Issue link: https://securitytechnologyexecutive.epubxp.com/i/118926
GET WITH IT By Kevin Beaver, CISSP How to Avoid Loss from DoS Building physical security resilience against Denial of Service attacks B ���A specific area of DoS that does not get the attention it deserves is the business risks associated with physical security systems ��� such as network-based access controls and IP video ��� being impacted by a DoS attack.��� ack in the days of network simplicity and limited computer functionality, DOS (Disk Operating System) was the big buzzword. Now the big buzzword in computing is a similar acronym that has an entirely different meaning: DoS, or Denial of Service, which is arguably one of the worst things for business today. A DoS attack is merely the result of someone exploiting the open nature of computers, networks and the Internet by inundating systems to the point where they cannot respond to legitimate requests. DoS attacks can be intentional or unintentional. They target processor utilization and network bandwidth and typically impact operating systems, web applications and network infrastructure devices. As simple as they seem on the surface, DoS attacks can create a load trouble for organizations that rely on their online presence to conduct business transactions. A specific area of DoS that does not get the attention it deserves is the business risks associated with physical security systems ��� such as network-based access controls and IP video ��� being impacted by a DoS attack. Have you thought about what would happen if such an attack hit this area of your business? A DoS attack against your physical security environment could be especially troublesome when it results in your inability to: Permit employee badge access into or within your campus; process visitors for temporary system access; view real-time video camera surveillance footage; and monitor for security alerts. Some say that DoS attacks only affect Internetfacing systems such as web servers, routers and Today���s Homework: Integrate physical security and DoS into your contingency plans DoS attacks are often set aside as ���one of those IT things��� that will be addressed when the time comes. Don���t take this approach ��� it is bad for your physical security environment and can be detrimental to your business. One of the most overlooked, yet valuable things you can do is to integrate DoS response procedures into your incident response and business continuity plans. DoS risk is a serious matter, not unlike malware infections, and deserves the proper attention and support from management. Look at your DoS risk as a whole and then drill down to see how your physical security systems would be impacted in the event of an attack. Finally, put reasonable controls in place to help minimize the impact and then document the steps needed to respond appropriately if a DoS attack occurs. 14 SECURITY TECHNOLOGY EXECUTIVE ��� April 2013 the like, but that is not true. Many systems considered ���internal��� can be directly affected if an Internet connection or WAN links to remote facilities slow to a crawl. For instance, you may be using cloud-based services for identity management, video logging or managed security services ��� these could all go away if the Internet is not accessible. There���s also remote access: How will users gain inbound access to the network if a DoS attack is being carried out, especially after hours when key personnel are offsite? Keep in mind that DoS attacks are not just inbound attacks that flood a network. Certain access control and video systems are directly accessible via the Internet, which means they can be directly exploited if they are misconfigured and unsecured. There are a lot of moving parts, but the fundamental issue is that physical security controls and processes are just another computer or application that must be protected. Unlike other network security vulnerabilities that may or may not be an issue, DoS is something that every business is susceptible to, all the time ��� all it takes is a criminal hacker to choose your business as a target. What can you do? First, be proactive and put controls in place on your network perimeter, such as tweaking existing routers and firewalls or using a Next-Generation Intrusion Prevention System, which can help in the event of an attack. You can also work with ISP and hosting providers to build in protective measures or at least have them available. There are also appliance and cloud-based solutions from vendors such as Corero Network Security, Prolexic, and CloudFlare; but, before you go down this path, start with simpler controls that can serve as a great starting point against DoS protection, such as system hardening, patch management, periodic security vulnerability scanning and manual analysis. The most important thing is to not take the approach that many people take ��� sit back and wait until a DoS attack before doing something about it. ��� Kevin Beaver is a consultant with Atlanta-based Principle Logic LLC (www.principlelogic.com). He has authored/co-authored 11 books on information security, including Hacking for Dummies, Implementation Strategies for Fulfilling and Maintaining IT Compliance, and the Security on Wheels audio books and blog (www.securityonwheels.com). Follow him on Twitter, @kevinbeaver or connect to him on LinkedIn. www.SecurityInfoWatch.com