While security threats have always been present, modern technology has provided more avenues for attacks and subsequently amplified the related risks. With broadband and Internet traffic growing ten-fold from the days of 2G and 3G to today’s 4G speeds, security concerns have also escalated with resources available for DoS or DDoS attacks.
Fundamentally, there are three key security threats facing Internet service providers today. These include the removal of the Gi Firewall, dependency of DNS, as well as the inability to differentiate the types of traffic in a network.
1. The removal of Gi Firewall in 3G networks
Service providers had security under control back in the days where 2G was used. However, in exchange for Internet speed, they removed the Gi Firewall and lost out on security in the process. This was done because there was a lack of carrier-grade firewall technology in the early days. Gi Firewall was mainly removed because firewall capacity was not built to handle the amount of traffic expected. This absence of Gi Firewall, which is a crucial network security equipment that prevented DOS/DDoS, causes a depletion of battery life of devices used by subscribers and waste service providers’ precious resources. For service providers, resources are being consumed unnecessarily during attacks, and this results in a waste of resources and a slower network.
2. Dependency of DNS
As the World Wide Web and applications become more sophisticated, dependency on DNS will continue to grow, while planned attacks to take the Internet down have also become more frequent. Without DNS, the Internet will not exist since users are only able to recall domain names and not specific IP addresses. One recent example of a dire DNS attack happened to New Zealand's largest telco and Internet service provider Spark, in September last year. The company suffered a three-day long outage when its DNS infrastructure came under attack. Over 600,000 customers were unable to browse the web and utilise other services requiring name service resolution. Fortunately, service providers are now increasingly becoming aware of the importance of DNS security since case such as this.
3. Inability to differentiate the types of traffic in a network
Service providers today are largely unable to differentiate the types of traffic in a network, especially when separating a real user’s request from that of a DDoS attack. One way to get around this is to build a Security Operations Centre (SOC), which helps in providing visibility over the kind of traffic that’s going through the network. This is a new variation on a familiar theme, however, issues has always been present. With the explosion of the Internet, these issues have in fact been brought to the open. Nevertheless, a key challenge lies in the fact that service providers are unable to tell if the issues apply to them or if they are legitimate. So how can service providers mitigate these security threats?
1. Reinstating the GI Firewall
With vast improvements in security and traffic management solutions over the past few years, organisations can now enjoy the security of a GI Firewall, without sacrificing their Internet speed in the process. F5 solutions, such as Advanced Firewall Manager (AFM) is optimised for today’s network architecture to provide provide app-centric security at the network level to protect against the most aggressive DDoS attacks.
2. Securing DNS infrastructure
While dependency on DNS is not expected to change in the foreseeable future, there are many solutions now available, which organisations can adopt to ensure DNS infrastructure remains secure. In particular, F5’s Global Traffic Manager (GTM) can deliver real-time, signed query response and DNS firewall services for attack protection and enable mitigation of complex threats by blocking access to malicious domains.
Specifically, using high-performance DNS services, Global Traffic Manager (GTM) scales and secures an organisation’s DNS infrastructure during high query volumes and DDoS attacks. GTM also improves the performance and availability of applications by intelligently directing users to the closest or best-performing physical, virtual, or cloud environment. In addition, it enables mitigation of complex threats from malware and viruses by blocking access to malicious IP domains.
3. Traffic: Detect, report, mitigate
Service providers are increasingly finding it difficult to differentiate the types of traffic in a network. This lack of visibility provides a strong threat to security as service providers can be unaware if a request is legitimate or a DDoS attack. However, there are solutions currently on the market which can help detect, report and mitigate threats in network traffic. F5’s Policy Enforcement Manager (PEM) in particular can deliver the insight service providers need to understand subscriber behaviour and effectively manage network traffic with a wide range of policy enforcement capabilities.
With PEM, organisations can create tailored service plans, regulate network usage, and ultimately increase profitability. Increased network visibility allows service providers to monitor network conditions and manage network capacity in real time. Providers can manage bandwidth consumption and dynamically implement policies to reduce network congestion, implement fair-usage policies and tiered services. Combined with Advanced Firewall Manager (AFM), this solution provides the best defence against increasingly sophisticated and aggressive DDoS attacks.
With a secured network, service providers are able to launch new services that comply with latest regulatory requirements in the mobile payments and content providing spaces. At the same time, service providers are also able to show themselves as secure and reliable organisations that are capable of giving subscribers a peace of mind. Ultimately, a higher quality user experience will inadvertently create a knock on effect on subscriber numbers.
Want to know more?
Why not become a CSO member and subscribe to CSO's mailing list.
Get newsletters, updates, events and more right here