free-articles-zone.com

תפריט Free Articles
Free Articles  Homepage
Free Articles  FAQ's
Free Articles  Most Viewed
Free Articles  Expert Authors
Free Articles  Authors
Free Articles  About us
Free Articles  Blog
Free Articles  Contact us
Free Articles  Link to us
Free Articles  Privacy Policy
Free Articles  Links
Free Articles  Recent Articles

Free Articles Authors
Free Articles Login  Login
Free Articles Zone  Submit an Article
Free Articles Advantages  Advantages
Terms of Service  Terms of Service
Open a free account  Open a free account
Editorial Guidelines  Editorial Guidelines

Publishers Zone
Free Articles Zone  Terms of service
Free Articles Zone  Free Articles RSS Recent articles RSS

מאמרים
Free Articles


Free Articles DB search

The Internet doesn't need Bunkers

Category: Internet and Online Businesses  >>  Security

By Michael (Micha) Shafir   [ 26/10/2007 ]
 | [ viewed 237 times ] Article word count: 1292  

Publishing Free Articles Zone articles is subject to our Publisher's Terms Of Service

 Add to Favorites
 Email to a friend
 Publish this Article
 Print this article
 Article direct link
 email Article Author
 Report this article
                                                                                         


Hostile Attacks:
In recent months more and more web site owners and content publishers have seen their sites coming under attack by hostile individuals and organizations and are actively seeking an effective defense. Microsoft itself came under attack after a widely publicized failure of its DNS system, and not for the first time. Attacks are common not only against large commercial sites, but also against government and university sites. For commercial reasons not all of them are reported, but any regular visitor to the relevant forums and newsgroups knows how many take place.

So what is a DoS attack? It's like a crowd in a stadium panicking and trying to get out through one gate. Because of the crush the gate clogs up and very few succeed in getting through. Even if the gate is wide, the number getting through is small compared to the number that could pass if there was more order and less jostling and pushing. This is what happens on the Internet during a Denial of Service attack. It
can also happen naturally, as when Valentines Day 2001 saw the major greeting card sites, Hallmark, American Greetings and eGreetings experience downtime as star-struck surfers stormed the servers. An earlier example was during the Far East stock market crash in late 90's, when investors rushing to unload their stock found the brokerage sites blocked and down for hours because of the huge surge. Many of us
would like to think that the firewall will take care of all this, but unfortunately it doesn't, so first of all let's try and see how an attack on a protected site takes place.

New Types of Attack:
A firewall is supposed to protect a site from unauthorized entry. But for this to happen, the unauthorized entrant (in this case, the HTTP request) has to arrive at the firewall, be challenged, and then rejected and flung out into cyberspace. A huge number arriving floods the entrance to the firewall, clogging up the available bandwidth and leaving no room for authorized traffic. The attacking program has no
interest in getting to the content of the site, its only aim is to cause disruption by swamping the firewall with meaningless but properly "GET" structured packets that have to be accepted. When the crowd around the door is so great, even the one with the key can't get close to open it. On the face of it, protection against DoS attack
seems impossible. Every time an attack like this is made and after the damage has already been done, the FBI swings into action to find the culprits. If the motives were criminal and the attack was carried out from only one or two machines, the source can be found and the perpetrators traced. The problem is that because of the inability to
actually prevent the attacks, the incentive to carry them out is great. In the meantime, attacks have become more and more sophisticated. There is the story of the mystery attacker who placed a small program on a number of vulnerable computers available through the Internet, and on a certain day activated it from a computer in an Internet caf? and disappeared. The program, remotely triggered and operating in parallel from a large number of unsuspecting "zombie" machines, caused enormous damage to the victim companies (Yahoo and Amazon). This all went completely unnoticed by the owners of the computers, themselves unwitting accomplices to the crime who ended up being investigated by the authorities without knowing why. This type of attack is called a "Distributed Denial of Service" (DDoS).


