Another massive attack at Nepal Government Servers. This is wake up call for those who are envisioning digital Nepal. In a client-server architecture, a server’s responsibility is always to serve its client. When a server fails to serve its client, we call it as server crashes or server down. This means when a server goes down or server crashes, we the user connected to that server do not get access to that server and you may often find messages like – “Server Not Found”, “Server is not responding” and so on. There are several causes of these situations. Following are top 9 causes of a server down or server crash
- Power failure is a common phenomenon that is observable in most organizations. Make sure you or your other members have not unplugged your server power cable. Make sure your UPS is serving enough power to the server. Check all the power cables connected to your server, because sometimes the cable may burn from overheating or short circuit.
- Network Problem: Network problem is a big issue. You cannot be sure where the problem is occurring, because it may occur in your side (server side) or it may occur in the client side or may be in the middle somewhere. What you can do, you can check your network connections in your side and make sure all the network connections are quite OK. Check your Ethernet cable connected to your server.
- Server Hardware Problem: What does a server down or server crash actually mean? A server can go down due to some hardware failure in the server. So make sure you have no hardware failure issues in your server.
- Operating System Crashes: Sometime the operating system may stop functioning suddenly and it may appear to hang until a reboot is performed. Simply rebooting the server often makes the system stable. But if it is a virus problem and some critical part of the system has been destroyed by the virus then the system needs to be recovered or reinstall the operating system.
- Application Crash: Sometime it may happen that the application that is serving your client may be crashed. There may have several causes of an application failure. Like – resource exhaustion, Computational or logic error, system overload, database corruption and many more.
- DOS Attack: DOS means Denial of Services, is an attack where the legitimate or authorized user of the system does not get access to the system because some other illegitimate or unauthorized user unnecessarily making the system busy. Often this type of attacks is done by some other application. Where the application continuously starts submitting a request and creates a pool of requests and the server gets totally engaged in replying the. And you suffer from starvation.
- High Server Workload: High server workload is good for your business. You always pray for that. But when this heavy traffic turns to overhead for the server, the server stops responding. It can not take any farther request from the client i.e. the server goes down
- Viruses and Worms: Viruses and Worms are the programs that are designed to harms the computer system, viruses crash the programs whereas worms increase the number of processes in the system by creating a replica of its own. It makes the system too much busy that the system becomes unable to accept any client request.
- Configuration Bug: The status of the server and the application depends on the configuration, sometimes due to misconfiguration, the application cannot be accessed by the client. In that case, though the server is live still it seems to the client that the server is either down or crashed because he is not getting access to the server.
Out of these 9 possible causes, the cause no. 6 ie DOS Attack is the highly probable and possible cause for DNS to go down. This DOS Attack is also termed as ‘Man-In-The-Middle’ attack (MITM). It is a type of cyber attack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. It allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways, including MITM, MitM, MiM or MIM. The Key concepts of this attack are:
- Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
- A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
- Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.
In the image above, you will notice that the attacker inserted him/herself in-between the flow of traffic between client and server. Now that the attacker has intruded into the communication between the two endpoints, he/she can inject false information and intercept the data transferred between them.
One of the processes of Interception in Man-In-The-Middle attack can be done via DNS Spoofing which is also referred to as DNS cache poisoning that introduces corrupt Domain Name System data into DNS server to modify the record of website’s address.
This kind of attack can be prevented by integrating verification techniques for applications alongside effective encryption. There is a higher chance of the hacker to extract session cookies when the user is browsing on a session that is insecure when logged in. Similarly, prevention of HTTP Interception by implementing the use of an SSL/TLS certificate to stimulate HTTPS protocol which is the secure version of HTTP can be one of the ways to be on a safer side. An HTTPS protocol encrypts the connection between the browser and the server. This mitigates hacking attempts and protects the user’s information from inquisitive hackers. There are other Systems and Server Configurations which are done by experienced System Administrators They can optimize the resources with security perspectives and as per need of the organization. Besides, the global practices say that the organization providing such level of services should have proper Data Center, Near Data Center and DR Center to make sure of high availability with 99.999% uptime guaranteed. Also, it should have a trained team to operate such facilities along with support personnel for managed services.
By: Star Shrestha (Globally Certified Data Center Professional, EXIN)