Page 63 - Cyber Warnings
P. 63
How to Defend Against the Next DDoS Attack
Cricket Liu, Chief DNS Architect at Infoblox
I’m sure you’ve been following the news the recent distributed denial of service (DDoS) attack
against Dyn. Here’s my take on what happened and what we need to do to survive the next big
one.
The Dyn attack is a wake-up call to the world – not just to DNS providers, but to all parties
involved, including the DNS community, Internet of Things (IoT) device manufacturers,
businesses and consumers.
The sheer volume of traffic involved and huge number of web sites affected may make the Dyn
attack seem overwhelming, but the truth is, by following some simple best practices, we can not
only survive attacks like this, but also reduce their size and scope.
Get back to the basics: 3 best practices
1. Build in redundancy. Many companies rely on a single DNS provider like Dyn,
leaving them vulnerable to attacks. Instead, businesses need to either deploy some on-
premises appliances that can serve as external authoritative name servers – the servers
that advertise their DNS data to the Internet – or bring in a second DNS provider. This is
no different from ensuring that your company has redundant connections to the Internet.
If one set of name servers goes down or is attacked, companies will still have name
servers available. Making the external DNS infrastructure more heterogeneous ensures
that companies are not putting all of their eggs in one basket.
2. Mix it up, manufacturers. IoT devices are here to stay, from cameras to
thermostats to fitness trackers. And traffic from IoT devices will continue to grow. But many
IoT devices are inherently insecure from the get-go. Why? Many manufacturers sell these
devices with the same default administrator password, which consumers rarely change. Or
even if they want to change it, sometimes they can’t figure out how to do it.
Either way, attackers have access to a vast network of devices from which to launch DDoS
attacks. Simply put, IoT devices cannot be sold to consumers without some basic security
measures, starting with unique, randomly generated passwords for each device.
3. Lock it down, consumers. In general, we have a terrible track record when it
comes to protecting our information with passwords. The majority of passwords
63 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
