What is a DoS (denial-of-service) attack? – IT Governance UK Blog

Denial-of-service (DoS) attacks are intended to shut down or severely disrupt an organisation’s systems. Unlike most cyber attacks, the goal isn’t to steal sensitive information but to frustrate the victim by knocking their website offline.

The criminal hacker therefore doesn’t profit from the attack, but the loss of service can cost the victim up to £35,000.

Why would an attacker be interested in doing this? Typically, it’s because they hold a grudge against the target – many DoS attacks are politically motivated – although some attacks are used to distract the victim as the attacker launches a more sophisticated attack to steal information.

How does a DoS attack work?

DoS attacks are hard to prevent, because in most cases they don’t exploit a vulnerability that an organisation can fix. Rather, attackers take advantage of the limitations of computer networks, overwhelming them until traffic is unable to be processed.

You can think of it like a traffic jam: roads are designed to enable a certain amount of traffic to pass through, but once they become overcrowded, cars must slow down or stop altogether.

That said, there are ways to mitigate the risk of some DoS attacks, as we explain below.

Types of DoS attack

There are two primary ways to conduct a DoS attack – flooding and crashing.

Flooding attacks are most common, and work by saturating the targeted server with packets. These are segments of data that you send to the organisation’s network when you interact with its website, which are then reassembled to perform tasks or load information.

If the network receives too many of these packets in a short period of time, the network struggles to reassemble the data. As a result, service will be disrupted or the website will be forced offline altogether.

Crashing attacks are less common. They exploit vulnerabilities in the organisation’s network, which has the same effect as flooding it with traffic.

DoS attacks versus DDoS attack

A related attack is DDoS (distributed denial of service). This works in the same way as a DoS attack, but uses multiple systems to launch a synchronised attack on a single target.

In other words, the attack isn’t coming from a single computer operated by the attacker but from several computers.

Cyber criminals do this with the help of a botnet, which is a series of infected Internet-connected devices that harvests their processing power.

As a result, DDoS attacks are far more powerful and sustained than a standard DoS attack.

DDoS attacks are also harder for the victim to identify, with malicious network traffic spread across locations and masked within legitimate traffic.

How do you know you’ve suffered a DoS attack?

The most obvious sign of a DoS attack is prolonged network problems. However, there are other signs to look out for:A higher volume of spam than normal;

• Sudden loss of connectivity across devices on the same network.
• Slow website performance, with pages failing to load.
• Staff being unable to open files stored on the network or when accessing websites.

How to prevent a DoS attack

It’s difficult to prevent DoS attacks, but there are steps you can take to mitigate the threat. Here are three ways to get started:

1. Increase your bandwidth

The simplest thing you can do is to buy more bandwidth. This enables you to handle a larger amount of traffic, reducing the risk of bottlenecks that could disrupt your service.

This is a particularly attractive solution to growing companies, as it also helps them process an increased amount of legitimate traffic and is something they might have to do eventually anyway.

The only downside is that increasing your bandwidth won’t protect you from crashing attacks, which exploit system weaknesses instead of flooding your server.

2. Build more complex servers

You should consider spreading your servers across multiple data centres to make it as hard as possible for cyber criminals to target you.

These servers should ideally be in different locations, either spread across different premises or in different countries altogether.

For this strategy to work, you’ll need a load balancing system to distribute traffic between servers.

Separating your servers this way means that criminals face an uphill task to flood your systems. Their attack may compromise one server, but the rest will be unaffected and should be capable of taking on at least some of the extra traffic.

3. Reconfigure your network hardware

You should adjust or strengthen your hardware configurations to reduce the risk of malicious traffic getting through.

For example, your network and web application firewalls can be modified to check incoming packets against predefined rules (such as allow/deny protocols, ports and IP addresses) and block incoming malicious traffic.

The best way to check how prepared you are for a DoS attack is with a penetration test. This is essentially a controlled form of hacking in which a professional tester uses the same techniques as a criminal hacker in an attempt to exploit your systems.

In this case, the tester will try to flood your systems or exploit vulnerabilities that cripple your servers.

Should they be successful, the tester will provide detailed notes on how the attack was possible and advice on how to mitigate the threat.

If that sounds like something you’re interested in, we recommend our Combined Infrastructure and Web Application Penetration Test.

One of our CREST-certified penetration testers will conduct a thorough examination of your networks, websites and web applications to determine how an attacker could target you and what you can do to stop them.

Want to know more? Download our free guide on penetration testing to understand how it works and the ways your organisation benefits.