Death Observed for Microsoft Windows Server 2012 R2 under DDoS Security Attack

Nowadays, huge and long-lasting alarm system quotes are being observed against organizations and are making headline news frequently [1] . DDoS attacks have far-reaching consequences and leave a lasting impact on the victim organization by affecting the trust of the customers, loss of data and loss of revenue. The attacks launched had become more and more sophisticated and vicious, such as the ransomware attack in which attackers demanded ransom to decrypt sensitive medical information which they had encrypted by exploiting an unpatched vulnerability in an application server [2] .

It has been predicted that the occurrence of such attacks could increase in 2016 [3] . Under such circumstances, it is very crucial that organizations take a closer look at the inherent vulnerabilities and the host-based defense mechanisms available in the servers that have been deployed in their offices, and such measures would greatly decrease the chances of falling prey to attacks [4] .

The inherent vulnerability due to incomplete TCP-SYN handshakes was identified as early as 1994 [5] . TCP SYN based DDoS attack is considered a common type of denial of service attacks [6] and many server platforms lack sufficient protection against this attack. Many schemes have been suggested to defend against this DDoS attack, however, not many server platforms are automatically implementing effective protections against such attacks.

The first TCP-SYN attack, also known as SYN flood attack, was reported in 1996 [7] . Since then, network system security has been improved to a great extent through the development of technologies such as Intrusion Detection and Intrusion Prevention Systems, Firewalls, Proxies and through the implementation of several strategies such as SYN cookies [8] , packet filtering based on sender IP addresses, reducing the SYN-RECEIVED timer, recycling the oldest half-open Transmission Control Block (TCB), SYN cache [9] to name a few.

Most of these prevention mechanisms are used as an external mechanism (such as intrusion prevention system) to protect a server against a TCP SYN flood attack with varying results. Nevertheless, it is important for a server operating system to deploy on its platform in-built security to defend itself in the event that all the external protection mechanisms may have failed or compromised. Active research needs to be done to improve the ability of the Operating Systems to withstand and defend against DDoS attacks on its own to some extent as a part of host based defense mechanism.

Being one of the highest used server and client operating system in the world, earlier versions of Microsoft Windows operating systems have been evaluated previously [11] – [17] . Over the years, security of the server systems has improved and has become less vulnerable to attacks compared to their predecessors. There has been improvement in the protection mechanisms developed by Microsoft in the subsequent server operating system, however, more remains to be done.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *