Massive Cyber-Attack Shows Risk Of Poor Security On Network Nodes

Juniper Networks

ANALYSIS: While the details regarding the sources and methods of the Oct. 21 DDoS attack that took down vast areas of the internet are still unclear, insecure endpoints are the likely culprit

After all, the internet was supposedly designed to be resistant to such outages by simply routing around damage. That was actually the idea in the original design of the internet. But as we say here in Washington, that was then and this is now.

The way the internet has evolved, there are a number of core services, one of which one DNS that must be available for normal functioning of commercial Web operations. DNS has become a service that’s both necessary and not especially redundant.

This makes an attack on a second-level service such as DynDNS serious enough. However, an attack on the internet’s root servers could take out most internet service globally.

Dyn DNS

NetworksFortunately, the root servers on the internet have not been successfully attacked—so far—but that doesn’t mean they can’t be attacked. To do so would require a truly massive collection of attackers that have not so far existed. But that’s changing.

Following the recent series of unprecedented attacks that used unprotected internet of things devices to flood victims with terabytes of data, the targets are getting more and more significant.

What’s worse is that, over the course of the past few months, attackers have been launching small but growing attacks on both the authoritative DNS servers such as DynDNS and the root servers to test their defenses and their response methodology.

It’s clear that someone, perhaps a nation-state or a criminal enterprise, is testing the core of the internet to see what would be required to take it down. Once they’ve figured it out, the reliable existence of the internet may become a thing of the past.

More to come?

Right now, there’s no way to fight such an attack. DNS servers must be open to anything on the internet that needs a name resolved into an IP address. However, there are other options.

The only effective way right now to reduce the size of the threat is to go after the unprotected nodes on the internet that are the home to the zombie attackers that are doing the work. As a company, you can start doing this by configuring your routers so that any unprotected devices, ranging from security cameras to materials-handling robots, are blocked from accessing the internet.

The next step is to make sure your company buys devices and computers that can be protected so that a casual visit by someone with a USB memory stick can’t infect your network.

This may require intrusion detection appliances on your network along with an upgrade to your network monitoring systems so that you can tell when something starts to happen on your network and you can stop it.

Unfortunately, there’s no single solution to keeping the internet available when you need it, but there are several small steps that will help. Take those small steps, and you can help ensure that your place on the internet stays open for business and you can help everyone else’s, too.

Originally published on eWeek

Quiz: What do you know about cybersecurity in 2016?