Take a unified approach to Wi-Fi security!

For many organizations, Wi-Fi access is no longer a luxury. Employees need flexible access as they roam about the office, and customers and partners expect to connect whenever they are on site. But providing unsecured access opens a host of potential security problems if access points aren’t rigorously monitored, patched and maintained. As the number of access points grows, it’s easy to let this important maintenance task slip.

Security teams are so busy fighting fires that preventing maintenance is often overlooked. Kaspersky Labs recently analyzed data from nearly 32 million Wi-Fi hotspots around the world and reported that nearly 25% had no encryption at all. That means passwords and personal data passing through those devices can be easily intercepted by anyone connected to the network.

Virtual private networks (VPNs) are one way to keep things secure, but 82% of mobile users told IDG they don’t always bother to use them. The profusion of software-as-a-service (SaaS) options encourages this. Gartner has estimated that by 2018, 25% of corporate data will bypass perimeter security and flow directly to the cloud.

The Wi-Fi landscape is changing, thanks to mobile devices, cloud services and the growing threat of cyber attacks. This means that Wi-Fi security must be handled holistically, with a centralized approach to management and an architecture that integrates both endpoint protection and network traffic analysis. Cisco has spent more than $1 billion on security acquisitions since 2015, and it has put in place the necessary pieces to provide this integration.

Cisco Umbrella, which the company announced last month, is a new approach to securing the business perimeter that takes into account the changing ways people access the internet. Umbrella gives network and security managers a complete picture of all the devices on the network and what they are doing. For example, by combining Umbrella with Cisco Cloudlock Cloud Access Security Broker technology, organizations can enforce policies customized to individual SaaS applications and even block inappropriate services entirely. They can also block connections to known malicious destinations at the DNS and IP layers, which cuts down on the threat of malware. Umbrella can even discover and control sensitive data in SaaS applications, even if they’re off the network.

Cisco’s modernized approach to security also uses the power of the cloud for administration and analysis. Cisco Defense Orchestrator resolves over 100 billion Internet requests each day. Its machine learning technology compares this traffic against a database of more than 11 billion historical events to look for patterns that identify known malicious behavior. Defense Orchestrator can thus spot breaches quickly so they can be blocked or isolated before they do any damage. Thanks to the cloud, anonymized data from around the Internet can be combined with deep learning to continually improve these detection capabilities. Predictive analytical models enable Cisco to identify where current and future attacks are staged. In other words, Cisco’s security cloud gets smarter every day.

Umbrella can integrate with existing systems, including appliances, feeds and in-house tools, so your investments are protected. It’s built upon OpenDNS, a platform that has been cloud-native since its inception more than a decade ago. It’s the bases for Cisco’s security roadmap going forward.

A great way to get started with Cisco Umbrella is by revisiting protection on your Wi-Fi access points. We know Cisco networks inside and out, so let us put you on the on-ramp to the future of network security.

Denial of service attacks – understanding and avoiding them

In October, a cyber attack on Internet provider Dyn made many web services and sites inaccessible, including several newscasters (Fox News, HBO, CNN, Weather Channel, etc.) and world-class sites Netflix, Paypal, Yelp, Starbucks, just to name a few.

This attack is considered the largest denial of service attack ever made. In order to better understand what happened, we will first of all recall some basic notions of Internet communications. We will continue by talking about botnets and their evolution, before we see the specifics of this recent attack. Finally, we will see how we can guard against such attacks.

Internet Communication Basics

Most Internet communications are of the client-server type. The Internet browser is often used as a “client” and sends requests to the server, asking it to display a Youtube video, for example.

Each server has its own IP address. When navigating on Google, for instance, the server that responds to our request may be different depending on our geographical location. This is made possible by using a Domain Name System (DNS).

These DNS servers will translate an address with the words “www.google.com” into an IP address. This notion is important for understanding the attack that targeted Dyn.

History of botnets

A “botnet” (combination of robot and network) is a network of computers infected by a virus, which turns them into passive entities that remain listening to future instructions. The person controlling the botnet can then send commands to his army of infected computers. For example, ask his robots to send spam or launch distributed denial of service attacks (DDoS). The distributed nature of this architecture makes detection of DDoS attacks difficult.

With the miniaturization and ever-decreasing cost of computing devices, more and more objects become “connected”. This creates an ever-growing network of printers, IP cameras and all kinds of objects that are connected to the web. All these devices are ultimately small computers, and like all computers, they are vulnerable to attacks.

Moreover, since few people take the time to configure these connected objects, most of them are configured with default passwords, making it even simpler for an attacker to compromise and infect them viruses.

We find ourselves in a situation where many objects connected to the Internet are infected by a virus. And these devices, like IP cameras, are constantly on, unlike our computers. During the most recent DDoS attack, this botnet managed to generate up to 1.2 Tb of data per second! This is a data rate equivalent to nearly 2,000 DVD-quality movies sent per second!

Why did this attack hurt so badly?

Denial of service attacks have traditionally targeted servers or websites of companies that are chosen either for activism (or hacktivism) reasons, or for the purpose of extorting money.

The reasons for this attack are not yet known, but what differs from previous ones is the target. For the first time, it was not site servers that were targeted, but the DNS servers of the Dyn company.

The sites of Twitter, Paypal and Netflix, for example, were fully functional. But by preventing us from knowing the address of the servers to connect, this attack made all these sites inaccessible.

How to defend against these attacks?

DDoS attacks often follow a well-established pattern. A first way to protect oneself therefore is to use systems that will detect the signatures of these attacks.

Another way to prevent is to implement redundancy on servers. By using load balancers, you can intelligently route traffic to multiple servers, improving the system’s resilience to high traffic flows.

But that’s not all! We also need to guard against infections, to prevent one of our systems from becoming a botnet member. To do this, you must first protect computers with antivirus software.

However, many connected devices are too simple to install an antivirus. It is therefore essential to analyze the inbound network traffic in your corporate network, both to detect known threats and zero-day vulnerabilities.

It is possible to further minimize the risk of infection of your systems by correlating and monitoring event logs, such as continuous network and systems monitoring, which is part of the services offered by ESI Technologies.

Finally, remember to keep systems updated, in order to mitigate the risk that known vulnerabilities can be exploited and use unique and complex passwords. Password management software exist to make your life easier.

A specialized information security firm such as ESI Technologies will be able to assist you in analyzing your needs and selecting the most effective and efficient solutions to mitigate the risks of botnet attacks on your systems.

Tommy Koorevaar, Security Advisor – ESI Technologies