Network administrators can take three measures to avoid attacks that affect some websites in the United States and South Korea. Such cyber attacks have affected sites such as the White House, the Nasdaq market, the New York Stock Exchange, the Yahoo Finance page and the Washington Post. These three security measures focus on the following: network-based mitigation of threats, managed mitigation measures and preventive measures.
I. Network-based mitigation measures:
• Install ids/ips systems with the ability to track traffic (such as dyn, ICMP, etc.).
• Install a firewall. Such firewalls can discard packets and not allow packets to reach internal servers. The nature of this Web server is that you allow access to the server from the Internet using the HTTP protocol. You need to monitor the server to determine where to block traffic.
• Have contact numbers for your Internet service provider's emergency management team (or the emergency response team or the team that responds to the incident). You first need to contact them to stop the attack from reaching your network.
Ii. threat mitigation measures based on trusteeship:
• Ensure that the HTTP open process times out within a reasonable time. When an attack occurs, you need to reduce this time.
• Ensure that the TCP process times out within a reasonable time.
• Install a host-based firewall to prevent HTTP threads from becoming attack packets.
Iii. Preventive measures:
• For knowledgeable people, "counterattack" can be done using procedures that can suppress threats. This approach is mainly used by networks such as government websites, which are often attacked.