240 likes | 385 Views
Network Security for Service Providers. Understanding and Addressing the Threat of Criminal and Hacker Activity. Doug Miller doug.miller@nominum.com. September 19 , 2012. Company Overview. We are the WORLD LEADER in DNS & DHCP solutions
E N D
Network Security for Service Providers Understanding and Addressing the Threat of Criminal and Hacker Activity Doug Miller doug.miller@nominum.com September 19, 2012
Company Overview We are the WORLD LEADER in DNS & DHCP solutions • Our Chairman, Dr. Paul Mockapetris, invented the DNS • Team comprised of BIND 8, BIND 9 & ISC-DHCP creators • 40 Issued and pending patents • The first & only DNS/DHCP INTEGRATED ECOSYSTEM • DNS/DHCP engines provide efficiency, lower costs, higher QoS • N2 Data Platform enable agility & faster application development • Applications create differentiation and new revenue sources • Our solutions run the world’s MOST DEMANDING networks • A decade of network operator experience • Over 140 Fixed and Mobile network operators • Serving over 1 trillion worldwide DNS queries per day EMPOWERING SOME OF THE MOST IMPORTANT BRANDS IN THE WORLD
Nominum IDEAL Ecosystem NOMINUM APPS 3rd PARTY CERTIFIED APPS Content Filtering Subscriber Safety Personal Internet SIEM Configuration Management More… Message Center NetView OTT Video Analytics ISP-DEVELOPED APPS Network Security Nominum Configuration Manager Future Custom Custom More… Unified User Interface Interoperability (SDK & APIs) Network and Security Subscriber Analytics Security Policy Enforcement Caching DNS (Vantio) Authoritative DNS (ANS) DHCP (DCS) Data Repository & Filter
Putting Telecom into Perspective Source: Chetan Sharma Consulting – 2012
Connected Devices per User Source: Cisco IBSG, 2011
Internet-Based Crime is Profitable • Hackers and criminals run a business • Marketing • Operations • Competition • Crime follows the market • Initially focused on basic exploits • Moved to crude DDoS with little financial gain • Began to focus on wired broadband networks • Increasingly moving into mobile networks – new growth market • Greatest profits come from the largest networks • Must use unsuspecting users to complete missions • Created the need for bots and bot networks • Networks increase strength and shield the hackers
Profitability is Great Russia/CIS market represents one of the fastest growing markets in the world Source: Group IB
Bots and Malware Landscape Hacktivism Droid Dream Conficker Zeus Storm Sasser SQL Slammer Attack Code Red Worm First Evidence of Attacks I Love You Melissa
Don’t Lose Sight of Simple Attacks • Attacks are generally very basic – don’t forget that • It’s too easy to talk about the exotic attacks • The fact is that most attacks are relatively simple* • 92% of all data breaches were from external agents • E.g. Malware installed on to machines to execute tasks • 58% driven by organized crime • 65% from Eastern Europe • “External agents have created economies of scale by refining standardized, automated, and highly repeatable attacks” Cost of Defense < Value of Target < Cost of Attack *Note: Information drawn from 2011 Data Breach Investigations Report; Verizon, US Secret Service, and Dutch High Tech Crime Unit
The Lifecycle of a Bot Network Botnet C&C Bot Master 3 – Bot gets instructions from Command and Control (C&C) server 2 – User visits site and is infected via “drive by download” Malware and becomes part of Botnet 1 – Spam entices user to badsite.com 4 – Newly infected machine (bot) joins Botnet in DDOS attack on a legitimate Web site Innocent User
Cache Poisoning Threat – Kaminsky • Attacker redirects unsuspecting customers • Entries in cache are changed by an attacker • Customer going to www.mybank.com is given incorrect information • Does not require phishing or any unsafe behavior • Attacker directs customers to controlled sites • Financial and identity theft, malware installation, etc. • Statistical attack • Send query so server listening for answer • Send guesses while target DNS waits for real answer • Repeat until success
Network and User Security Solution • Security needs span across mobile & fixed networks • The threat on broadband networks is clear • Mobile networks are the new playground for hackers and thieves • End user threats are not just a PC problem • “Mobile threats are evolving quickly—sophistication that took decades to reach on the PC is taking just a few years on mobile” - Lookout Mobile • Addressing the security problem on multiple levels • Protect DNS network assets • Server security ensures network access is available • Caching data is highly valuable • End users must be confident they’re going where they want to • The network must be clean • Think about spectrum efficiency • End users Options • Network-based solutions remove complexity and confusion
Protecting the DNS Assets • Client rate limiting • Limit any subscriber to a maximum amount of QPS (e.g. 1,000) • Queries-per-second (QPS) limit defined by administrator • Limit recursion contexts • Recursion context is an authoritative query out to the Internet • Limit maximum number of recursion contexts • Default limit per Vantio of 2,000 simultaneous recursion contexts Limit inbound DNS queries Limit outbound DNS queries Internet Client
Protecting the Caching Data Protecting the Cache is Vital
Protecting the Network Bot C&C Domains Visibility and Reporting Nominum Bot Domain Feed goodsite1.com Response Vantio Caching Engine botC&C.com NXDomain goodsite2.com Service Provider Network Response
Protecting the End User • A brief introduction • Opt-in service for managing both fixed and mobile data access • Broad application categories supporting multiple services • Online Security • Parental Control • Scheduling • Network-based DNS service • No need to download anything to the end-user mobile device
Layered Caching Security Protecting the Cache is Vital
Enabling Legal Compliance • Leveraging the same ecosystem • Filter government-mandated lists • Comply with legal requirements • Minimize operational impacts
Business Benefits of Security Protecting the Network and Users Benefits All
Doug Millerdoug.miller@nominum.com www.nominum.com • Twitter: @Nominum • Facebook: http://www.facebook.com/nominum • YouTube: http://www.youtube.com/nominumwebinars • LinkedIn: http://www.linkedin.com/company/nominum