Frank Louwers - Security challenges in a hosting environment - 20131024

Frank LouwersOpenminds bvbaCo-founder en COO

Managed Hosting

frank@openminds.be

Frank Louwers - Security challenges in a hosting environment - 20131024

DDoS and how they changed

Frank Louwers - Security challenges in a hosting environment - 20131024

(D)DoS attacks are not new

Used to be targeted at:

•Competing game clans

• IRC servers

•Political parties

Frank Louwers - Security challenges in a hosting environment - 20131024

DDoS attack shift

• “Occupy movement”: a lot of attacks on banks

•Political parties

• “companies and organisations with negative press”

(Monsanto, Press-agency of the Belgian Catholic Church, ...)

Frank Louwers - Security challenges in a hosting environment - 20131024

Attacks we can’t explain

•Radio Stations?!

•Software development companies

•B2B online shops?

Frank Louwers - Security challenges in a hosting environment - 20131024

DDoS attacks: new tricks

•Amplification attacks: attacker sends 2 Mbps stream, gets multiplied by 20, results in 40 Mbps attack

•Now multiply by 100 bots, so 4Gbps attack

•Bad configured DNS servers

•DNSSec increases the problem

Frank Louwers - Security challenges in a hosting environment - 20131024

Protect against DDoS attacks

•UDP: yes, can be blocked by decent routers

•SYN flood: difficult: compare to tickets at butcher

•Huge amount of bandwidth: impossible: 100000 cars on road built for 100 cars (only option: remove roadsigns)

Frank Louwers - Security challenges in a hosting environment - 20131024

Protection by external firms

•Good ones: very very very expensive (but they work!)

•Cheaper ones: no “unlimited” protection

•2013: large number of new cheap players

•Some of them Russian and very cheap

•Would you pay the attacker to block the attack?

Frank Louwers - Security challenges in a hosting environment - 20131024

Conclusion: “the new normal”

•DDoS attacks are here to stay

• Invest in tools to detect the attack

• Invest in procedures: know how to respond

•Get to know the external players

• Insurance? Some insurance companies cover this

Frank Louwers - Security challenges in a hosting environment - 20131024

About that firewall...Or why your firewall isn’t going to help much (in a hosting environment)

Frank Louwers - Security challenges in a hosting environment - 20131024

Traditional big firewall is useless•Will not protect you against 99.5% of break-ins we see

•Bad code in CMS/Websites (> 98%)

•Stolen credentials (caused by spyware)

• Infected customer computers used as launchplatform

•Not flexible enough (Cloud, scaling, ...)

•Unmaintainable, unupgradeable

Frank Louwers - Security challenges in a hosting environment - 20131024

We are under attack...

•All the time

•Every server

• Impossible to filter signal out of the noise

•Or at least very difficult

Frank Louwers - Security challenges in a hosting environment - 20131024

So what does work?

The Onion Model

Frank Louwers - Security challenges in a hosting environment - 20131024

Onion model•Maintained website (ask for maintenance contract)

•written in the right mindset (“we will be attacked”)

•Small, efficient host-firewalls

•Try to detect anomalies

•Force secure credentials or 2-Factor Authentication

•Make customers aware of the problems, teach them ...

•Know what happens on the network

Frank Louwers - Security challenges in a hosting environment - 20131024

... and automate•Human factor weakest link

•so take away human factor where possible

•Automate configuration management:

•Less mistakes

•Quickly apply fix to large # of servers

Frank Louwers - Security challenges in a hosting environment - 20131024

Hosting providersand the law

Frank Louwers - Security challenges in a hosting environment - 20131024

Which laws?

Frank Louwers - Security challenges in a hosting environment - 20131024

Which laws apply?

• “Laws of country where the server is located, applies”

• “Laws of country where company HQ are, applies”

•But that’s not always the case!

Frank Louwers - Security challenges in a hosting environment - 20131024

Servers in Europe, US laws

•Amazon Ireland, Microsoft Azure Europe, Rackspace UK

•Are all American companies, or controlled by US entity

•So they must follow US law!

•PATRIOT Act

• (so FBI can get a copy of your data without a warrant)

Frank Louwers - Security challenges in a hosting environment - 20131024

Networks

•Almost all of the big networks are American

• So assume “they” can read everything you put on the wire

• So use good encryption or VPN links

•AMS-IX wanted to open US branch

• huge concerns by members!

Frank Louwers - Security challenges in a hosting environment - 20131024

Snowden and the NSA

• It has become clear the the NSA has access to a lot of data

•why is there no real outrage?

•Do we really think this is “normal”? Do we accept this?

Frank Louwers - Security challenges in a hosting environment - 20131024

Laws that change everything

Last proposal for “Internet tap”:

• coffee-bar next door that offers free WiFi

• forced to buy 25 000 € tap box

• to allow police to tap the “public network”

Frank Louwers - Security challenges in a hosting environment - 20131024

Laws that change everything

•Data-retention law:

•Vague, “details” (= entire law) to be filled in by RD

•Clearly targeted at the “small fish”

•Real criminal rents 30 euro dedicated service, no logs

Frank Louwers - Security challenges in a hosting environment - 20131024

Laws that change everything•A lot of “Notice and Take Down” proposals:

• requires us as a hoster, to be a judge.

•We are not judges, and don’t want to be!

•Changes the intent of the current law completely!

• “mere conduit” vs “judge”