paul m kane director, 20th anniversary of.lv hosts: institute of mathematics and computer science...
TRANSCRIPT
Paul M KaneDirector,
www.CDNS.net
20th anniversary of .LVHOSTS: Institute of Mathematics and Computer ScienceVENUE: Radisson Blu Daugava Hotel, Riga, Latvia.19th April 2013.
Cyber attacks increasing – keep your domain safe
International Conference on DNS and Internet - 19th April 2013, Riga
2
Thank you to nic.LV
• Inviting me and for working with us.
• Congratulations on 20 reliable years, here’s to the next 20 years.
• For being an active member of the Domain Name System Infrastructure Resilience (DIR) Task Force – www.DIR.ORG> With financial support from the European Commission - Directorate-General
Justice, Freedom and Security; Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks Programme.
• Cyber-Security is NOT sexy –we’re telling users they are frequently the cause of problems –but being protected is better for them, their employer and wider Internet.
International Conference on DNS and Internet - 19th April 2013, Riga
3
Agenda
• What we do> A word from our sponsors!
• Growth of Internet access> Broadband access and speeds
• Vulnerabilities and attack traffic> Compromised devises, attack vectors and Video – watch carefully, see if you
can see some of the tricks.
• Why and how do the bad guys use YOU> Using compromised devices is an efficient way to gain information, generate
revenue or cause disruption.
• How resilient is the Internet> It is as safe as you make it!
• References> Any questions.
International Conference on DNS and Internet - 19th April 2013, Riga
4
Real Time Data – 29th Nov 2010
• 12 billion users per day
• 1,869 ISPs host CDNS servers.
• 160,731,688 names on platform
• 636,707 updates on 8th March 2013
• Peaked at 193,000 transactions per second
• Capacity is 855 billion per second!
www.CDNS.net/live_stats.html
International Conference on DNS and Internet - 19th April 2013, Riga
5
CDNS - Server Locations
55 locations, 48 Countries, 24x7x365 NOCs in UK, USA and Japan, monitoring, serving and blocking malicious traffic for DNS, WEB and other applications
International Conference on DNS and Internet - 19th April 2013, Riga
6
DNS – Reflection attacks
• DDoS Increasing
• DNSSEC has much larger payload
• DNS Amplification attacks increasing
• 23rd March 2012 7.6m queries per sec peak, >2m queries per sec for approx 24 hour
• Genuine traffic <300,000 queries per second
International Conference on DNS and Internet - 19th April 2013, Riga
7
Network monitoring for DNS and more
• Improving cyber-security for customers.> Managing Anycast cloud represents approximately 30% of the job
and is technically relatively easy.> 70% is network monitoring, looking for “bad” guys who seek to
change DNS data or introduce anomalies for personal gain.
International Conference on DNS and Internet - 19th April 2013, Riga
8
European Broadband – July 2012
European Commission Communications Committee - Digital Agenda, July 2012
International Conference on DNS and Internet - 19th April 2013, Riga
9
Broadband lines by speed and country
European Commission Communications Committee - Digital Agenda, July 2012
International Conference on DNS and Internet - 19th April 2013, Riga
10
Mobile Broadband - Jan 2009 to July 2012
European Commission Communications Committee - Digital Agenda, July 2012
International Conference on DNS and Internet - 19th April 2013, Riga
11
Year on Year growth - 2011 v 2012
• Attack traffic is increasing dramatically.
European Commission DG INFSO, Unit C4: Economical and Statistical Analysis
International Conference on DNS and Internet - 19th April 2013, Riga
12
Total attack types 2012
European Commission DG INFSO, Unit C4: Economical and Statistical Analysis
International Conference on DNS and Internet - 19th April 2013, Riga
13
Home DSL Router vulnerability test results
• It works!! -leave it alone> Majority of home
users buy their router and do not install security patches.
