TITLE:
Evaluation of Microsoft Windows Servers 2008 & 2003 against Cyber Attacks
AUTHORS:
Sanjeev Kumar, Senior Member, Raja Sekhar Reddy Gade
KEYWORDS:
Cyber Warfare, Distributed Denial of Service Attacks, TCP/SYN Flood, Processor Resource Exhaustion, Memory Resource Exhaustion
JOURNAL NAME:
Journal of Information Security,
Vol.6 No.2,
April
28,
2015
ABSTRACT: Distributed Denial of Service (DDoS) is known to compromise availability of Information Systems today. Widely deployed Microsoft’s Windows 2003 & 2008 servers provide some built-in protection against common Distributed Denial of Service (DDoS) attacks, such as TCP/SYN attack. In this paper, we evaluate the performance of built-in protection capabilities of Windows servers 2003 & 2008 against a special case of TCP/SYN based DDoS attack. Based on our measurements, it was found that the built-in security features which are available by default on Microsoft’s Windows servers were not sufficient in defending against the TCP/SYN attacks even at low intensity attack traffic. Under TCP/SYN attack traffic, the Microsoft 2003 server was found to crash due to processor resource exhaustion, whereas the 2008 server was found to crash due to its memory resource depletion even at low intensity attack traffic.