There has been more news lately about some high-profile botnets, and the latest was one of the largest ever seen in Internet history, causing Internet slowdowns to hundreds of millions of users. The scale was orders of magnitude larger than anything seen before, affecting the very core Internet routers that make the Internet function. As mobile networks evolve to all-IP networks, these are the very security concerns operators should be focused on.
In this latest episode, attackers first targeted Spamhaus, and then the security company hired to break the attack, CloudFlare. A domino-effect ensued for any and all companies and groups associated with either Spamhaus or CloudFlare, peaking with a stream of data as big as 300 billion bits per second, which compromised sites – slowing them down or making them unavailable – for as many as nine days.
At the core of the assault was a powerful botnet — a network of thousands of remotely controlled, infected computers that caused a distributed denial of service (DDoS) attack. That attack is expected to be re-launched in upcoming days, according to Internet chatter, and it is causing security experts like Kaspersky Labs to note that DDOS-type activity is increasing rapidly, and far more malicious than fraudulent service and network security breaches of the past.
How Can DSRs and Policy Servers Help Mobile Operators?
For mobile operators, the rise in malicious attacks highlights a need to go beyond a socialized approach where one appliance is trusted as a security gateway. It pushes everyone toward a multi-layered-security approach, where operators protect the core, the transport layer and the application layer from rogue sites.
The Diameter Signaling Router (DSR) and Policy Server (PCRF) can strengthen security at particularly the control and application layers. Because botnets exploit routing software and servers, DSRs and Policy Servers play a role in preventing amplifications that otherwise get out of control and bring down networks.
For example, in our recent whitepaper, “Multi-layer Security for the Digital Lifestyle Provider,” we describe Access Control(ACL) Lists, Topology Hiding, Encryption, Congestion Control and other security measures augmented by the DSR and/or PCRF.
We look at the ways in which operators can add layers of protection, such as by implementing topology hiding, which protects the network host names from a DDOS. and we look at how encryption can be used for safeguarding subscriber data.
All in all, the operators’ strategies have to be proactive and multi-layered in order to prevent access from unknown partners or rogue sites. There’s no question the growing sophistication of services, and the mobilization and social revolution underway will mean not only innovation, but also more malicious security threats among operators and the third parties with which they will work – intentionally or not.