Prevention of DOS Attacks

The following list shows measures implemented in VOSS-4-UC to protect the system against Denial of Service (DOS) attacks:

  • Firewall protection:
    • TCP flood protection against:
      • the SSH port
      • web server ports
    • SYN flood protection
  • Configurable session limits for the VOSS-4-UC platform SSH access is Sessions per user and Sessions per application. An administrator can set and modify the number of SSH sessions allowed:
    • system-wide (default is 10 if not set)
    • for a user (default is 10 if not set)

See SSH Session Limit for detailed information.

  • The usage of ports, protocols, and services are registered with the DoD PPS Database
  • An automated, continuous on-line monitoring of the system is implemented, with:
    • Audit trail creation capability in a format that a log viewing application can immediately alert personnel of any unusual or inappropriate activity with potential Information Assurance (IA) implications.
    • A command line command that a user can automatically disable the system if serious IA violations are detected.
  • Applications are monitored and notifications sent when resource conditions reach a predefined threshold indicating there may be attack occurring, for example through SNMP traps and triggers.
  • High disk utilization is managed due to error notifications. For log files, disk utilization is managed by:
    • daily log rotation
    • 4 weeks of backlogs
    • the creation of new (empty) log files after rotating old ones
    • log file compression
    • a logging restriction of 20 messages per minute
  • A continuous cycle of updating packages during releases is in place with notifications during updates. Commands to carry out a security check or update can be run at any time.