Abstract
Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security systems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) attack on Independence Day weekend, on July 4th, 2009 launched to debilitate the US and South Korean governments’ websites is indicative of the fact that the security systems may not have been adequately deployed to counteract such attacks. IPS is a vital security device which is commonly used as a front line defense mechanism to defend against such DoS attacks. Before deploying a firewall or an IPS device for network protection, in many deployments, the performance of firewalls is seldom evaluated for their effectiveness. Many times, these IPS’s can become bottleneck to the network performance and they may not be effective in stopping DoS attacks. In this paper, we intend to drive the point that deploying IPS may not always be effective in stopping harmful effects of DoS attacks. It is important to evaluate the capability of IPS before they are deployed to protect a network or a server against DoS attacks. In this paper, we evaluate performance of a commercial grade IPS Cisco ASA-5510 IPS to measure its effectiveness in stopping a DoS attacks namely TCP-SYN, UDP Flood, Ping Flood and ICMP Land Attacks. This IPS comes with features to counteract and provide security against these attacks. Performance of the IPS is measured under these attacks protection and compared with its performance when these protection features were not available (i.e. disabled). It was found that the IPS was unable to provide satisfactory protection despite the availability of the protection features against these flooding attacks. It is important for the network managers to measure the actual capabilities of an IPS system before its deployment to protect critical information infrastructure.
Highlights
Exchange of Information in Government organizations, Educational institutions, corporate offices, and for each and every individual mostly depends on Internet
We evaluate performance of a commercial grade Intrusion protection systems (IPS) Cisco ASA-5510 IPS to measure its effectiveness in stopping a Denial of Service (DoS) attacks namely Transmission Control Protocol (TCP)-SYN, UDP Flood, Ping Flood and Internet Control message Protocol (ICMP) Land Attacks
We evaluate performance of Cisco ASA5510 Intrusion Prevention System in preventing DDoS attacks
Summary
Exchange of Information in Government organizations, Educational institutions, corporate offices, and for each and every individual mostly depends on Internet. According to “2008 CSI Computer and Security Survey”, Firewall type of security technology was used by 94% of the organizations to secure their networks [2]. Many manufacturers are designing firewalls to provide complete protection for their consumers from different types of attacks and at the same time provide availability for good communication between protected private network and public network of the legitimate users. Despite widespread use of firewalls to protect the private networks, the damage caused by the denial of service attacks does not seem to have mitigated. The recent Independence Day Denial of Service attack on July 4th, 2009 launched against US and South Korean government websites [3,4] has caused significant interruption in their operation and it is prompting many to question the performance of firewalls in defending against such DoS attacks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
