How to Protect Your Network from Protocol-Based DDoS Attacks
-
Upload
akamai -
Category
Technology
-
view
668 -
download
0
description
Transcript of How to Protect Your Network from Protocol-Based DDoS Attacks
www.prolexic.com
Printers, Routers Used in Cyber Attacks
How to protect your network
www.prolexic.com
The DrDoS attack: A popular cyber attack
• Distributed reflection and amplification denial of service attack, or DrDoS
• Malicious use of Internet protocols • Difficult to trace back to the origin, because
spoofing can mask the origin of the attack • Sysadmins can take specific actions to reduce the
vulnerability of their network devices and servers
2 CONFIDENTIAL
www.prolexic.com
Even printers may be hijacked by criminals using DrDoS attacks
• Support for common network protocols allows devices on your network to be employed in denial of service attacks
• Vulnerable devices include: – Printers – Cameras – Routers – Hubs – Sensors – Other network devices
3
www.prolexic.com
Secure your IT devices and infrastructure
• Three vulnerable network protocols used in devices: – Simple Network Management Protocol (SNMP) – Network Time Protocol (NTP) – Character Generation Protocol (CHARGEN)
• Like many other network protocols, these protocols were written with functionality, not security, in mind
• Can be used to misdirect and amplify responses to the attacker’s target
4 CONFIDENTIAL
Simple Network Management Protocol (SNMP)
• For communicating with IP-based devices, such as routers, switches, servers, printers, modems, IP video cameras, IP phones, network bridges, hubs, alarms and thermometers
• Transmits data about device components, measurements, sensor readings and variables
• Allows users to monitor these devices • Use of human-readable cleartext makes SNMPv1 and
v2 vulnerable to interception and modification • The origin of the transmission cannot be verified
• The white paper explains how to mitigate vulnerability to SNMP DrDoS attacks
5 www.prolexic.com
www.prolexic.com
Network Time Protocol (NTP)
• For synchronizing time and date information on computer clocks on the Internet
• Implemented on all major operating systems, network infrastructure devices and embedded devices
• Susceptible to spoofing, like the User Datagram Protocol (UDP) upon which is it built
• Attacker may cause multiple requests for time updates to be sent to multiple NTP hosts, directing their responses to the attacker’s target
• Team-Cymru authored a secure NTP server template that can be used as a baseline for DDoS protection against NTP reflection attacks
• The white paper provides a link to the Team-Cymru NTP server template
6 www.prolexic.com
www.prolexic.com
Character Generation Protocol (CHARGEN)
• Can be used for debugging network connections, network payload generating and bandwidth testing
• Two types of CHARGEN services: – TCP and UDP – UDP version is vulnerable to spoofing
• Misuse of the testing features may allow attackers to craft malicious network payloads and direct the responses to the attacker’s target
• The U.S. cyber security organization CERT recommends reconsidering whether these protocols are needed in your organization
• The white paper provides a link to details about the CERT recommendation
7
www.prolexic.com
Why protocol-based DrDoS attacks happen
• DrDoS protocol reflection attacks are possible due to the inherent design of the original architecture and structure of these protocols
• Closing the security gaps permanently would require creating new protocols, which is unlikely to happen in the short term
• By disabling or restricting unneeded functionality, sysadmins can eliminate these vulnerabilities
• Prolexic customers are protected from these attacks as part of our DDoS protection and mitigation services
8 www.prolexic.com
www.prolexic.com
Learn more in the white paper
• Download the DrDoS white paper: SNMP, NTP and CHARGEN attacks
• In this white paper, you’ll learn: – Three common network protocols used in reflection attacks – How SNMP, NTP and CHARGEN can be used malicious actors – How your printers and network devices may be employed by
cyber attackers – Specific action to minimize your network’s exposure and
mitigate protocol attacks – What the internet community could do to reduce the risk
9
www.prolexic.com
About Prolexic
• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services.
• Prolexic has successfully stopped DDoS attacks for more than a decade.
• We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers.
10