The new attack vectors
- 28 May, 2012 22:00
Current firewalls operate at too low a level on the network to catch a growing type of malicious attack, which targets applications, says Karl Triebes, chief technical officer of network management company F5.
Typical of attacks at this level were those launched on a number of major companies including credit card and finance companies as a revenge against these companies’ opposition to Wikileaks.
Some of these attacks used a tool called Slow Loris (after a sloth-like animal) and worked by starting up millions of dummy application sessions, making it impossible for genuine users to get through. This is a particularly hard-to-stop variant of a distributed denial of service (DDOS) attack, says Triebes.
A firewall working at the network level cannot detect the difference between a genuine attempt to access the application and a malicious dummy, says Triebes, who is visting NZ as part of an Australasian tour.
As part of its mission to improve the efficiency and agility of business networks, F5 makes it its business to identify network traffic at the session level, so as to spread the load for maximum efficiency – a discipline known as application delivery networking.
As an outgrowth of this capability F5’s specialist hardware and software can track sessions that aren’t really doing anything and may be malicious, and terminate them, leaving the way clear for genuine traffic, says Triebes.
The F5 hardware and software can also inherently manage very high concurrency in application access, he says.
“Most of the DDOS attacks we’ve seen in the past were very much focused on the network; they’d do things like flooding SYN packets. What really changes here is they started attacking applications quite directly.
“These attacks have been around for a long time, but the awareness level of the world when they saw the impact these were having [in the Wikileaks case] was amazing, because customers saw that traditional network-level firewalls weren’t able to cope and deal with the attack.”
F5’s products are also front-and-centre when it comes to dealing with the challenge of genuine access to applications from an increasing range of devices such as smartphones, many of them “bring-your-own” devices owned by employees partly for private purposes and therefore potentially vulnerable from a security point of view.
In 2010 F5 acquired uRoam, a company specialising in SSL virtual-private-network connectivity. The uRoam software “could identify what the client was, the type of operating system it was running, what antivirus software they had; basically to meet corporate compliance matters. Based on that, it could apply different types of permission to that user.
“Suppose a user wanted to read his email but could only do it from a kiosk at an airport. He could log in and could only see certain things and we could have a sandbox at the session level, which we could guarantee would be erased [afterwards]. He wouldn’t have to worry about leaving data on that computer.
“We took that technology and integrated it with our core products, We effectively do the same type of things with mobile devices as well; we have a client running in iOS, one in Windows Mobile one for Android; we cover the gamut of mobile devices as well as traditional devices. The benefit is now, with the age of BYOD, IT administrators can now set permissions for devices they weren’t [previously] able to manage.
“It allows you to establish a secure connection from a device that would otherwise be [unsafe] and there’s obviously the advantage that it increases productivity.”
Another issue with the growing use of mobile devices is the volume of signalling traffic handled by the network operator.
“With 4G the Diameter protocol has become the protocol of choice for newer data centres run by network operators,” says Triebes. “The signalling layer connects billing, subscriber management and other systems at the data centre and ties that to the individual user sessions. It’s the money protocol.” But increasing use of more advanced mobile devices means increasing traffic from such management systems.
“We acquired a company, Traffic Systems, based in Israel, that provides what we think is the best-of-breed Diameter signalling solution. Using that, coupled with what we already do managing traffic at these operator data centres we believe we can provide a pretty compelling solution.”
Most F5 appliances use special-purpose hardware. This is preferable not just for scale but for reliability. If you’ve got machines front-ending a mission critical system “they’d better have five nines reliability,” says Triebes “[Commodity] servers are about two nines and a five.
“We offer a number of appliances, from a Gbit/s all the way up to 42 Gbit/s, plus two chassis-based solutions or Viprion, a lower-end and a higher-end solution.
“One thing we introduced recently on the chassis is virtualised clustered multiprocessing. What that allows you to do is run multiple versions of [F5’s flagship product] Big IP and segment your applications or your network infrastructure, so you don’t have to have a large box running everything; you could have a fully-loaded Viprion chassis running 16 virtual instances of our software.”
Triebes does not see the change of IP networks to IPv6 presenting major problems or demanding a significant change in approach; controversially, he advises continued use of network address translation (NAT) to give an organisation’s internal domain an address range of its own, translated to a limited range of outside addresses.
In view of the vastly larger range of addresses available under IPv6, many experts have pronounced NAT dead. But “it avoids a lot of problems,” Treibes says. “It’s inherently more secure because you can protect your inside space and it gives you a lot better flexibility in assigning IP addresses locally versus globally; I don’t see v6 changing that paradigm.
“By the time v6 got out there everyone was so used to NAT and the benefits that it provides that it’s not going to go away.”
Rethinking the worst case
The brand called CIO
Motorola turns to the Moto G's price to reserve its smartphone fortunes
Virtual desktop computing service: The next cloud disruptor?
Google app translation service now available to Android developers
Virtual Server Backup Software Buyer’s Guide
Virtualization affords organizations multiple opportunities to reduce power, optimize hardware utilization, improve application availability and ultimately drive down costs. In light of its benefits, it is no surprise that virtualization penetration has surpassed 50% of all server workloads and continues to grow. In this guide, we evaluate prominent virtual server backup software solutions and identify their strengths and weaknesses.
Leadership and technology: Mobility and BYOD insights for midmarket enterprises
BYOD trends are putting pressure on IT departments to support all personal mobile devices in all work spaces, while Analysys Mason forecasts that revenue from mobility for mid-market enterprises will grow to US$79 billion by 2018. This white paper looks at the power of mobility as part of a unified communications (UC) platform; the competing interests of IT departments, and why vendors supplying these solutions are well prepared to meet the needs of mid-market enterprise technology and business challenges.
Challenges & Opportunities for Government Data Management in Australia
From almost every angle, the message for Australian government bodies is as clear as it is for their private sector counterparts: do more with less. Effective data management policies are often the best ‘unrealised’ opportunities to directly address these high-level challenges, especially when it comes to government data custodianship.