LOT Task 2
SUBDOMAIN 426.4 - HACKING
Competency 426.4.4: Denial of Service (DoS) - The graduate identifies and implements countermeasures to protect against denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks using industry best practices.
You work at a large public university that utilizes a web-based registration and cashiering system that allows students to register for, drop, and pay for classes. Naturally, peak usage times are during registration season shortly before the start of a new quarter. The system has been in place for about a year and half and has greatly reduced the workforce needed to staff the registration office during registration season; as a result of implementing the new system, more than three-quarters of the registration staff was reassigned to other parts of the university.
However, during registration for the most recent quarter, the web-based system suffered a crippling distributed denial-of-service (DDoS) attack that made the system unavailable for about 24 hours. The university’s network staff was certain that the attack did not initiate from an external network source since the university has a series of mechanisms in place to intercept such attacks. Further investigation revealed that the attack originated from an internal network. The network team discovered that a password sniffer application was somehow installed on a large portion of the computers in various university computer labs. The password sniffer captured one of the administrative passwords that was recently used to remotely install a critical operating system patch for these computers. Once compromised, the computers were used collectively to perform a DDoS attack that flooded the registration system’s web servers with thousands of bogus HTTP requests that quickly overwhelmed the servers and caused them to become unavailable.
A. Create a multimedia presentation (e.g., PowerPoint, Keynote) (suggested length of 5–10 slides) that analyzes how using specific industry best practices can protect the network in the scenario against DDoS attacks.
1. Include presenter notes for each slide.
B. Develop a best practices guide (suggested length of 3 pages) for the university that specifies industry best practices to counter denial-of-service (DoS) and DDoS attacks for the scenario described above.
Note: Ensure that your recommendations are specific to the scenario and that their correlation to the scenario is thoroughly explained.
C. When you use sources, include all in-text citations and references in APA format.
Note: When bulleted points are present in the task prompt, the level of detail or support called for in the rubric refers to those bulleted points.
Note: For definitions of terms commonly used in the rubric, see the Rubric Terms web link included in the Evaluation Procedures section.
Note: When using sources to support ideas and elements in a paper or project, the submission MUST include APA formatted in-text citations with a corresponding reference list for any direct quotes or paraphrasing. It is not necessary to list sources that were consulted if they have not been quoted or paraphrased in the text of the paper or project.
Note: No more than a combined total of 30% of a submission can be directly quoted or closely paraphrased from sources, even if cited correctly. For tips on using APA style, please refer to the APA Handout web link included in the General Instructions section.