This research report investigated the potential risks from DoS (Denial of Service) attacks
faced by SMEs (Small to Medium-sized Enterprises) that have an online presence. From the
examination of case studies, reports, global surveys, and discussions with IT professionals
this report evaluates which DoS attacks are the most prolific, and which DoS threats
organisations need to secure against. From the results of the investigation it can be seen that
the potential risk of becoming the target of a DoS attack continues to pose a significant threat
to an organisation regardless of the size. It was evident from the results of the initial research
that further investigation was required to evaluate which DoS threat were of most concern to
SMEs (Small to Medium sized Enterprises). Through practical experimentation in a
controlled network laboratory environment, a number of DoS attacks that are of current
concern to SMEs were investigated, the main purpose of this investigation was to evaluate
appropriate mitigation strategies to secure against the identified DoS attacks. This report
concludes by highlighting that SMEs may be susceptible to well-known DoS attacks when
deploying network hardware in default configuration, and by identifying the appropriate DoS
mitigation options available to network and security administrators associated with SMEs.
The conclusion also shows how these DoS mitigation options can be practically applied to the
type of network hardware typically deployed in a SME environment.
Table of Contents
1. Introduction
1.1 Background to the problem/issue
1.2 Justification for the research
1.3 Aim and objectives
1.4 Scope of the research
1.5 Outline of the dissertation
2 Research definition
2.1 The practical problem/issue
2.2 Existing relevant knowledge
2.2.1 Well known DoS attacks
2.2.2 Communications standards and protocols
2.2.3 DoS mitigation and access control considerations
2.2.4 Summarising the existing body of knowledge
2.3 Research questions
3 Proposed methodology
3.1 Methods and techniques selected
3.2 Justification
3.3 Research procedures
3.3.1 The personal interviews
3.3.2 The online survey
3.3.3 The practical experiments
3.4 Ethical considerations
4 Analysis and interpretation
4.1 Summary of data collected
4.2 Data analysis
4.2.1 The interview phase
4.2.2 The Online survey
4.2.3 DoS experiments using the test network
4.3 Interpretation in relation to the research questions
4.4 Interpretation in relation to the research aim
5 Conclusions
5.1 Conclusions about the research questions
5.1.1 Research question 1
5.1.2 Research question 2
5.1.3 Research question 3
5.1.4 Research question 4
5.2 Conclusions about the research aim
5.3 Further work
5.4 Implications of the research
5.5 Reflection on the experience of the research process
Research Goals and Themes
This dissertation investigates the risks posed by Denial of Service (DoS) attacks to Small to Medium-sized Enterprises (SMEs) with an online presence, focusing on evaluating effective mitigation strategies through practical experimentation in a controlled network environment.
- Identification of common DoS attack mechanisms and their threat levels to SMEs.
- Evaluation of network hardware resilience when using default vs. hardened configurations.
- Assessment of current SME knowledge and practices regarding DoS security and recovery.
- Development of actionable mitigation recommendations for network administrators.
Excerpt from the Book
TCP SYN Flood
During the TCP SYN flood attack the Wireshark protocol analyser was able to intercept and display malicious TCP packets as they were passed through the router and on to the web server on the LAN. Figure 4.11 shows the packet capture session on Wireshark which shows an abnormally large amount of TCP SYN packets being received by the target host. The results from these tests indicate that the router was not preconfigured to mitigate TCP SYN flood DoS attacks, and was passing the malicious traffic onto LAN segment. The second phase of the tests was carried out after the router was configured with an ACL using the ‘established’ command. The results from the second set of tests indicated that malicious TCP packets were not being passed through the router interface and entering the LAN. Closer inspection of the router logs identified that malicious TCP packets were being filtered by the ACL to prevent ingress to the LAN.
Summary of Chapters
1. Introduction: This chapter establishes the nature of DoS threats, explains the background of networked security, and outlines the justification, aim, and objectives of the research.
2 Research definition: This chapter examines existing literature on well-known DoS attacks, relevant network protocols, and sets out the core research questions.
3 Proposed methodology: This chapter details the research methods and techniques, including personal interviews, online surveys, and the design of a laboratory-based testing environment.
4 Analysis and interpretation: This chapter presents the collected data from interviews, surveys, and experimental network tests, followed by an interpretation in relation to the research questions.
5 Conclusions: This chapter summarizes the findings regarding the research questions, discusses the implications for SMEs, suggests areas for further work, and provides the author's reflection on the research process.
Keywords
Denial of Service, DoS, DDoS, SME, Network Security, Mitigation Strategies, TCP SYN Flood, IP Spoofing, ICMP Flood, MAC Flood, Access Control Lists, Network Routers, Network Switches, Wireless LAN, Cyber Security
Frequently Asked Questions
What is the primary focus of this research?
The research focuses on investigating DoS attack risks for SMEs and identifying practical mitigation strategies that network administrators can implement.
What are the main thematic areas covered?
Key areas include the nature of DoS/DDoS attacks, network hardware security configurations, SME-specific security awareness, and the practical implementation of defense mechanisms like ACLs.
What is the main objective of this study?
The aim is to investigate known DoS mechanisms and propose appropriate mitigation strategies that are useful for networking and security administrators in SMEs.
Which methodology was employed for this research?
The research uses a mixed-methods approach: unstructured and semi-structured interviews with IT professionals, an online survey of SMEs, and controlled laboratory experiments using network hardware.
What does the main body of the work cover?
It covers theoretical background on DoS, the design of a testing environment, empirical analysis of data gathered from surveys, and practical testing of mitigation options like IP filtering and port security.
What key terms characterize this work?
The work is characterized by terms such as Denial of Service (DoS), mitigation strategies, SMEs, TCP/IP, and network infrastructure security.
How do SMEs typically view DoS security?
The study finds that while many SMEs are aware of DoS risks, they often lack deep technical knowledge of how to configure network hardware to defend against them, frequently assuming default configurations are sufficient.
Are network devices pre-configured for DoS defense?
The research demonstrates that most routers and switches are not fully pre-configured to mitigate the tested DoS attacks, requiring manual implementation of security settings like ACLs or port-security features.
- Citar trabajo
- Andy Reed (Autor), 2012, Identifying Denial of Service attacks and appropriate mitigation strategies for Small to Medium Sized Enterprises, Múnich, GRIN Verlag, https://www.grin.com/document/268906
