Malicious attacks on networks continued to grow at an alarming rate over the past year, according to a report issued by Arbor Networks. Arbor's fourth annual Worldwide Infrastructure Security Report includes responses from nearly 70 IP network operators in North America, South America, Europe and Asia, and is designed to provide useful data to network operators so that they can make informed decisions about their use of network security technology to protect their mission-critical infrastructures.

In addition to a notable increase in the number of attacks against network infrastructure, this year's report found that smaller and more sophisticated attacks - including service-level and application-targeted attacks, DNS poisoning, and route hijacking - are more difficult to manage than larger, brute force attacks and can cause a serious disruption in network service or enable further compromise.

"Detection of application layer attacks is more difficult than with flood based attacks," commented Danny McPherson, chief security officer for Arbor Networks. "Providers need to have deep application insight into IP services and applications - such as DNS, HTTP, VoIP, IM and P2P - in order to identify, and mitigate such attacks. To do so effectively, ISPs today must have the ability to detect and surgically remove only the attack traffic while maintaining legitimate business traffic - thereby ensuring the highest level of customer satisfaction."

Attacks on a network to make it unavailable to its intended users - known as distributed denial of service (DDoS) attacks - were as large as 40 gigabits in the last year. The largest sustained attacks reported in the last two years were 24 gigabits per second (Gbps) and 17 Gbps, respectively, representing a 67 percent increase in attack scale over last year, an increase of nearly 2.5x of the largest attack reported in 2006, and a 100-fold increase since 2001. Furthermore, 36 percent of survey respondents last year reported observing sustained attacks larger than one Gbps. The number of respondents observing one gigabit per second or larger attacks nearly doubled this year.

"The growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and infrastructure investment," said McPherson. "And, while most ISPs now have the infrastructure to detect bandwidth flood attacks, we found that many still lack the ability to quickly mitigate these attacks; only a small percentage of the providers we surveyed said they have the capability to mitigate DDoS attacks in 10 minutes or less. What's even more concerning is that even fewer providers have the infrastructure to defend against service-level attacks or this year's reported peak of a 40 gigabit flooding attack. This is an area of weakness for operators that can be exploited quickly."

Although network infrastructure is under constant attack from a number of different vectors today, bots and botnets still rank highest as the largest problem facing network operators in the next 12 months. Botnets (26 percent) continue to be the primary vehicle for delivering the largest problems to network operations and security engineers, followed closely by DNS cache poisoning (23 percent) and BGP route hijacking (15 percent).

The survey also asked providers where new threats could emerge in the next year. 55 percent of respondents said the scale and frequency of security threats for IPv6 will increase as it becomes more widely deployed, while only 8 percent of respondents believe threats will decrease with improved IPv6 deployment. And although VoIP continues to be a rising attack vector for miscreants, providers are underprepared to protect their VoIP infrastructure from attack, the study found. Only 21 percent of respondents indicated that they had tools in place to detect threats against VoIP infrastructure or services.

http://www.arbornetworks.com

•Date: 13th Nov 2008• Region: World •Type: Article •Topic: ISM
Rate this article or make a comment - click here