1 Reply Latest reply: Oct 12, 2012 10:19 AM by Regis RSS

    Mitigation for DoS attack

    senthilmanick

      I am using "McAfee VirusScan Enterprise 8.8", Will it handle the Denial-Of-Service attack? Do I need to do some configuration to secure the system from this attack?

        • 1. Re: Mitigation for DoS attack
          Regis

          In a word, no.

           

          A host-based antimalware tool won't do a thing against traditional DOS  nor against distributed DOS (DDOS) attacks.     

           

          DDOS is a network issue.   Can you survive a 70Gbps DDOS?  Most likely the answer is a flat no.   Do you need to?   Can you afford to?  are the next questions.    To have a plan in place to survive DDOS involves working with  your network providers and rethinking application hosting decisions.  What do you push to the cloud for your DNS and app hosting?  If all of your things are hanging off a 5Mbps network connection, you can be dos'd off the net quite trivially.    Is your risk posture for DDOS such that you team up with a Verizon/Prolexic/Neustar or any network provider with Arbor Networks gear, HUGE pipes, and staff that knows what to do with them?     Does your regular bandwidth provider have DDOS mitigation capability?  Or if you call them with a problem will they only be able to black hole route IP's?   Or do they have a screening router on their end where they can actually do ACL's to respond to DDOS?     It's a complicated question, but no, none of it has a thing to do with host-based anti-virus.

           

          DOS issues can also be related to application vulnerabilities.  Patching those applications can address those vulns that cause DOS conditions.   Web server configuration and hardening to slowloris and other resource exhaustion attacks are also part of a comprehensive plan to be as hard as you can against DOS's.

           

          However, often, businesses have way bigger and more basic problems to deal with that are of higher probability of biting them than the off chance they'll end up in the crosshairs of people pointing DDOS tools at them en masse.