Denial of service, threat and mitigation solution for layer 7 OSI / Siti 'Alimiyyah Ab Rani

Increasing number of attacks and its effect on major industries such as banks, airlines, universities, government and other agencies happens regularly and is alarmingly rising. This unresolved issue is currently active in the cyber world and has never come to a complete total solution or fully resolved until now because of the pattern of attacks is expanding from time to time by exploiting any vulnerabilities. For instance, the issue on Ababil Operation (July 2012), the massive 300Gbps attack that was thrown against Spamhaus' website, the attack which was carried out towards Burma that had kept the nation out of internet for several months any many more. However, the attacks on the application layer are increasingly gaining on popularity. Layer seven penetration, the top layer in the OSI model, provides an outlet on a business logic layer, which is considered an abstract extension of the aforementioned network protocol suite. Layer seven DDoS attacks are often customised to target a specific service on the application layer. For example, web servers that runs a combination of Java, PFIP5, and ASP.NET may be targeted by specially crafted HTTP requests, which may collide with the web server's hashing operation "when unique requests return non-unique and overlapping responses. In order to resolve the problem an experiment was perform to determine the type of DDoS threat on layer 7 OSI, to determine which type of common web server is vulnerable to layer 7 OSI DDoS attack and to determine effective mitigation solution based on web server used. Based on the n experiment, we are able to determine which type of web server is vulnerable to the layer 7 OSI DDoS attack. We also overcome the threat with a proper and effective mitigation solution based on web server and attack used. All three experiments in this research were brutally flooded by the Slow-Rate DDoS attack, Experiment 1 is based on CentOS + Apache, Experiment 2 is based on Window Server + IIS and Experiment 3 is based on FreeBSD + NGINX. From the experiment and results we find that the combination of FreeBSD + NGINX is the best web server solution for mitigating layer 7 OSI DDoS threat since it is not effected at all by the SlowRate DoS attack. This platform and combination seems a bit harsh and complex to configure and is way less favoured by most hosting and Server Administrators compared to the other two experiment set, but it is really light, fast, solid, stable and hard to penetrate by layer 7 OSI DDoS threat. Additionally, it has the high performance load, robust, and secure. On the other hand, Apache HTTP Server seems to be the famous web server as it is the most commonly and widely used web server today. This is because it is easy to use, implement, configure, maintain and fully loaded with lots of supporting packages. Such popularity leads it to be an easy target making it into a highly vulnerable web server.