The Firewall doesn't help:
Many participants in the various security forums still make the mistake of trying to classify Internet DoS attacks under the earlier and well-known categories of "intruding behavior" such as SYN flood, ACK flood, ICMP flood, UDP flood etc. These attacks take the form of a flood of identical packets which can be easily traced and eliminated by a "sensor" or a dumb firewall. The real nuisance is the fake GET
flood. This new type of attack floods the server with apparently real GET requests, which are repeated in rapid succession without waiting for a response. The firewall, which usually does a good job of keeping out unauthorized requests (as configured in advance during set-up), cannot tell whether the requests are real or fake as the attack source IP is constantly changing. Its operation is similar to a gatekeeper at
a stadium whose job is to allow entry only to ticket-holders. It does a good job at allowing them through if they arrive at a steady rate but is useless if too many arrive together or if more tickets have been sold than there are seats (GET Flood attack). Even those with tickets will be unable able to gain entry. This is more or less what
happens during overload or a DDOS attack, first the gateway becomes congested and then completely blocked, leaving everybody outside. Some of the recent studies of the problem have suggested installing "sensors" at the ISP, paid for by the site owners but positioned at the gateway to the routers. This moves the problem but doesn't solve
it, because during an attack the pressure on the firewall leads to the same Denial of Service result (for reasons which won't be gone into here).

The Great Wall of China:
The only effective response to DoS attacks is to create a "security zone" by building a protective wall at a distance from the site. If we return to the crowd metaphor, we could say that this is similar to a crowd forcing its way through a breach in the Great Wall of China. The crowd might plug up that particular entrance to China but none of the Chinese would notice and there would be anyway a number of alternative
points of entry into the country.

Global Network:
Geographical dispersion of servers isn't a solution and if your servers get clobbered then buying more of them won't solve the problem as there is no way to hide the pipeline access. In any event, the load balancer will simply distribute the attack to all the servers as the attack source IP is constantly changing. The defense network solution creates a protective buffer zone, a "global firewall", around
the subscriber site servers. The request routing system is capable of identifying the flood of legal but meaningless packets arising from the distributed attack and neutralizing them. New defense network architecture has been designed and programmed to isolate the temporary bottleneck in one unit and continue with the
operation of the other accelerators in the defense system. The transparency of the defense hardware allows it to masquerade as the real site and divert the users requests from the real server, which then accepts requests only from the accelerators. The site administrators are then free to increase security by frequent changes of the IP address, an ineffective measure today because of the time required to update the Domain Name servers with a resultant ten-fold increase in response speed compared to normal operation.. A further benefit is the ability to limit access to the site servers to the
accelerators alone, allowing site managers to make the HTTP and FTP services available through some other anonymous ports only. The large number of accelerators deployed around the world acts as a secure barrier to attacks on subscriber sites, which have no need to invest in extra equipment. The service allows free access and improved response times to users accessing the content through the defense hardware closest to them. The system architecture, based on proprietary hardware, is a true technological breakthrough, enabling simultaneous access by tens of millions of users to millions of sites.



Author:
Michael (Micha) Shafir
Direct: +972 544 837900
Mail@MichaShafir.com


About the author:
Michael (Micha) Shafir – CTO, Inventor, seasoned entrepreneur (RadWare, MagniFire, PonsEye, PonsHoldings - Technology Greenhouse, CrossID, Innovya)

Email: Micha@Innovya.com
Direct: +972 54 48379



Article Source: http://www.Free-Articles-Zone.com


Article tags: Internet, Hostile Attacks, DOS attack, DDOS, Firewall, IDS, IPS
 

     Recent articles about Security

     Most popular articles about Security

     More articles by Michael (Micha) Shafir
Recent article RSS  |  Business | Finance | Computers and Technology | Arts and Entertainment | Internet and Online Businesses | Health and Fitness | Self improvement | Sports and Recreation | Education and Reference | Fashion | Automotive | Legal | Home and Family | Travel | Food and Drink | News and Society | Shopping and Product Reviews | Communications | Insurance | Real Estate | Home Improvement | Pets | Cancer |
© 2008 All Rights Reserved. Free Articles | online marketing
Israel Travel | Israel Spa