2.1.6 DoS Defenses

The defense against application layer DoS attacks usually centers on security patches aimed at the Macro programming languages used by many of these applications. This includes Visual Basic for Applications (VBA) that runs with the Microsoft Office family. However, because the TCP/IP stack encompasses the OSI reference model (layers 5 through 7), security also involves turning off unneeded protocols and services. Firewalls and intrusion detection systems are also useful, because they can filter packets based on addresses and ports.

Defending against transport layer DoS attacks centers around firewalls and intrusion detection systems. If an attacking packet comes in destined for a little used port, the firewall can be set to reject it. Intrusion detection systems can be set to alarm if access at oddball ports is attempted.

Network layer DoS attacks can be defended against by filtering incoming traffic against unusual ports, and also against quantity (traffic shaping). A firewall is an excellent tool to limit the traffic of various services, but advanced router software can also perform some of these functions.

Attacks at the physical layer are best contained by using good physical security. Locks on server room and telecommunication room doors, encasing critical infrastructure in conduit, and monitoring physical connections with advanced patch panel systems can all enhance physical security.

Physical, network, transport and application layer security