Cloud Computing Offers Enhanced Defenses for Thwarting DoS Attacks Cloud Computing

DoS attacks are equal opportunity challenges that are thwarted by firewalls, security software, redundancy, and vigilance. It’s an ongoing battle. The technique for effectively dealing with DoS is called maneuver warfare. This concept holds that strategic movement can bring about the defeat of an opposing force more efficiently than by simply contacting and destroying enemy forces until they can no longer fight. The following definition of maneuver was prepared by Kevin L.Jackson, and is reprinted with permission:

The U.S. Marine Corps concept of maneuver is a “warfighting philosophy that seeks to shatter the enemy’s cohesion through a variety of rapid, focused, and unexpected actions which create a turbulent and rapidly deteriorating situation with which the enemy cannot cope.” It is important to note, however, that neither is used in isolation. Balanced strategies combine attrition and maneuver techniques in order to be successful on the battlefield.

With cloud computing, IT security can now use maneuver concepts for enhance[d] defense. By leveraging virtualization, high speed wide area networks and broad industry standardization, new and enhanced security strategies can now be implemented. Defensive options can now include the virtual repositioning of entire datacenters. Through “cloudbursting”, additional compute and storage resources can also be brought to bear in a defensive, forensic or counter-offensive manner. The IT team can now actively “fight through an attack” and not just observe an intrusion, merely hoping that the in-place defenses are deep enough. The military analogy continues in that maneuver concepts must be combined with “defense in depth” techniques into holistic IT security strategies.

A theoretical example of how maneuver IT security strategies could be use[d] would be in responding to a denial of service attack launched on [an application]. After picking up a grossly abnormal spike in inbound traffic, targeted applications could be immediately transferred to virtual machines hosted in another datacenter. Router automation would immediately re-route operational network links to the new location (IT defense by maneuver). Forensic and counter-cyber attack applications, normally dormant and hosted by a commercial infrastructure-as-a-service (IaaS) provider (a cloudburst), are immediately launched, collecting information on the attack and sequentially blocking zombie machines. The rapid counter would allow for the immediate, and automated, detection and elimination of the attack source.



Face Book Twitter Google Plus Instagram Youtube Linkedin Myspace Pinterest Soundcloud Wikipedia

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Cloud Computing Topics