Second, imagine the typical picture of hectic apps creation from the developer’s and vendor’s point of view—often a low budget, pressing deadlines, many different tests (e.g., functionality, load, security, etc.).
Eventually, it hardly comes as any surprise that the quality of applications themselves, and especially their security inviolability, is maimed (Surace, 2013).
These two factors, in concert with others, create weaknesses that black hackers, Not only are DDo S attacks nowadays delivered via infected machines and proxies, but attackers also often utilize highly automated tools.
In addition, the header order may be abnormal and not in accordance with the usual browser behavior (Imperva, 2012).
Yet perhaps the most important thing to remember is that a DDo S offensive, let’s say of the HTTP type, usually has a string or pattern (even if not easily discernible) that could be used to sort out attacking requests from legitimate ones.
This might be, for instance, identical user agents employed by the attacking script, a mutual GET URL or POST request, or other common HTTP header parameters ( 2012).
In this regard, the general belief among DDo S security firms is that “most attack tools have some unique HTTP characteristics that can be extracted and provide a basis for detection (Imperva, 2012, p.
15).”It is important, however, to stress that an analysis of such attacking HTTP requests in the context of the entire session only (IP/session/user; URLs, headers, parameters) may disclose the big picture of an act that actually constitutes a DDo S attack (Imperva, 2012).
As already mentioned, distinguishing between legitimate and malicious requests is the master key that would unlock our Enigma code, subsequently leading to positive DDo S detection and perhaps proper mitigation.
The usual course is comprehensive traffic monitoring based on predefined traffic behavior profiles.
Before we go to the main topic of this article, let us take heed of two factors that exacerbate the buildup of effective defensive powers against Layer 7 DDo S attacks.
First, the lack of knowledge about this matter leads an inexperienced IT security staff to take dubious and obviously inappropriate measures (see Diagram 4 below).
Over-provisioning of bandwidth is not so expedient when it comes to dealing with application-layer DDo S and their usually low appetite for bandwidth destruction (Verisign, 2012).
Instead, the defense mechanisms here should gather strength around other vital resources: memory, processing power, disk space, I/O, and upstream bandwidth (Abliz, 2011).