Denial-of-service Attacks - Essay Example

?Denial-of-service Attacks As the technological improvement is bringing more and more people benefit from them, there are some other people misusing these technologies. Computers and internet provide a platform to the users for transferring data, communication and ease of recording, executing and evaluating information. There are some users who create hurdles for others sometimes for fun purposes or to de-motivate users from working with a particular service or website. These people misuse the knowledge and worsen the reputation of certain organizations in the technological world. There are a number of network activities which people carry out in order to prevent users from working with a particular website or virtual organization effectively. Denial-of-service attacks are not a new phenomenon in the technological industry. These attacks are launched to slowdown or affect the smooth running of a particular website. These attacks are really troublesome for the users who have an immediate need to launch a website and retrieve information or process a transaction online (Morley & Parker 2009, pp. 383-384). Such attacks are, hence, widely discussed by researchers and the debate relating to the causes, effects and prevention of such attacks has been continuously given attention. This paper aims to analyze the causes, effects and reasons behind denial-of-service attacks. Denial-of-attack refers to a situation created by an attacker with an aim to stop or make difficult for the legitimate users from accessing the information they require or using services offered online (Komar et. Al., 2003, p. 99). An attacker may affect the performance of the network or the computer system of the user or the computers and network of the website that the user is trying to get access to (Zhang, Zheng & Ma 2008 p. 588). An attacker may be able to stop users from getting access to the emails, chat databases, websites, online services like banking, online educational websites etc and so on (Vacca 2007 p. 238). It is important to understand the ways in which an attacker manipulates or worsens the situation of the network and its working abilities. The most common method used by attackers of Denial-of-service attack is the use of massive amounts of information to slow down the network. The ‘flood’ of information or massive requests for access to a site for viewing the information uploaded there, prevents a number of legitimate users from gaining access (Das & Gulati 2004, p. 214). Servers are designed to process a limited number of access requests or information and the attacker makes it impossible for the legitimate users to gain access by sending fake requests (Jia & Zhou 2005, p. 267). This act by the attacker is a denial-of-service attack as it prevents people from accessing the website. Spam emails also act as denial-of-service attack. The spammer uses software and programs to send massive amounts of email on the email address of a user. These massive emails fill up the space given to the email account holder and the user becomes unable to receive the legitimate emails which are of importance to him (Ghosh & Turrini 2010, p. 277). A distributed denial-of-service (DDoS) attack refers to the attack which is not limited to affect the system or website form a single space or place but has its route spread over different networks. Attackers accesses or attacks form a large number of locations which make it more difficult for the server even the protected server to block fake invitations. The compromised systems (i.e. those systems which are infected by Trojan horse or a worm or hacked by the attacker) are controlled by the attacker using client-server software and are forced to pass out massive amounts of data, information, access requests or emails through the infected computers. The use of multiple computers to attack any website or particular email address makes it difficult for the server or DoS preventing systems to identify the fake or illegitimate requests or information (Anton et. Al. 2003). The IP addresses, internet services and other information about each user in DDoS are different which make it problematic to be handled. The devastating effects of DoS to the user do not seem to bring any advantages for the attackers. What actually motivates the attackers to use DoS attack? This question is a bit difficult to answer yet informative. The attacker may not be fairly treated at the workplace which motivated him to take a revenge by getting the organization in a misery of data loss or slowed down networks. Similarly, a person creating problem has the ability to resolve it. The attacker may be working for an organization or network and may simply resolve a self created issue for the sake of bonus, further remuneration or appreciation (Bidgoli 2004, p. 425). DoS attacks are also sometimes attempted to publicize an issue or motive. An example of a political motivation is WANK (Worms Against Nuclear Killers) worm, which was spread widely to protest. DoS attackers also aim to take over their competitors and in order to achieve this aim, they take over the official websites or chat channels for instance, to promote their own business or chat channel (Bidgoli 2006, p. 208). There are no certain ways to avoid the threats of DoS or DDoS completely. However some preventive measures may reduce the likelihood of these attacks on users’ computer systems and information security. Installing antivirus software helps in combating Trojan and worms. This software is available online as well as on CDs in the CD stores everywhere around the world. The use of firewall to