By Malcolm Orekoya, Senior Technical Consultant, Netutils
Views expressed in this post are original thoughts posted by Malcolm Orekoya, Senior Technical Consultant, Netutils. These views are his own and in no way do they represent the views of the company.
As most of the United Kingdom is being bombarded by storms and hurricane-force winds resulting in flooding in several parts of the country, it is understandable that most of our attention is on this bit of news.
However, some of you in the IT world will have also heard of another flood hitting the headlines this week – the massive NTP reflection attack that exploited a vulnerability in the NTP protocol, a widely used protocol on the internet, which is used for clock synchronisation between computer systems.
Hackers seem to have taken the floods caused by the weather as a go ahead to press the Distributed Denial of Service (DDoS) button on their keyboards to launch a massive flood of their own on the internet. The attack was first revealed on Twitter by CloudFlare’s CEO Matthew Prince on Monday 10th January 2014, saying “Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year.” The attack has been recorded in Europe as the biggest DDoS attack to date reaching 400Gbps at its peak.
So with flaws in protocols such as NTP and DNS, that were not built with security in mind being continually exposed and with the world wide use of such protocols across the internet attracting more malicious hackers, what should you do to mitigate these denial of service attacks?
Well in my opinion, for starters administrators and organisations need to be proactive about keeping abreast of the latest security alerts, news, blogs and trends.
There have been several organisations, such as the US-CERT and Team Cymru’s Secure NTP Template page, that have released alerts and mitigation techniques regarding flaws in NTP as well as other protocols. Proactive enterprises would have already taken steps to mitigate the specific NTP threat, but also sought general DDoS protection for their business critical web facing systems.
In addition to looking into DDoS protection vendors and services, it is important to understand the differences in the plethora of protection solutions and vendors available on the market. For example solutions like Juniper Networks DDoS Secure product, provides DDoS protection against in-bound as well as out-bound traffic, which is a unique selling point in comparison to some other vendors in the same space.
Finally, it’s important for organisations to know where their strengths and weaknesses lie and lean on the experts where necessary. A lot of enterprises do not have a SOC or the human resource (in helpdesk or administrators) to proactively manage their security. This should be recognised and the use of expert security consultants to work alongside the on premise teams should not be avoided, not for financial or “it won’t happen to me” reasons. Because at the end of the day, every organisation that has at least one point of contact with the World Wide Web is susceptible, and in almost every attack situation, the end customer and the organisation will end up feeling the brunt of the consequences of any ignorance or neglect.
We have already helped customers who have been affected by the recent NTP attack and urge you to get in touch with us even if you’d just like some advice to help assess the level of vulnerability in your organisation.