Page 38 - Cyber Warnings
P. 38







• Filter both outbound and inbound traffic to enhance DDoS protection.
• Change the configuration of your switches and routers such that they automatically
reject packets coming from outside your network.
• Focus on encrypting different sessions on your router to allow trusted hosts who are
outside your network.



10. Install Patches and Updates Frequently

Installing updates on open source platforms like WordPress as soon as possible mitigates the
risk of attack because the potential security loophole is filled with an update. Therefore, deploy
an update within your network as soon as possible.


The longer the lag time between the update and the application, the more vulnerable your
system becomes.


This is often neglected by many businesses, mainly because of the frequency of updates and
they consider it irrelevant to update the application.


11. Aggressively Monitor Half-Open Connections


In a usually three-way handshake:


• The client request connection by sending SYN (synchronize) packet to the server,
• The server returns the SYN-ACK (synchronize-acknowledge) packet to the client,
• The client answers with an ACK (Acknowledge) that the package is received and
communication begins.


In half-open connections, the packets are not sent to the hostile client. However, the client
sends multiple requests to the server ports using fake IP addresses. Such a connection is not
closed and remains open making it vulnerable to attack.

Detection of such half-open connections is done by:


• Adding an empty keepalive message to the application protocol framing
• Adding a null keepalive message to the actual application protocol framing
• Using an explicit timer
• Altering the TCP keepalive settings









38 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   33   34   35   36   37   38   39   40   41   42   43