The Internet’s outward facing threats to enterprise security

For many years there has been an ongoing debate about immunizations for children. The argument for immunization is rooted in the reality that we are all interconnected. We can, unknowingly, spread viruses and infections through hand shakes, sneezes, coughs.  

Technology is equally as susceptible to infections, so perhaps it’s time to consider the ways in which we can digitally immunize ourselves to prevent online or network infections.

“One thing that is pretty obvious in the interconnected world is that it is impossible anymore to protect one’s assets only from the inside,” said Andrei Robachevsky, technology program manager, Internet Society (ISOC).

The network that works to defend itself can still be a victim of outward facing attacks like botnets or IP spoofing.  

A botnet is a network of ‘soldiers’ that infects a user’s network without their knowledge. “Those bots need to be controlled. Someone wants to send spam or other infections, which is done through a command and control center, said Robachevsky.  

When you want to mitigate a botnet, you have to attack that command and control center. “In a static command and control center, you cut the head off. The botnet still exists but it can’t be controlled,” said Robachevsky. As with most other security risks, preventing botnet attacks requires ongoing education of end users.  

A security team charged with building defense in depth takes care to protect and disable in order to avoid becoming the host of this and other infections. “In many cases, though,” said Robachevsky, “the existence of a botnet doesn’t affect the network itself. It affects the users where they operate. Some botnets are just being used as a launch pad to attack the company elsewhere.” 

The same is true for IP spoofing. The fundamental problem, according to Robachevsky, is that, “The global routing system doesn’t need source IP address over packets. Therefore it is possible to spoof.”

Attackers can originate traffic to make it look like traffic is coming from your computer.  “I will send requests as if all of them are coming from the same IP address, the DNS server will think it is Kacy that is sending me this request. I can generate a lot of traffic to cause enormous collateral damage. Your provider network will be overloaded and collapse,” Robachevsky explained.

There are techniques to mitigate these attacks like “egress filtering, which will not allow traffic that doesn’t originate in your network. You know the IP addresses in your network, and you can see if the request is coming from your network,” said Robachevsky. If it is, then let it go. If not, then the source IP address is spoofed and you have to discard that packet.

Here’s where the immunization analogy comes into play for cyber security. If you’re thinking, Why would I care that some other victim is at risk? the answer is self-defense. In this interconnected, internet dependent world of multiple devices, risk is everywhere. The more concerned you are with the cyber health of all those users, partners, third-party contractors that your business interacts with, the safer your extended environment will be. 

A few other suggestions for best practices that allow protection from those threats, said Robachevsky, include closing the services that are open to receive requests from anywhere in the Internet. They should be open only to the clients in the network, when closed, they can’t be used as a reflector from the outside.

“Using routing filters that prevent the network from presenting false information about reachability will help to prevent routing incidents,” Robachevsky continued.

ISOC sees cyber security as a collaborative effort, and “If everyone pursues their individual interests, there is no common—the whole thing deteriorates,” Robachevsky said. Only looking inward without caring about the risk they post to the environment is not sustainable.