Wikileaks DDoS spawns security arms race

Networking provider F5 Networks said yesterday that pro-Wikileaks distributed denial-of-service (DDoS) attacks have served as the flashpoint for a new internet security arms race.
Written by Luke Hopewell, Contributor

Networking provider F5 Networks said yesterday that pro-Wikileaks distributed denial-of-service (DDoS) attacks have served as the flashpoint for a new internet security arms race.

Gattling Gun

(Gattling Gun image by Dennis Tai, CC2.0)

Ever since supporters of Julian Assange took to the internet to launch DDoS attacks against Wikileaks naysayers, companies have woken up to a need to protect their entire infrastructure, and F5 Networks and their customers are now preaching the need to wrap all network applications into a secure environment.

Jason Needham, senior director of product management for F5, said that companies now more than ever need to protect every part of their online infrastructure, not just mission-critical applications.

"Wikileaks has woken up the industry to the fact that it's not about [protecting against] losing content, but it's also [protecting against] virtual protesting where flash crowds come in and try to take a service offline based on an agenda and protest of sorts," Needham said.

The real challenge in the conflict, he went on, is identifying who is a valid user and who intends to do the organisation harm online.

"One of the things F5 goes into organisations talking about is how to solve the DoS problem and its many faces. One of the faces it takes is from the unintelligent brute force attack, another face it takes is valid application-based attacks."

These application-based attacks work to disguise themselves as normal user interactions in order to exploit security vulnerabilities like SQL injections, Needham said.

The solution, according to Kurt Hansen, F5 Network's local managing director, is to deploy a breadth of security activities "from intelligent filtering to dynamic security policies to really trying to decipher good users from bad users and help organisations stay online".

Hansen said that the bar had been lowered for people to take to the internet as hacktivists, with the only prerequisite being a working internet browser.

IPv6 isn't riding to the rescue

Needham also said the implementation of IPv6 wouldn't raise the bar for application-level security.

"The application security problem does not go away with IPv6. It's not going to solve the problem of DoS [attacks] and it's not going to solve the problem of application-based threats," Needham said, adding that the design of IPv6 may in fact make security enforcement more difficult.

"One of the inherent security functions of IPv6 is a point-to-point security tunnel between two devices, which means you're now encrypting all of your application-layer traffic from the attacker through to whatever they're attacking," he added.

According to F5, the only way to effectively deal with evolving security threats is to respond swiftly and implement faster technology with staff like Mark Wallis, who is a network administrator for credit card payment company Qvalent.

Wallis recently implemented a quick fix to a Java exploit without having to write a software patch, which, in the banking industry, can take time due to regulatory constraints.

Instead, Wallis wrote a rule into Qvalent's application firewall as a line of defence against the global Java exploit.

"We now look for that magic number within [our application firewalls]. It's never a number you're going to see in day-to-day transactions … and it's the type of thing we can get a fix out for within a 24-hour period," Wallis said.

Wallis went on to predict that the exploit may find its way into a new worm before a software patch comes to hand.

"What everyone is betting is that [the exploit] is going to pop up in a worm very quickly. I guarantee you that the next Stuxnet is going to be looking for that [exploit] and it's just so dead simple," Wallis said.

Editorial standards