Free Internet Security

There are almost seven different kinds of denial of service or DoS attacks.

To prevent or block a denial of service attacks its extremely important to identify its type.

Only after correctly identifying the nature and mechanism of attack it is possible for you to block or prevent that attack.

Below are some general procedures that would help you prevent Denial of Service (DoS) attacks.

1.    Define a comprehensive security policy for your network and take all possible and necessary measure to implement that policy.

2.    Work with your Internet service provider to filter out bad content and requests even before they reach your servers. Use clean pipe techniques. Under this mechanism only the valid packets are allowed to reach the servers. Companies such as VeriSign are giving these services.

3.    Protect your network with a firewall that has the capability to ingress and egress filtering at the gateway level. Firewalls are an effective solution because they have the ability of allowing or denying protocols,  IP addresses and ports.

4.    By deploying and using router filters your can limit the denial of service attacks. Most of the modern routers have  ACL and rate limiting capabilities. You can also define the limiting rules manually. These routers also allow you to limit the rate of inbound and outbound requests, TCP splicing , deep packet inspection and traffic shaping features are also available.

5.    The best defense against denial of service attacks is an intrusion detection and prevention system. Intrusion prevention systems have the ability to detect and block both anonymous and signature based attacks. Intelligent and modern intrusion prevention systems have extreme processing capabilities that help that detect and block behavioral attacks and the attacks which have a legitimate and legal content but with a bad intent.

6.    Gain maximum protection by using the proactive protection methods. Use simulated denial of service attack techniques to verify the authenticity and integrity of your security policy and defensive mechanisms.

7.    Use blackholing and sink holing techniques at the ISP level to prevent denial of service attacks. In blackholing all the traffic and requests intended for the victimized machine are redirected to a non existing server or a null interface. Sink holing works in same way, but it redirects these packets to a valid server that analyzes and rejects only the bad packets. The good ones are sent again to the original server.