Security specialist Andreas Antonopoulos likes to talk about the Darknet - the shadowy network of malware applications that operate at a layer above (or below, depending on your perception) the traditional Internet. Encompassing everything from peer-to-peer applications to instant messaging and VoIP vulnerabilities and distributed denial-of-service attacks, the Darknet poses a greater threat to companies than is commonly assumed.
At a recent conference on IP security, Carl Landwehr, program director for the US National Science Foundation's CyberTrust program, pointed out that as of last year, CERT has ceased publishing the number of known security incidents because there are simply too many to count. The number of attacks rocketed from hundreds per year in the 1990s to 137,529 in 2003 (the last year in which attacks were reported).
Landwehr further noted that while a significant percentage of these attacks are "bad guy vs. bad guy" - disgruntled hackers waging war against each other - there's a worrying increase in the number of for-profit distributed DoS attacks. Essentially what happens here is that a hacker launches a distributed DoS attack against a victim (financial services firms and online casinos are favourite targets) and demands money to stop. This has happened with increasing frequency over the past several months, including one recent incident in which a large US consumer bank went offline for several hours.
The amount of peer-to-peer (P2P) traffic has climbed significantly. Depending on whose statistics you believe, anywhere from 30 percent to 70 percent of traffic is P2P. While P2P is not necessarily illegal or even inappropriate - commercial P2P applications for purposes such as corporate data sharing are on the rise - if unchecked, it can swamp an enterprise network. Moreover, if the P2P application is being used for the transfer of copyrighted content, its mere presence on a corporate network can expose the company to legal liability.
Organisations need a multi-pronged approach to address these threats. Start by taking distributed DoS and related attacks seriously:
* Investigate protective measures. Network providers such as AT&T offer distributed DoS protection services that detect a distributed DoS attack in progress and use standard routing protocols to divert traffic to network-based "scrubbers" that eliminate most of the attack. You can even build your own Darknet to monitor for malware on your network.
* Diversify your Internet connectivity. As with many security measures, diversity is one of the best protections. For example, Equinix in the US offers Equinix Direct, a service that lets customers quickly and easily diversify their Internet connections.
* Keep track of what's on your network. Most companies have no idea what's really on their network (although most think they do). FaceTime Communications and Akonix Systems have both introduced tools that let IT executives track P2P and IM vulnerabilities. FaceTime also has introduced FaceTime Instant Response Security Team, which includes tools and best practices to assess vulnerabilities.
* Educate yourself. There's a lot of solid literature about Darknets and how to protect against them. A good source for background on distributed DoS is at Washington University, for example.
Johnson is president and chief research officer at Nemertes Research, an independent technology research firm. She can be reached at [email protected]