David Williamson, CEO of EfficientIP, publisher and provider of DDI solutions (DNS-DHCP-IPAM).
At the moment, cyber attacks can come from sources you never suspected. We
are all aware of threats from ransomware, nation state actors,
industrial espionage or hacker groups in search of personal information
(credit card data in particular). However, we do not generally expect our sites and web services to be
subject to collateral damage due to a popular gaming server.And
here comes the botnet Mirai, come to cause a stop of the servers of
games Minecraft and attack the provider of DNS Cloud Dyn in October
2016. According to a report of the journalist specialist of security
Brian Krebs, versions of Mirai were launched on servers Minecraft by competing security organizations from Minecraft, in order to court each other's clients one another. Mirai takes advantage of poorly protected Internet-based devices such as CCTV cameras, routers, even baby monitor intercoms. The
botnet can quickly overwhelm the DNS servers with queries, thus
preventing users from connecting to the services they need - and thus
causing what corresponds to the definition of Distributed Denial of
Service (DDoS) ).
And
here comes the botnet Mirai, come to cause a stop of the servers of
games Minecraft and attack the provider of DNS Cloud Dyn in October
2016. According to a report of the journalist specialist of security
Brian Krebs, versions of Mirai were launched on servers Minecraft by competing security organizations from Minecraft, in order to court each other's clients one another. Mirai takes advantage of poorly protected Internet-based devices such as CCTV cameras, routers, even baby monitor intercoms. The
botnet can quickly overwhelm the DNS servers with queries, thus
preventing users from connecting to the services they need - and thus
causing what corresponds to the definition of Distributed Denial of
Service (DDoS) ).
The attack on Dyn conducted in one day used over 1700 devices and disconnected many of the much-needed services - Twitter, Reddit and BBC to name but a few - for hours. The difference between this attack and previous botnets was its scale and another peculiarity: it diverted unsecured IoT devices (instead of PC, more "usually" compromised). Dyn will not be an isolated case but only the most recent and most famous example of attack. But then what can be done to defend networks and users against future attacks that would use consumer hardware?
First steps towards protection - a hybrid approach
The protection of DNS services begins with adherence to the old saying that "Do not put all your eggs in one basket". It is best not to rely on a single DNS host and use sophisticated DNS servers to manage traffic and then identify and block attacks. This lends itself to a hybrid approach, where the DNS architecture spans multiple DNS servers both locally and in the cloud. Although such an approach requires synchronization efforts, it provides uninterrupted service to users when one of your DNS servers becomes inaccessible.In a hybrid DNS architecture, DNS servers are always active. If a server is assigned or fails, the hand automatically switches to another server. In the case of a DDoS attack against a DNS, users use the unassigned server - which gives them uninterrupted access, while preventing automatic re-tests that multiply the effects of the initial attack.
Using DNS as a Defense
The problem that arises for any organization attempting to defend themselves against IoT botnets like Mirai: Consumer Internet services are difficult to protect. They are open by design, and most active users do not consider the hardware they use, and do not rely on a security model that performs better than a basic firewall built into a router. Individuals can not be expected to maintain the security of their networks or to maintain their IoT hardware. Suppliers may also not propose corrective measures or fail to offer them quickly enough, which only aggravates the situation. All this confronted us with an environment that is becoming more and more difficult to manage.
But then, how to protect the Internet against this growing risk? ISPs can take a stricter position on network security, with more drastic controls on user networks and local equipment. Their network hardware can also be used to detect common attack patterns.
DNS security tools can work after compromised networks are identified. Using technologies such as IPAM, they transfer client traffic from an open network to a smaller network, with the ability to filter packets from botnets to control and command servers. They can also arm users by giving them access to tools to help rectify their network while helping to identify and update compromised hardware, disrupting the botnet's structure itself.
This approach is not without risk, because it intrinsically alters the relationship between the ISP and its client, which can be considered as an abusive interference. For this particular situation to work, it should be dealt with at the regional level in cooperation with other ISPs and become an integral part of the contract between the user and the service provider.
Collaborative Defense Efforts by Services and ISPs
By combining ISP services and solutions of this type, with industry-wide commitment to maintaining and maintaining IoT objects, we could have a valid solution, the main elements of which would be :
💌 Follow by Email:Digital Channel
🌍🔍 Search Google :digitalchanneltv.tk
Click Index You Might Be Interested
Tweet to @adesignmedia
The attack on Dyn conducted in one day used over 1700 devices and disconnected many of the much-needed services - Twitter, Reddit and BBC to name but a few - for hours. The difference between this attack and previous botnets was its scale and another peculiarity: it diverted unsecured IoT devices (instead of PC, more "usually" compromised). Dyn will not be an isolated case but only the most recent and most famous example of attack. But then what can be done to defend networks and users against future attacks that would use consumer hardware?
First steps towards protection - a hybrid approach
The protection of DNS services begins with adherence to the old saying that "Do not put all your eggs in one basket". It is best not to rely on a single DNS host and use sophisticated DNS servers to manage traffic and then identify and block attacks. This lends itself to a hybrid approach, where the DNS architecture spans multiple DNS servers both locally and in the cloud. Although such an approach requires synchronization efforts, it provides uninterrupted service to users when one of your DNS servers becomes inaccessible.In a hybrid DNS architecture, DNS servers are always active. If a server is assigned or fails, the hand automatically switches to another server. In the case of a DDoS attack against a DNS, users use the unassigned server - which gives them uninterrupted access, while preventing automatic re-tests that multiply the effects of the initial attack.
Using DNS as a Defense
The problem that arises for any organization attempting to defend themselves against IoT botnets like Mirai: Consumer Internet services are difficult to protect. They are open by design, and most active users do not consider the hardware they use, and do not rely on a security model that performs better than a basic firewall built into a router. Individuals can not be expected to maintain the security of their networks or to maintain their IoT hardware. Suppliers may also not propose corrective measures or fail to offer them quickly enough, which only aggravates the situation. All this confronted us with an environment that is becoming more and more difficult to manage.
But then, how to protect the Internet against this growing risk? ISPs can take a stricter position on network security, with more drastic controls on user networks and local equipment. Their network hardware can also be used to detect common attack patterns.
DNS security tools can work after compromised networks are identified. Using technologies such as IPAM, they transfer client traffic from an open network to a smaller network, with the ability to filter packets from botnets to control and command servers. They can also arm users by giving them access to tools to help rectify their network while helping to identify and update compromised hardware, disrupting the botnet's structure itself.
This approach is not without risk, because it intrinsically alters the relationship between the ISP and its client, which can be considered as an abusive interference. For this particular situation to work, it should be dealt with at the regional level in cooperation with other ISPs and become an integral part of the contract between the user and the service provider.
Collaborative Defense Efforts by Services and ISPs
By combining ISP services and solutions of this type, with industry-wide commitment to maintaining and maintaining IoT objects, we could have a valid solution, the main elements of which would be :
- Advanced DNS services to absorb DDoS traffic
- Use of multiple DNS services to ensure continuity of major services
- Using a DNS security layer to analyze traffic, which would be bound to detect attack patterns
- ISP quarantine services, which would be linked to simple IoT hardware updating services
💌 Follow by Email:Digital Channel
🌍🔍 Search Google :digitalchanneltv.tk
Click Index You Might Be Interested
suivre Dhaouadi Aymensur
Tags
Technology