Click here to load reader
Upload
prolexic
View
85
Download
3
Embed Size (px)
Citation preview
www.prolexic.com
Printers, Routers Used in Cyber Attacks
How to protect your network
www.prolexic.com
The DrDoS attack: A popular cyber attack
• Distributed reflection and amplification denial of service attack, or DrDoS
• Malicious use of Internet protocols
• Difficult to trace back to the origin, because spoofing can mask the origin of the attack
• Sysadmins can take specific actions to reduce the vulnerability of their network devices and servers
2 CONFIDENTIAL
www.prolexic.com
Even printers may be hijacked by criminals using DrDoS attacks
• Support for common network protocols allows devices on your network to be employed in denial of service attacks
• Vulnerable devices include: – Printers – Cameras – Routers – Hubs – Sensors – Other network devices
3
www.prolexic.com
Secure your IT devices and infrastructure
• Three vulnerable network protocols used in devices: – Simple Network Management Protocol (SNMP) – Network Time Protocol (NTP) – Character Generation Protocol (CHARGEN)
• Like many other network protocols, these protocols were written with functionality, not security, in mind
• Can be used to misdirect and amplify responses to the attacker’s target
4 CONFIDENTIAL
Simple Network Management Protocol (SNMP)
• For communicating with IP-based devices, such as routers, switches, servers, printers, modems, IP video cameras, IP phones, network bridges, hubs, alarms and thermometers
• Transmits data about device components, measurements, sensor readings and variables
• Allows users to monitor these devices • Use of human-readable cleartext makes SNMPv1 and
v2 vulnerable to interception and modification • The origin of the transmission cannot be verified
• The white paper explains how to mitigate vulnerability to SNMP DrDoS attacks
5 www.prolexic.com
www.prolexic.com
Network Time Protocol (NTP)
• For synchronizing time and date information on computer clocks on the Internet
• Implemented on all major operating systems, network infrastructure devices and embedded devices
• Susceptible to spoofing, like the User Datagram Protocol (UDP) upon which is it built
• Attacker may cause multiple requests for time updates to be sent to multiple NTP hosts, directing their responses to the attacker’s target
• Team-Cymru authored a secure NTP server template that can be used as a baseline for DDoS protection against NTP reflection attacks
• The white paper provides a link to the Team-Cymru NTP server template
6 www.prolexic.com
www.prolexic.com
Character Generation Protocol (CHARGEN)
• Can be used for debugging network connections, network payload generating and bandwidth testing
• Two types of CHARGEN services: – TCP and UDP – UDP version is vulnerable to spoofing
• Misuse of the testing features may allow attackers to craft malicious network payloads and direct the responses to the attacker’s target
• The U.S. cyber security organization CERT recommends reconsidering whether these protocols are needed in your organization
• The white paper provides a link to details about the CERT recommendation
7
www.prolexic.com
Why protocol-based DrDoS attacks happen
• DrDoS protocol reflection attacks are possible due to the inherent design of the original architecture and structure of these protocols
• Closing the security gaps permanently would require creating new protocols, which is unlikely to happen in the short term
• By disabling or restricting unneeded functionality, sysadmins can eliminate these vulnerabilities
• Prolexic customers are protected from these attacks as part of our DDoS protection and mitigation services
8 www.prolexic.com
www.prolexic.com
Learn more in the white paper
• Download the DrDoS white paper: SNMP, NTP and CHARGEN attacks
• In this white paper, you’ll learn: – Three common network protocols used in reflection attacks
– How SNMP, NTP and CHARGEN can be used malicious actors
– How your printers and network devices may be employed by cyber attackers
– Specific action to minimize your network’s exposure and mitigate protocol attacks
– What the internet community could do to reduce the risk
9
www.prolexic.com
About Prolexic
• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services.
• Prolexic has successfully stopped DDoS attacks for more than a decade.
• We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers.
10