restrict the data traffic in and out of the computer ensures that massive amounts of data and files are not received on the computer system which may affect the efficiency of the computer (Goodman et. Al. 2007, p. 59). Security procedures to reduce spam emails are also useful in reducing the chances of troublesome situations due to DDoS and hackers. The most common email service providers like yahoo and hotmail provide these facilities to control or reduce spam emails. These do not ensure 100% security, yet are beneficial. There are a number of ways in which an attack can be identified by the users. It is, however, difficult to identify the DoS form other network problems which relate to technical faults. It must be well understood that disruptions are not always due to DoS attack. However, an extraordinarily slow performance of the network in retrieving files or opening a web page indicates towards the DoS attack. The inaccessibility to a web page or unavailability of a website also point towards the issue of DoS attack. Moreover, unusually high number of spam emails may also be a DoS attack (Andrews & Whittaker 2006 p. 113). There are many other indications like reduced speed of the system, failure to open personal files, loss of important data, failure to login due to password errors and so on. Once identified, the issues arising from DoS attacks should be encountered properly. Ignorance to such attacks may result in loss of important data, information, damages to computer hardware and software, hacking of website and so on. To avoid these worst situations, the user must contact the internet service provider (ISP) to seek advice on how to handle such situations. The identification or assurance that a denial-of-service attack does exist does not resolve the problem in itself. There is a need to curb this issue by either reinstalling the infected software, using antivirus checks or properly running the whole setup of the system or network again. These steps may probably reduce or eliminate the risks but still are not an assurance of preventing such attacks in future. The technological advancements have brought much ease and flexibility in the working environments and lives of people. The e-business environment is also widely spread and used today. The online shopping, learning and social networking has been widely spread and common use techniques for people. However, with the positive steps taken to make the lives easier for people, there are other groups which pursue their own aims by destructing others’ programs, software and data. These groups have the aim to be known, achieve their political aims of condemning any act, taking revenge against an individual, organization or website and so on. All these motives enable and encourage the attackers to use DoS attacks on others. DoS attacks are difficult to identify but to resolve the issues that they create are even more difficult. DoS and specially DDoS are complex structures of network which makes if impossible sometimes, to control the massive data and traffic that the attacker sends. However, the use of software, programs and safety principles and options available to people by the websites and computers may help in reducing the instances of DoS attacks. The data stored and computer hardware and software may be saved from DoS instances using such measures. There is, however, no certain measure to eliminate the risk completely. I personally believe that DoS may have dreadful implications and should be avoided by not visiting websites which are unprotected by antivirus. The files from unknown senders should to be accepted in order to avoid hacking and loss of personal information which may end up creating risks of DoS attacks. Moreover, office computers and organizational websites should be protected by passwords and IT department must be competent enough to secure the data and information on the website from hackers, DoS attackers and outside users. Bibliography: Morley, Deborah, and Charles S. Parker. Understanding Computers: Today and Tomorrow : Comprehensive. Cambridge, Mass: Course Technology, 2009. Print. Komar, Brian, Ronald Beekelaar, and Joern Wettern.Firewalls for Dummies. --For dummies. New York: Wiley Pub, 2003. Print. Zhang, Yan, Jun Zheng, and Miao Ma. Handbook of Research on Wireless Security. Hershey, PA: Information Science Reference, 2008. Print. Vacca, John R. Practical Internet Security. New York, NY: Springer, 2007. Internet resource. Das, Gautam, and V P. Gulati. Intelligent Information Technology: 7th International Conference on Information Technology, Cit 2004, Hyderabad, India, December 20-23, 2004 ; Proceedings. Berlin: Springer, 2004. Internet resource. Jia, Weijia, and Wanlei Zhou. Distributed Network Systems: From Concepts to Implementations. New York: Springer, 2005. Internet resource. Ghosh, Sumit, and Elliot Turrini. Cybercrimes: A Multidisciplinary Analysis. Berlin: Springer, 2010. Internet resource. Anto?n, Philip S. Finding and Fixing Vulnerabilities in Information Systems: The Vulnerability Assessment & Mitigation Methodology. Santa Monica, CA: Rand, 2003. Internet resource. Bidgoli, Hossein. The Internet Encyclopedia: Volume 2. Hoboken, N.J: John Wiley & Sons, 2004. Internet resource. Bidgoli, Hossein. Handbook of Information Security Volume 3. Hoboken: John Wiley & Sons, Inc, 2006. Internet resource. Goodman, Seymour E, and Herbert Lin. Toward a Safer and More Secure Cyberspace. Washington, DC: National Academies Press, 2007. Print. Andrews, Mike, and James A. Whittaker. How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Upper Saddle River, NJ: Addison-Wesley, 2006. Print. Read More