> UK – 19m DSL Routers, 35% compromised, average upstream say 0.5Mbps = DDoS of 3.3Tbpsor 3325Gbps
International Conference on DNS and Internet - 19th April 2013, Riga
14
Cyber-espionage - You’ve got mail!
International Conference on DNS and Internet - 19th April 2013, Riga
15
How mail system works….
Message:Broken intoPackets,Numberedanddispatched
Receiver:Acknowledge
receipt, lost packets are
resent, Reassembled
in order
International Conference on DNS and Internet - 19th April 2013, Riga
16
Emailing your Bank – DNSSEC helps a bit
International Conference on DNS and Internet - 19th April 2013, Riga
17
2011 Denial of Service Attack Vectors
• UDP popular “hook” for initiating attacks as is SYN – the TCP three way handshake
International Conference on DNS and Internet - 19th April 2013, Riga
18
2012 Attack vectors
• DNS Attacks almost tripled Q1 2011 to Q1 2013 from 2.35% to 4.67%
International Conference on DNS and Internet - 19th April 2013, Riga
19
Top 10 countries - sources of DDoS attacks
• UK – has almost 19million home/office Broadband connections.
International Conference on DNS and Internet - 19th April 2013, Riga
20
2011 – Top 10 DDoS source countries.
International Conference on DNS and Internet - 19th April 2013, Riga
21
2012 – Top 10 DDoS source countries.
International Conference on DNS and Internet - 19th April 2013, Riga
22
Compromised Devices by Country
Source: Panda Security
International Conference on DNS and Internet - 19th April 2013, Riga
23
ASN – Most used ASN for DDoS
• Counterfeit software is NOT patched by supplier therefore vulnerable to compromise.
International Conference on DNS and Internet - 19th April 2013, Riga
24
Work - Bad guys “fish, where fish are!”
37%
• In US – 77% of employees use social media during worktime.
• 33% of companies have been infected by malware through social media channel
Panda Labs Q3 2012 Quarterly Report
> 57% of companies have Policies regulating use
> 81% have staff dedicated to monitoring and implementing Policies
> 62% do not allow these sites to be accessed
> Android smart phone are the new target
International Conference on DNS and Internet - 19th April 2013, Riga
25
Why do they do it- Reason for cyber-crime
Panda Labs Q3 2012 Quarterly Report
International Conference on DNS and Internet - 19th April 2013, Riga
26
How the “bad guys” corrupt systems
International Conference on DNS and Internet - 19th April 2013, Riga
28
How much to know your competitors?
International Conference on DNS and Internet - 19th April 2013, Riga
29
How Resilient is the Internet?
• Very – BUT …. Progress means things are changing fast……..
> To keep ahead of the bad-guys, needs careful monitoring
> Need to check your DNS settings and services regularly
> Do not rely on the Public Internet, make good use of private VPN’s that use IP address (IPv4 and IPv6) rather than just standard “name” resolution.
> Encrypt private communications – PKI, like PGP etc
> Periodically check for inconsistencies such as the way staff terminals use the Internet.
> Smart Phones are now the target, so they need scanning where users interact with social media sites and may download viruses to act as Trojan on home and work networks.
International Conference on DNS and Internet - 19th April 2013, Riga
30
References
• PHP Vulnerability -Injection Attack> http://security.radware.com/itsoknoproblembro/
• SOAP Vulnerable Products:> https://docs.google.com/spreadsheet/ccc
?key=0ApUaRDtAei07dGxkSHN1cEN3V2pmYW4yNkpZMlQ0Rmc#gid=0
• Around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. > UPnP enables devices such as routers, printers, network-attached storage (NAS), media players
and smart TVs to communicate with each other.
> http://www.defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf
• Java (again) - turn off Java Runtime Environment
https://blogs.oracle.com/security/entry/february_2013_critical_patch_update
International Conference on DNS and Internet - 19th April 2013, Riga
31
Happy Birthday nic.LV!!!
Thank you