Treacherous 12 Part 11: Denial of Service
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Treacherous 12, number 11, denial-of-service.
00:00
In this lesson, we're going to talk about
00:00
the risks of denial of
00:00
service attacks as well as
00:00
distributed denial-of-service attacks,
00:00
the impact that these types of attacks can have,
00:00
and the main techniques and
00:00
strategies to minimize the risks
00:00
of denial of service attacks.
00:00
Denial of service attacks are
00:00
those that basically leverage
00:00
the mechanisms computers use to
00:00
communicate in order to overwhelm
00:00
a cloud-based system or any system for
00:00
that matter to render it unavailable,
00:00
or unusable because of the latency and speed of
00:00
reaction and performance has
00:00
reached an unacceptable level.
00:00
A distributed denial of service attack is when
00:00
an attacker leverages multiple computers or
00:00
different devices all together in
00:00
a coordinated manner to produce
00:00
subtle an amount of traffic that
00:00
it makes it a Cloud provider unavailable.
00:00
Availability is the main impact
00:00
of denial-of-service attacks,
00:00
they can really damage
00:00
an organization's reputation because
00:00
the impact is immediately
00:00
felt by customers who can't access their data,
00:00
they can't use the applications correctly.
00:00
This can have a major impact,
00:00
not just on the performance of the application,
00:00
but some denial of service attacks are done at
00:00
a low level to hurt in an organization slowly over time.
00:00
They do this by especially startups,
00:00
if they are subjected to
00:00
really just a low-level of denial of
00:00
service over a lumpy or time,
00:00
it can drive up their costs associated with
00:00
their Cloud resources as well as the human capital cost.
00:00
People and administrators have to be reacting
00:00
to this excess traffic
00:00
and figuring out how to deal with it.
00:00
They can't focus on
00:00
the primary responsibilities they have
00:00
for maintaining the Cloud services.
00:00
The largest denial of service attack to date was in
00:00
2020 against Amazon Web Services when
00:00
2.3 terabits per second of information or
00:00
being blasted against the AWS Services
00:00
in this denial of service attack.
00:00
That is a tremendous amount of information.
00:00
Now how do you protect against denial of service?
00:00
Well, first and foremost,
00:00
you have to have effective monitoring over your network
00:00
to determine that traffic to detect
00:00
high levels of incoming traffic
00:00
that are charismatic or characteristic,
00:00
I should say, of a denial of service or
00:00
distributed denial of service attack.
00:00
Having these effective alert strategy is
00:00
really based on effective baselining of your network and
00:00
understanding what is normal and what is abnormal so that
00:00
the cloud administrators can quickly react to try
00:00
and block that traffic or shunted off to another source.
00:00
Most major cloud service providers
00:00
have denial of service or
00:00
DDoS mitigations in place
00:00
to protect their Cloud infrastructure,
00:00
although it does still happen.
00:00
Another thing that's very important,
00:00
we've talked about this before,
00:00
that you need to have effective
00:00
Cloud application security testing
00:00
to ensure that there
00:00
aren't misconfigurations that enable a DoS
00:00
or DDoS attack to be
00:00
launched against your Cloud application.
00:00
Quiz question, how many terabit per
00:00
second was the largest DDoS attack ever recorded?
00:00
1.35, 2.3, or 4.3.
00:00
If you said 2.3, you're correct,
00:00
that was the number of terabits per
00:00
second against AWS in 2020.
00:00
The second largest denial-of-service attack
00:00
was number 1 of 1.35 terabits per second,
00:00
and that was done against GitHub.
00:00
Now, with a number of unprotected
00:00
>> IoT devices out there,
00:00
>> it is theoretically possible that we could see
00:00
a massive future distributed denial
00:00
of service attack that leverages an even larger botnet,
00:00
a connection of subordinate machines to an attacker
00:00
that could produce a
00:00
>> 4.3 Terabit per second DDoS attack.
00:00
>> I certainly hope we don't see that anytime soon.
00:00
In summary, we talked about
00:00
the threat of denial of service,
00:00
the security impact of denial of service
00:00
and distributed denial of service attacks,
00:00
and the main methods to address
00:00
the rest of denial of service.
00:00
All right. I'll see you in the next module.
Up Next
Instructed By
Similar Content
