Data centers have become the proverbial bullseye for cyber-criminals, hacktivists and state-sponsored attackers. These malicious users rely on automation and off-the-shelf attack tools to steal data and take servers offline. And they leverage Distributed Denial of Service (DDoS) attacks, web application attacks, DNS infrastructure exploits, SSL-based blind-spots, and weak authentication to achieve their nefarious objectives. In this article, I’ll look at these threats and their impact on data centers.
DDoS Attacks
With the rise of botnets and cheap ‘DDoS for hire’ services, any user with a credit card can launch an attack for as little as $5 an hour. Now, though, attackers are no longer content to use standard PCs to conduct attacks; they’re exploiting web, DNS and NTP servers. By leveraging amplification attacks and server processing power, they can unleash massive onslaughts. The use of servers and amplification has dramatically increased the scale of DDoS attacks. Between 2011 and 2013, DDoS attacks surged in size from an average of 4.7 Gbps to 10 Gbps, while attack rates have skyrocketed 1850% to 7.8 Mpps. At the current trajectory, DDoS attacks could incapacitate most standard networking equipment by 2016. Every organization should anticipate DDoS threats and ensure they have put in ironclad defenses to stop these attacks.
Web Application Attacks
Year in and year out, web application attacks are preferred by attackers to infiltrate corporate defenses and steal data. Dangerous web attacks such as SQL injection and cross-site scripting (XSS) aren’t necessarily new, but they remain effective and easy to carry out. While attackers may continue to rely on old and well-known attack techniques, they have updated the target of their attacks by increasingly taking aim at Content Management Systems (CMS) and third-party CMS plugins. In 2013 and 2014, attackers uncovered and exploited countless CMS applications before organizations could react. But CMS applications aren’t the only websites at risk. According to researchers, 96% of all applications have or have had vulnerabilities. With 35% of all breaches caused by web attacks in 2013, organizations need a proactive defense to block web attacks and to ‘virtually patch’ vulnerabilities.
DNS Infrastructure Exploits
DNS servers have become a top attack target for two main reasons. First, attackers know that if they disrupt access to DNS servers or poison DNS caches, they can prevent scores of users from reaching vital internet services. In fact, attacks that have brought down ISPs’ DNS servers have led to class-action lawsuits by subscribers. The second reason DNS servers are attacked is to carry out DNS amplification attacks. In DNS amplification attacks, attackers spoof the IP address of their real target, then send queries that instruct the DNS server to send much larger responses to the victim. Powerful servers then drown the victim’s network with DNS traffic. Even when DNS servers are not the ultimate target, they can still suffer downtime and outages as the result of a reflection attack. Organizations that host DNS servers must protect their infrastructure against denial of service, DNS cache poisoning, and other DNS exploits.
SSL-Induced Security Blind Spots
Attackers are increasingly turning to SSL encryption to hide attacks from security devices. As more applications support SSL – in fact, more than 40% of applications can use SSL or change ports – encrypted traffic has become an enormous blind spot in corporate defenses. Organizations need to inspect outbound SSL traffic from internal users, and inbound SSL traffic to corporate servers, to eliminate this blind spot. While many firewall and IPS products can decrypt SSL traffic, they can’t keep pace with growing demands, particularly given the transition from 1024- to 2048-bit SSL keys. 2048-bit certificates require approximately 6.3 times more processing power to decrypt1. As a result, organizations need a solution to intercept, offload and decrypt SSL traffic.
Weak Authentication and Brute Force Attacks
Many applications today rely on single-factor, password-based authentication. Application owners often do not enforce the use of strong passwords or securely store credentials. By implementing poor authentication controls, application owners expose themselves to a host of threats, including stolen credentials and automated brute force attacks. So it’s not surprising that within hours of many recent breaches, hackers have cracked stolen password lists – even password hashes – and used them to break into other online accounts.
Two-factor authentication greatly decreases the risk of brute force or password cracking. Analyzing user attributes, such as browser type, operating system or geographic location, can also help identify fraudulent activity. Advanced rules can identify high-risk users or password cracking tools. An integrated solution that centrally manages authentication services and blocks users with repeated failed login attempts not only bolsters security but also helps automate and scale operations.
Protecting Against the Top 5 Data Center Threats
Organizations need a solution that can mitigate these threat vectors and still deliver unmatched performance. Application Delivery Controllers (ADCs), deployed in the heart of the data center, can block attacks, intercept and inspect encrypted traffic, and prevent unauthorized access to applications. Correctly deployed, ADCs become a vital component in the arsenal of defenses against the top five data center threats.
1. On commodity hardware, 2048-bit RSA certificates require 6.3x and 3.4x more computational effort, respectively than 1024-bit RSA certificates per a StackExchange analysis
About the Author
Kasey Cross is responsible for security evangelism at A10 Networks. She has over ten years of experience in management positions at leading information security companies including Imperva and SonicWALL. She was also the co-founder and CEO of Menlo Logic and led the company through its successful acquisition by Cavium Networks.