Attack from DOS: At Zero We Trust

Article by Leonard Kleinman, Chief Security Advisor of RSA International (APJ and EMEA).

Due to recent global challenges, many organizations are digitizing and staying alive by adopting a combination of on-premises, telecommuting, and third-party collaboration.

With increasing use of the Internet and streaming media, the rapid transition to distributed work is a new and extended digital risk to organizations, creating opportunities for malicious attackers, along with fundamental changes in human behavior. Is producing.

A recent report by the University of Cambridge’s Cybercrime Center shows that distributed denial of service (DDoS) attacks have tripled and are currently tracking about 30,000 attacks per day. Interestingly, this change is due to the increase in new malicious attackers, as opposed to existing cybercriminals.

Therefore, many organizations are now aware that DDoS protection is important to stay operational and ensure a pleasant customer experience. Nothing is more damaging to the customer experience than a DDOS attack.

DDoS attacks are a common method of cyber attacks, primarily because of their simplicity, low cost, and anonymity.

A DDoS attack is an attack in which multiple compromised systems attack a single target, slowing it down, making it unresponsive, or shutting it down. As a result, users will not be able to use it. This can be achieved by simply overwhelming the system with heavy traffic from multiple sources.

As the world saw during the pandemic, threat actors never failed to take advantage of good crises, and DDoS attacks on infrastructure providers increased, including massive 2.3TB / s attacks on Amazon Web Services. I am. This is the biggest attack ever.

The increasing number of insecure Internet of Things (IoT) devices that are infected and used in botnets is arguably a major factor.

There are many forms of DDoS attacks, the main categories being protocol attacks, volume-based attacks, and application attacks. Common attacks include:

  • Syn flood attacks attempting to exploit traditional three-way handshake
  • UDP floods targeting random ports
  • Application attacks targeting weaknesses in a particular application
  • Amplification and reflection attacks that try to overwhelm the system while using limited resources.

In addition to new methods such as SSL-based attacks, side-channel attacks, and proxy server attacks, DDoS attacks are increasingly being used in mixed attacks. For example, the transfer of stolen funds is overlooked because DDoS attacks on banks are used to distract in combination with malware.

What can you do to mitigate the risk?

Starting with some important considerations, such as implementing patches and updates to prevent exploitable loopholes, training and awareness to identify attacks early, organizations overprovision bandwidth and suddenly traffic. We need to be able to cope with the surge and surge in Keep in mind that companies are only buying time when faced with a DDoS attack, even with significant overprovisioning.

At the technical level, some of the measures you can take to manage an attack include:

  • Add rules to your gateway infrastructure to drop packets from obvious sources. This relies on access to great threat intelligence, such as dropping spoofed or malformed packages.
    Sets lower SYN, ICMP, and UDP flood drop thresholds.
    Apply rate limiting to your router to prevent overwhelming your web server.
    If you have a web application firewall (WAF), activate it. This provides a layer of protection between your website and the traffic you receive.

Again, the scale of recent DDoS attacks has increased the scale of businesses, giving companies time.

Finally, work with your ISP or hosting provider to help prevent such traffic from “blackholeing” and reaching your infrastructure, or with the services of a DDoS mitigation specialist.

The threat of such cyber attacks is so imminent that the way of thinking will change dramatically. This is due to the concept of “zero trust”.

Society has long embraced the concept of reliable systems. This trust in our system is where vulnerabilities and exploitation opportunities exist. The Zero Trust approach provides the most important rules for establishing and maintaining a safe working environment.

“We don’t trust anything and treat everything as hostile. This includes the network itself, hosts, applications, or services running on the network.”

The Zero Trust approach to cybersecurity puts an end to the old “castle and moat” mindset. A long-standing methodology in which an organization focuses on keeping boundaries while assuming that everything inside is “trustworthy,” and thus is automatically granted access. We trust in essence too many ways.

The Zero Trust approach relies on a variety of existing technologies, along with appropriate governance processes, to achieve its mission to protect an organization’s IT environment, including:

  • Multi-factor authentication, Identity and Access Management (IAM), file system permissions, orchestration capabilities, analytics, encryption,
  • Governance policies, such as giving users the minimum access they need to complete a job or a particular task, that is, the principle of least privilege.

In addition, do organizations leverage internal and micro-segmentation to apply detailed boundaries based on users, user locations, and other collation data to trust users, devices, or applications seeking access to the enterprise? You need to decide. Next, we need conditional policy enforcement, a policy that specifies that someone can access something.

Today, the only thing an organization actually owns, or more accurately, is responsible for. The “continuous validation” zero-trust approach gives you more control over your data and reduces the risk of unauthorized access, manipulation, and movement of your data, including malicious software. This means that companies can focus on inspecting their data and applying appropriate access control techniques.

Zero Trust isn’t just about technology. It’s about processes, ideas, and even philosophy. Many organizations are already using many Zero Trusts. It is also important to use these and other technologies to apply the most important rules. That is, you don’t trust anything and you can’t access anything until it’s verified.

The important point is that Zero Trust is about trust elimination, and by eliminating trust, organizations are trying to eliminate trust failures and attacks such as DDoS.

Join us, Dr. Zulfikar Ramzan, CTO of RSA, to learn more about the topic of “The Rise of Zero Trust in the Digital Age.” He will present his views and recommendations at the web conferencing on November 5, 2020.

Attack from DOS: At Zero We Trust

Source link Attack from DOS: At Zero We Trust

Back to top button