The enterprise manager’s checklist to getting to grips with DDoS attacks and the Botnet army
Ingo Schneider of Alcatel-Lucent Enterprise
Distributed Denial of Service (DDoS) attacks jumped into the mainstream consciousness last year after several high-profile cases – one of the largest and most widely reported being the Dyn takedown in October 2016.
While not necessarily a new threat – they have in fact been around since the late ‘90s – the Dyn takedown is an interesting example as it used poorly secured IoT devices to coordinate the attack.
When you consider that by 2020 it is predicted there will be 20Bn connected devices as part of the growing Internet of Things, the need to implement the right network procedures and tools to properly secure all these devices is only going to grow, says Ingo Schneider, director of Business Development & Data Network Infrastructure, EUNO, at Alcatel-Lucent Enterprise.
The Internet of Things is the new battle ground – Rent-a-bots on the rise
Put simply, DDoS attacks occur when an attacker attempts to make a network resource unavailable to legitimate users, by flooding the targeted network with superfluous traffic until it simply overwhelms the servers and knocks the service offline. Thousands and thousands of these attacks happen every year, and are increasing both in number and in scale. According to some reports, 2016 saw a 138% year-on-year increase in the total number of attacks greater than 100Gbps.
The Dyn attack used the Mirai botnet which exploits poorly secured, IP-enabled ‘smart things’ to swell its ranks of infected devices. It is programed to scan for IoT devices that are still only protected by factory-set defaults or hardcoded usernames and passwords. Once infected, the device becomes a member of a botnet of tens of thousands of IoT devices, which can then bombard a selected target with malicious traffic.
This botnet and others are available for hire online from enterprising cyber criminals, and as their functionalities and capabilities are expanded and refined, more and more connected devices will be at risk.
So what steps can businesses take to protect themselves now and in the in the future?
First: contain the threat
With the rise of IoT at the heart of digital business transformation and its power as an agent for leveraging some of the most important technological advances – such as big data, automation, machine learning and enterprise-wide visibility – new ways of managing networks and their web of connected devices are rushing to keep pace.
A key development is IoT containment. This is a method of creating virtual isolated environments using network virtualisation techniques. The idea is to group connected devices with a specific functional purpose, and the respective authorised users, into a unique IoT container. You still have all users and devices in a corporation physically connected to a single converged network infrastructure, but they are logically isolated by these containers.
Computer screens in control room
Say, for example, the security team has 10 IP-surveillance cameras at a facility. By creating an IoT container for the security team’s network, IT staff can create a virtual, isolated network which cannot be accessed by unauthorised personnel – or be seen by other devices outside of the virtual environment.
If any part of the network outside of this environment is compromised, it will not spread to the surveillance network. This can be replicated for payroll systems, R&D or any other team within the business.
By creating a virtual IoT environment you can also ensure the right conditions for a group of devices to operate properly. Within a container, quality of service (QoS) rules can be enforced, and it is possible to reserve or limit bandwidth, prioritise mission critical traffic and block undesired applications.
For instance, the surveillance cameras that run a continuous feed may require a reserved amount of bandwidth, whereas critical-care machines in hospital units must get the highest priority. This QoS enforcement can be better accomplished by using switches enabled with deep-packet inspection, which see the packets traversing the network as well as what applications are in use – so you know if someone is accessing the CRM system, security feeds or simply watching Netflix.
Second: protection at the switch – a three-pronged approach
Businesses should ensure that switch vendors are taking the threat seriously and putting in place procedures to maximise hardware protection. A good approach can be summed up in a three-pronged strategy.
-
- A second pair of eyes – make sure the switch operating system is verified by 3rd party security experts. Some companies may shy away from sharing source code to be verified by industry specialists, but it is important to look at manufacturers which have ongoing relationships with leading industry security experts.
-
- Scrambled code means one switch can’t compromise the whole network. The use of open source code as part of operating systems is common in the industry, which does come with some risk as the code is ‘common knowledge’. By scrambling object code within the switch’s memory, even if a hacker could locate sections of open source code in one switch each would be scrambled uniquely, so the same attack would not work on multiple switches.
-
- How is the switch operating system delivered? The IT industry has a global supply chain, with component manufacturing, assembly, shipping and distribution having a world-wide footprint. This introduces the risk of the switch being tampered with before it gets to the end-customer. The network installation team should always download the official operating systems to the switch directly from the vendor’s secure servers before installation.
Third: do the simple things to secure your smart things
As well as establishing a more secure core network, there are precautions you can take right now to enhance device protection. It is amazing how many businesses miss out these simple steps.
-
- Change the default password – A very simple and often overlooked procedure – change the default password. In the Dyn case, the virus searched for default settings of the IP devices to take control.
-
- Update the software – As the battle between cyber criminals and security experts continues, the need to stay up-to-the-minute with the latest updates and security patches becomes more important. Pay attention to the latest updates and make it part of the routine to stay on top.
-
- Prevent remote management – Disable the remote management protocols, such as telnet or http, that provide control from another location. The recommended remote management secure protocols are via SSH or https.
modern city at night with financial background
- Prevent remote management – Disable the remote management protocols, such as telnet or http, that provide control from another location. The recommended remote management secure protocols are via SSH or https.
Evolve your network
The Internet of Things has great transformative potential for businesses in all industries, from manufacturing and healthcare to transportation and education. But with any new wave of technical innovation comes new challenges. We are at the beginning of the IoT era, which is why it’s important to get the fundamental network requirements in place to support not only the increase in data traversing our networks, but enforce QoS rules and minimise risk from cyber-attacks.
The author of this blog is Ingo Schneider, director of Business Development & Data Network Infrastructure, EUNO, at Alcatel-Lucent Enterprise
Comment on this article below or via Twitter @IoTGN