Protect your Web site

Distributors can learn from highly publicized "denial of service" attacks

By -- Industrial Distribution, 8/1/2000

Earlier this year numerous popular Web sites, including Amazon.com, Yahoo, Zdnet.com, EBay.com and CNN.com, were temporarily shut down in highly publicized denial of service (DOS) attacks.

To be successful, a DOS attacker doesn't need to penetrate a Web site, but merely to overwhelm it with more traffic than it can handle. In practice, a DOS attack is analogous to maliciously dialing the same phone number repeatedly so that legitimate calls are unable to get through.

While DOS attacks are not overtly destructive, in that no data is destroyed, the crippling of a Web site can seriously harm its owners through lost revenue. And computer security experts say the implications are unsettling because in a distributed denial of service (DDOS) attack dozens of computers are used as unsuspecting "slaves" to bombard the "target site."

According to Internet Security Systems (www.iss.net), an international computer security company based in Atlanta, Ga., "When dealing with distributed denial of service attacks there is no way for you to be able to stop them at your network. These attacks end up being a war of bandwidth and the attacker is likely to win that battle because of the distributed components."

In the CNN.com attack, for example, more than 100 computers-many of them located at colleges and universities-were used in the assault without the knowledge of IT personnel at the involved institutions.

And if hackers can remotely penetrate these computers to install programs to assault their victims, they can just as easily copy or delete data, collect passwords or carry out virtually any operation they choose on the unsuspecting "slaves."

To date, DOS attackers have primarily concentrated on prestigious targets. But there is no reason why even the most obscure Web site run by the smallest distributor could not just as easily fall prey to a hacker.

Fortunately, as part of the ongoing cyberwar between the "bad" guys and the "good" guys, counter-measures exist to detect and ameliorate, if not totally eliminate, the possibility of a DOS attack.

In its "Denial of Service FAQ" (www.iss.net/news/denialfaq.php) ISS points out that there are several hardware/software solutions that can minimize the effect of these attacks and offer a modicum of protection. These include:

• Firewalls. Your first line of defense, a firewall defines legal connections, helps prevent intrusion and is capable of keeping detailed logs on suspicious activity.

• Scanners. When it comes to DDOS, the value of a scanning program is two-fold. First of all, it will scan your network for vulnerabilities and tell you how to fix them. And secondly, it will scan your network for existing back doors and DDOS agents so that you will be able to remove them.

• Intrusion Detection System. An IDS is like an alarm system. It analyzes all the data packets that go to a network segment or a host and looks for anyone trying to scan your network or exploit a vulnerability. An IDS can be set to automatically respond to any signs of danger.

But before you experience a DOS attack, send your comments to harper.d@att.net.