizations’ backups and safety nets, required to restore systems and data after an attack…leaving businesses with no way to recover.” As the IoT continues to grow exponentially, some even hypothesize that attackers are already building botnets that could be used to take down the internet itself.

There is no easy solution for this, and a perfect resolution would involve the participation of the endpoints (organizations), the internet infrastructure (ISPs), hardware manufacturers and government regulation. Organizations that are the endpoints for the internet need to focus on response time. The faster we detect these attacks, the less damage they cause, which allows for a better recovery. The internet infrastructure, managed by the various ISPs, needs to scan for potential DDoS attacks and assist in mitigating them before they reach the endpoint. Device manufacturers need to focus on developing more secure devices that can resist the breaches that create the botnets. Finally, governments need to develop regulations that provide incentives for all of the above to occur.

The more knowledgeable and aware our employees are will have a direct impact on our ability to adequately respond to these attacks. It will also allow our businesses to make wiser decisions regarding which devices to incorporate into the network infrastructure. This means choosing devices that increase our security rather than leaving it vulnerable. A better understanding of network security is an integral component of an organization’s training strategy as we prepare for this ever-growing threat against our infrastructure. Our complete cybersecurity portfolio is available to help you shape your strategy.

Related Courses

CompTIA Security+ Prep Course

CompTIA Advanced Security Practitioner (CASP) Prep Course

Certified Ethical Hacker v9

 

Subscribe

Never miss another article. Sign up for our newsletter.

In this article

Join the Conversation