Skip to main content

How to Defend Against the Next DDoS Attack

By: Cricket Liu, Chief DNS Architect at Infoblox

I’m sure you’ve been following the news the recent distributed denial of service (DDoS) attack against Dyn. Here’s my take on what happened and what we need to do to survive the next big one.

The Dyn attack is a wake-up call to the world – not just to DNS providers, but to all parties involved, including the DNS community, Internet of Things (IoT) device manufacturers, businesses and consumers. The sheer volume of traffic involved and huge number of web sites affected may make the Dyn attack seem overwhelming, but the truth is, by following some simple best practices, we can not only survive attacks like this, but also reduce their size and scope.

Get back to the basics: 3 best practices

1.    Build in redundancy. Many companies rely on a single DNS provider like Dyn, leaving them vulnerable to attacks. Instead, businesses need to either deploy some on-premises appliances that can serve as external authoritative name servers – the servers that advertise their DNS data to the Internet – or bring in a second DNS provider. This is no different from ensuring that your company has redundant connections to the Internet. If one set of name servers goes down or is attacked, companies will still have name servers available. Making the external DNS infrastructure more heterogeneous ensures that companies are not putting all of their eggs in one basket.
2.    Mix it up, manufacturers. IoT devices are here to stay, from cameras to thermostats to fitness trackers. And traffic from IoT devices will continue to grow. But many IoT devices are inherently insecure from the get-go. Why? Many manufacturers sell these devices with the same default administrator password, which consumers rarely change. Or even if they want to change it, sometimes they can’t figure out how to do it. Either way, attackers have access to a vast network of devices from which to launch DDoS attacks. Simply put, IoT devices cannot be sold to consumers without some basic security measures, starting with unique, randomly generated passwords for each device.
3.    Lock it down, consumers. In general, we have a terrible track record when it comes to protecting our information with passwords. The majority of passwords consumers use are easily guessable. We have to try harder. The same goes with Internet-connected devices. Consumers must be savvier about changing the default passwords on everything including cameras, DVRs, routers and printers. And, device manufacturers, in addition to providing each device with a unique preset password, must prompt consumers to create more sophisticated passwords and make it more intuitive for people to be able to do it. Finally, an attack should be a reminder to consumers to check the security of their devices: to make sure passwords aren’t easily guessable, and that devices have been upgraded recently to versions of code without known vulnerabilities.

Take action now
Gartner projects there will be 26 billion IoT devices installed by 2020. That’s more than three devices for every person on the planet. A survey Infoblox conducted of 400 IT executives revealed that although 75% of businesses already have Internet-connected equipment on their networks, 35% say they’re not ready to support IoT yet. Even more eye-opening is that we found that nearly 60% of IT professionals say they’re not doing anything to prepare for the impact of IoT. Do we really want to be ruled by toaster and refrigerator overlords? The IoT threat isn’t even the future – it’s already happening, as demonstrated by the Dyn attack. Implementing best practices for IoT device security must be a top priority for all of us. 

Popular posts from this blog

Radisson Blu Hotel, Dubai Improves Guest Wi-Fi Coverage and Performance with Aruba Wireless Solutions

Radisson Blu Hotel, in Al Sufouh at Dubai Media City has recently deployed wireless infrastructure from Aruba, a Hewlett Packard Enterprise Company, to deliver secure, seamless, high-speed, wireless internet connectivity across its hotel rooms, suites and public areas. The implementation has resulted in improvement in rating of Wi-Fi services and drastic reduction in volume of IT help desk calls, besides the fact that the design of the Access Points (APs) blends seamlessly with the hotel aesthetics and AP management, monitoring and troubleshooting has become centralized and simplified.

Amazon.in launches “Smart Living Store”

How would it be if you could stream online videos or browse websites on your TV? How about a device that could measure your level of activity throughout the day? How would it be if a device helps keep your home secure? With the Smart Living Store you can find out! Amazon.in announces the launch of “Smart Living Store” - a dedicated store aimed at providing customers the one stop shop for all smart devices across various product categories.

Pi DATACENTERS Achieves Uptime Institute Tier IV Design Certification

Pi DATACENTERS, India, an enterprise class datacenter and Cloud service provider based at Amaravati, the new capital region of Andhra Pradesh, today announced that the company has been awarded Uptime Institute Tier IV Design Certification, achieving the highest standards for infrastructure, functionality and capacity as demonstrated on the design documents. To earn a Tier Certification of Design Documents, a facility is evaluated on mechanical, electrical, structural and site elements, and certified facilities also receive expert recommendations to enhance Operational Stability over the long-term.
“We are pleased to award Pi DATACENTERS with the Uptime Institute Tier IV Design Certification,” said John Duffin, Managing Director, South Asia, Uptime Institute. “Achieving a Tier IV Fault Tolerant Design Certification illustrates that the facility meets the highest standards for infrastructure functionality and capacity as demonstrated on the design documents. This ensures that plans are…