Skip to main content

Search Shelves Books Log in

Details

Revision #1

Created 1 year ago by naruzkurai

Updated 1 year ago by naruzkurai

Actions

Revisions

Export

Contained Web File.html
PDF File.pdf
Plain Text File.txt
Markdown File.md

Book Navigation

[Completed] Professional Google Cybersecurity Specialization C3/8; Connect and Protect: Networks and Network Security
getting started & introduction to networks
Network Communication
Introduction to network protocols
Firewalls and network security measures
Introduction to intrusion tactics
Security hardning
how to read a tcpdump
network hardening
Course wrap-up; Glossary Cybersecurity Course 3

Books

[Completed] Profession...

Introduction to intrus...

Denial of Service (DoS...

Denial of Service (DoS) attacks

Welcome back. In this video,

we're going to discuss denial of service attacks.

A denial of service attack is

an attack that targets a network or server

and floods it with network traffic.

The objective of a denial of service attack,

or a DoS attack, is to disrupt

normal business operations by

overloading an organization's network.

The goal of the attack is to send

so much information to a network device

that it crashes or is

unable to respond to legitimate users.

This means that the organization won't

be able to conduct their normal business operations,

which can cost them money and time.

A network crash can also leave them

vulnerable to other security threats and attacks.

A distributed denial of service attack, or DDoS,

is a kind of DoS attack that uses

multiple devices or servers in

different locations to flood

the target network with unwanted traffic.

Use of numerous devices makes it more likely that

the total amount of traffic

sent will overwhelm the target server.

Remember, DoS stands for denial of service.

So it doesn't matter what part

of the network the attacker overloads;

if they overload anything, they win.

An unfortunate example I've

seen is an attacker who crafted

a very careful packet that caused

a router to spend extra time processing the request.

The overall traffic volume didn't overload the router;

the specifics within the packet did.

Now we'll discuss network level DoS attacks

that target network bandwidth to slow traffic.

Let's learn about three common network level DoS attacks.

The first is called a SYN flood attack.

A SYN flood attack is a type of

DoS attack that simulates the TCP connection

and floods the server with SYN packets.

Let's break this definition down a bit

more by taking a closer look at

the handshake process that is used to establish

a TCP connection between a device and a server.

The first step in the handshake is for the device to send

a SYN, or synchronize, request to the server.

Then, the server responds with

a SYN/ACK packet to

acknowledge the receipt of the device's request

and leaves a port open for

the final step of the handshake.

Once the server receives

the final ACK packet from the device,

a TCP connection is established.

Malicious actors can take advantage of the protocol by

flooding a server with

SYN packet requests for the first part of the handshake.

But if the number of SYN requests is

larger than the number of available ports on the server,

then the server will be overwhelmed

and become unable to function.

Let's discuss two other common DoS attacks

that use another protocol called ICMP.

ICMP stands for Internet Control Message Protocol.

ICMP is an internet protocol used by devices

to tell each other about

data transmission errors across the network.

Think of ICMP like a request

for a status update from a device.

The device will return

error messages if there is a network concern.

You can think of this like

the ICMP request checking in with

the device to make sure that all is well.

An ICMP flood attack

is a type of DoS attack performed by an attacker

repeatedly sending ICMP packets to a network server.

This forces the server to send an ICMP packet.

This eventually uses up all the bandwidth for incoming

and outgoing traffic and causes the server to crash.

Both of the attacks we've discussed so far,

SYN flood and ICMP flood,

take advantage of communication protocols

by sending an overwhelming number of requests.

There are also attacks that can overwhelm

the server with one big request.

One example that we'll discuss

is called the ping of death.

A ping of death attack is

a type of DoS attack that is caused when a hacker

pings a system by sending it

an oversized ICMP packet

that is bigger than 64 kilobytes,

the maximum size for a correctly formed ICMP packet.

Pinging a vulnerable network server with

an oversized ICMP packet

will overload the system and cause it to crash.

Think of this like dropping a rock on a small anthill.

Each individual ant can carry a certain amount of

weight while transporting food to and from the anthill.

But if a large rock is dropped on the anthill,

then many ants will be crushed, and the colony is unable to

function until it rebuilds its operations elsewhere.

Now that's it for DoS and DDoS attacks.

Coming up, we'll continue to

discuss common network attacks.

No Comments

Back to top

Introduction to Course 3 + course 3 overview

Glossary Cybersecurity

Welcome to week 1

Chris: My path to cybersecurity

What are networks?

Tina: Working in network security

Emmanuel: Useful skills for network security

tech enthusiest reminder

Network tools

Network components, devices, and diagrams

Cloud networks

Cloud networks

Introduction to network communication

The TCP/IP model

The four layers of the TCP/IP model

Learn more about the TCP/IP model

The OSI model

Local and wide network communication

Components of network layer communication

Wrap-up

Glossary terms from Course 3, Week 1

Welcome to week 2, Network potocols

Common network protocols

Additional network protocols

Antara: Working in network security

Wireless protocols, The evolution of wireless security protocols

Firewalls and network security measures

Virtual private networks (VPNs)

Security zones

Subnetting and CIDR

Proxy servers

Virtual networks and privacy

Glossary terms from week 2

Course 3 resources and citations

The case for securing networks

Matt: A professional on dealing with attacks

Denial of Service (DoS) attacks

Read tcpdump logs

Real-life DDoS attack

Malicious packet sniffing

IP Spoofing

Overview of interception tactics

Glossary terms from week 3 & wrap-up

temp

Introduction to security hardening

OS hardening practices

Brute force attacks and OS hardening

Network hardening practices

Network security applications

Kelsey: Cloud security explained

Security hardening Wrap-up & Glossary terms from week 4

Cloud Hardening

Denial of Service (DoS) attacks

No Comments