DDOS Attack - Network Security Threat.

Introduction

           In today's world of ever-evolving technologies, network security threats have become prevalent, and the complexity of these threats is increasing. Moreover, the development of computer networks has given rise to the rapid evolution of threats to the security of the use of these networks (Mendyk-Krajewska & Mazur, 2010). The aspect of network security is becoming a critical area for both small and large organizations. Regardless of the size of the organization, they all become targets for various network attacks that can disrupt business operations. There are various emerging network security threats that organizations need to be aware of to ensure that their software, data, and systems are protected. This is because although network security is a crucial aspect of any organization, it is possible to become less cautious with its security approach as time goes by. Furthermore, computer networks evolve faster; hence, the threats to such networks also evolve at a similar pace.

           This study aims to identify the current network security threats that primarily affect software and their impact on organizational operations. When computer networks are attacked, there is a high likelihood that the normal functions of a system are interrupted, and hence systems cannot perform as required. This research critically examines the specific impact of a particular network security threat have on businesses and organizations. It also examines the manner in which this network security threat can compromise networks and exploit the vulnerabilities of network infrastructure. According to Ahmad and Habib (2010), securing the network infrastructure aids in minimizing the likelihood of exploiting the vulnerabilities. This paper further discusses how a specific network security threat helps hackers and intruders to pursue their intentions. This is because network security threats exploit a network's weakness, thereby enabling attackers to gain easy access to critical infrastructure and systems. The paper also reviews relevant literature about network security threats and how these threats can be eliminated.

DDoS Attacks

           One of the current network security threats relating to insecure software is the denial of service (DOS) attacks. The DoS attacks are considered primary threats to network security, which involves hackers or attackers seeking to render a host computer or a network unavailable to intended users. The distributed denial of service (DDoS) attacks are the most common types of DoS attacks and has been globally considered a rapidly growing network threat. The DDoS attack is an availability-related attack, which can potentially result in an extensive disruption in the entire network infrastructure (Sahoo et al., 2019). Sahoo further argues that this kind of network threat requires an innovative and efficient defense system to counter the severity of this attack. In recent years, attackers have broadened the number of machines and services they target and expanded the threat surface. The DDoS attacks seek to drain the communication and the computing power of network targets by introducing large amounts of traffic into them. Software-defined networks are the primary targets of these network threats. According to Andishmand et al. (2020), software-defined networks have several different applications hence can be targets of DDoS attacks just like other networks.

           DDoS attacks have become more sophisticated and developed new ways of attacking insecure software. Considering the vulnerabilities of software-defined networks, DDoS attacks are likely to be a threat to such networks. Software-defined networks consist of three functional layers: infrastructure, application, and control layers, in which DDoS attacks can launch on these layers (Andishmand et al., 2020). These security vulnerabilities of the software-defined networks allow for the intrusion of attackers at some point but create new opportunities for implementing effective intrusion detection methods. According to Jankowski and Amanowicz (2015), it allows for the integration of threat detection methods with the software-defined network environment. This involved leveraging software-defined network infrastructure to create a network-based intrusion detection system for detecting and eliminating ongoing DDoS attacks.

Impact of DDoS Attacks

           Distributed denial of service (DDoS) attacks have had an immense impact on today's global emerging technologies. These kinds of network attacks are considered to be a way of disrupting the internet. One of the specific areas that DDoS has shown to impact significantly is the Internet of Things (IoT). The IoT tends to provide various connected smart devices, which have faced the challenge of securing overall privacy. It involved the interconnecting of a variety of devices across the same network, which is often protected with minimal security or none at all. The DDoS attacks have accelerated with the exponential growth of IoT. According to Wani and Revathi (2020), DDoS heavily influences the IoT network, and IoT botnets can also be sued to launch large volumes of DDoS attacks. This is because IoT vulnerabilities provide a suitable target for botnets hence making them a major contributor to the increased DDoS attacks.

Major New devlopments in Cloud.

1. Introduction

Companies dealing in cloud computing has a very large infrastructure consisting of thousands of physical servers and these physical servers host millions of virtual machines. Moreover, there are complex networking topologies are created for the interconnectivity of these servers. In cloud, security of networks between the hosts is very critical especially due to multi-tenancy, meaning applications of multiple organisations are running on the same server maybe using few containerized technologies.

Usually, solution architects create infrastructure of an organisation in which the network security devices like Bastian host or WAF(Web application firewall) are placed in the DMZ or demilitarized zone thinking that most of the time attack happens only from traffic coming from open internet but in public multi-tenant, cloud providers ask consumers to take care of the security responsibilities of the servers they are using in cloud. If one the consumers is able to compromise a virtual machine, then it can infect other machines within a network and these attacks cannot be detected by the security devices installed in the DMZ zone. Due to this it’s very important to understand how cloud providers will make sure that application of organisation A will not in any way impact application of organisation B as they will be hosted on the same server in cloud environment.

To address such kind of network security concerns in cloud we can implement multiple options. For example, we can deploy security device like network-based intrusion detection system (NIDS) which helps in detecting malicious traffic between networking devices in a network. In case if we implement NIDS between two hosts on a network and as migration of virtual machine is very common in cloud computing so we might need to relocate the position of NIDS and will be placed in between the new location of virtual machines post migration. Moreover, given the number of virtual machines are have its not possible to keep shifting the position of NIDS.

This position shifting of NIDS issue is taken care by cloud service called as Cloud Watcher which helps to manipulate the network traffic and make sure that the traffic pass through devices which have security devices installed in them. In Cloud Watcher we can create a simple script through which network cloud admin can manage the application easily.

2. Benefits

There are many benefits of using Cloud Watcher as network monitoring tool. Firstly, it can control or manipulate the flow of traffic in network. Secondly, it uses its ability of controlling the flow of traffic and making sure that all the network traffic from any host goes and pass through a special kind of networking devices which already have security devices like firewalls or NIDS installed in them which are constantly scanning the packets for any malicious activity. Cloud Watcher can be run through a script which make it easy to configure and implement.

3. Limitations

Functionality of Cloud Watcher cannot work between two security devices if those devices are unable establish a connection between themselves due to the configuration implemented by the network engineer or Administrator. It can have significant slowness if too many new flows are inserted in the network.

4. Conclusion

We can conclude that Cloud Watcher is an efficient and easy to use network monitoring tool which is used to monitory networking traffic of virtual machines running in a cloud environment. As we can also configure the tool from a script it is likely the perfect and convenient solution for monitoring networking packets within a cloud environment.