1 / 23

Network Security for Service Providers

Network Security for Service Providers. Understanding and Addressing the Threat of Criminal and Hacker Activity. Doug Miller doug.miller@nominum.com. September 19 , 2012. Company Overview. We are the WORLD LEADER in DNS & DHCP solutions

felix
Download Presentation

Network Security for Service Providers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network Security for Service Providers Understanding and Addressing the Threat of Criminal and Hacker Activity Doug Miller doug.miller@nominum.com September 19, 2012

  2. Company Overview We are the WORLD LEADER in DNS & DHCP solutions • Our Chairman, Dr. Paul Mockapetris, invented the DNS • Team comprised of BIND 8, BIND 9 & ISC-DHCP creators • 40 Issued and pending patents • The first & only DNS/DHCP INTEGRATED ECOSYSTEM • DNS/DHCP engines provide efficiency, lower costs, higher QoS • N2 Data Platform enable agility & faster application development • Applications create differentiation and new revenue sources • Our solutions run the world’s MOST DEMANDING networks • A decade of network operator experience • Over 140 Fixed and Mobile network operators • Serving over 1 trillion worldwide DNS queries per day EMPOWERING SOME OF THE MOST IMPORTANT BRANDS IN THE WORLD

  3. Nominum IDEAL Ecosystem NOMINUM APPS 3rd PARTY CERTIFIED APPS Content Filtering Subscriber Safety Personal Internet SIEM Configuration Management More… Message Center NetView OTT Video Analytics ISP-DEVELOPED APPS Network Security Nominum Configuration Manager Future Custom Custom More… Unified User Interface Interoperability (SDK & APIs) Network and Security Subscriber Analytics Security Policy Enforcement Caching DNS (Vantio) Authoritative DNS (ANS) DHCP (DCS) Data Repository & Filter

  4. Understanding the Threat

  5. Putting Telecom into Perspective Source: Chetan Sharma Consulting – 2012

  6. Connected Devices per User Source: Cisco IBSG, 2011

  7. Internet-Based Crime is Profitable • Hackers and criminals run a business • Marketing • Operations • Competition • Crime follows the market • Initially focused on basic exploits • Moved to crude DDoS with little financial gain • Began to focus on wired broadband networks • Increasingly moving into mobile networks – new growth market • Greatest profits come from the largest networks • Must use unsuspecting users to complete missions • Created the need for bots and bot networks • Networks increase strength and shield the hackers

  8. Profitability is Great Russia/CIS market represents one of the fastest growing markets in the world Source: Group IB

  9. Bots and Malware Landscape Hacktivism Droid Dream Conficker Zeus Storm Sasser SQL Slammer Attack Code Red Worm First Evidence of Attacks I Love You Melissa

  10. Don’t Lose Sight of Simple Attacks • Attacks are generally very basic – don’t forget that • It’s too easy to talk about the exotic attacks • The fact is that most attacks are relatively simple* • 92% of all data breaches were from external agents • E.g. Malware installed on to machines to execute tasks • 58% driven by organized crime • 65% from Eastern Europe • “External agents have created economies of scale by refining standardized, automated, and highly repeatable attacks” Cost of Defense < Value of Target < Cost of Attack *Note: Information drawn from 2011 Data Breach Investigations Report; Verizon, US Secret Service, and Dutch High Tech Crime Unit

  11. The Lifecycle of a Bot Network Botnet C&C Bot Master 3 – Bot gets instructions from Command and Control (C&C) server 2 – User visits site and is infected via “drive by download” Malware and becomes part of Botnet 1 – Spam entices user to badsite.com 4 – Newly infected machine (bot) joins Botnet in DDOS attack on a legitimate Web site Innocent User

  12. Mobile Malware Distribution

  13. Cache Poisoning Threat – Kaminsky • Attacker redirects unsuspecting customers • Entries in cache are changed by an attacker • Customer going to www.mybank.com is given incorrect information • Does not require phishing or any unsafe behavior • Attacker directs customers to controlled sites • Financial and identity theft, malware installation, etc. • Statistical attack • Send query so server listening for answer • Send guesses while target DNS waits for real answer • Repeat until success

  14. Addressing the Issue

  15. Network and User Security Solution • Security needs span across mobile & fixed networks • The threat on broadband networks is clear • Mobile networks are the new playground for hackers and thieves • End user threats are not just a PC problem • “Mobile threats are evolving quickly—sophistication that took decades to reach on the PC is taking just a few years on mobile” - Lookout Mobile • Addressing the security problem on multiple levels • Protect DNS network assets • Server security ensures network access is available • Caching data is highly valuable • End users must be confident they’re going where they want to • The network must be clean • Think about spectrum efficiency • End users Options • Network-based solutions remove complexity and confusion

  16. Protecting the DNS Assets • Client rate limiting • Limit any subscriber to a maximum amount of QPS (e.g. 1,000) • Queries-per-second (QPS) limit defined by administrator • Limit recursion contexts • Recursion context is an authoritative query out to the Internet • Limit maximum number of recursion contexts • Default limit per Vantio of 2,000 simultaneous recursion contexts Limit inbound DNS queries Limit outbound DNS queries Internet Client

  17. Protecting the Caching Data Protecting the Cache is Vital

  18. Protecting the Network Bot C&C Domains Visibility and Reporting Nominum Bot Domain Feed goodsite1.com Response Vantio Caching Engine botC&C.com NXDomain goodsite2.com Service Provider Network Response

  19. Protecting the End User • A brief introduction • Opt-in service for managing both fixed and mobile data access • Broad application categories supporting multiple services • Online Security • Parental Control • Scheduling • Network-based DNS service • No need to download anything to the end-user mobile device

  20. Layered Caching Security Protecting the Cache is Vital

  21. Enabling Legal Compliance • Leveraging the same ecosystem • Filter government-mandated lists • Comply with legal requirements • Minimize operational impacts

  22. Business Benefits of Security Protecting the Network and Users Benefits All

  23. Doug Millerdoug.miller@nominum.com www.nominum.com • Twitter: @Nominum • Facebook: http://www.facebook.com/nominum • YouTube: http://www.youtube.com/nominumwebinars • LinkedIn: http://www.linkedin.com/company/nominum

More Related