Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Internet's outward facing threats to enterprise security

Kacy Zurkus | Feb. 16, 2016
Participation in the Internet brings responsibilities for the enterprise as much as for the end users.

immunization

For many years there has been an ongoing debate about immunizations for children. The argument for immunization is rooted in the reality that we are all interconnected. We can, unknowingly, spread viruses and infections through hand shakes, sneezes, coughs.  

Technology is equally as susceptible to infections, so perhaps it's time to consider the ways in which we can digitally immunize ourselves to prevent online or network infections.

"One thing that is pretty obvious in the interconnected world is that it is impossible anymore to protect one's assets only from the inside," said Andrei Robachevsky, technology program manager, Internet Society (ISOC).

The network that works to defend itself can still be a victim of outward facing attacks like botnets or IP spoofing.  

A botnet is a network of 'soldiers' that infects a user's network without their knowledge. "Those bots need to be controlled. Someone wants to send spam or other infections, which is done through a command and control center, said Robachevsky.  

When you want to mitigate a botnet, you have to attack that command and control center. "In a static command and control center, you cut the head off. The botnet still exists but it can't be controlled," said Robachevsky. As with most other security risks, preventing botnet attacks requires ongoing education of end users.  

A security team charged with building defense in depth takes care to protect and disable in order to avoid becoming the host of this and other infections. "In many cases, though," said Robachevsky, "the existence of a botnet doesn't affect the network itself. It affects the users where they operate. Some botnets are just being used as a launch pad to attack the company elsewhere." 

The same is true for IP spoofing. The fundamental problem, according to Robachevsky, is that, "The global routing system doesn't need source IP address over packets. Therefore it is possible to spoof."

Attackers can originate traffic to make it look like traffic is coming from your computer.  "I will send requests as if all of them are coming from the same IP address, the DNS server will think it is Kacy that is sending me this request. I can generate a lot of traffic to cause enormous collateral damage. Your provider network will be overloaded and collapse," Robachevsky explained.

There are techniques to mitigate these attacks like "egress filtering, which will not allow traffic that doesn't originate in your network. You know the IP addresses in your network, and you can see if the request is coming from your network," said Robachevsky. If it is, then let it go. If not, then the source IP address is spoofed and you have to discard that packet.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.