This is a guest blog from Bob Gill
Every so often, an event occurs to remind us that the Internet is open to anyone (almost), owned and controlled by no one, and an invaluable resource that we have to assume will be something less than what we hope, when we least expect it.
What happened? In short, a well designed and implemented DDOS attack was able to overwhelm DNS, one of the key infrastructure pieces of the Internet. DYN, a DNS provider was a target of an attack based on the Mirai botnet, apparently exploiting the weaknesses in security of IoT devices, such as WebCams, allowing them to be hijacked and turned into originators of DNS requests. In short, a large number of devices were coordinated to create volumetric traffic loads and overwhelm managed DNS services from DYN.
It Can Happen to the Big Guys… The prevailing notion is that providers who are specialists with expertise in DNS, possess significant technical and personnel resources (i.e., bandwidth, protection, monitoring, etc.), are far more capable, secure, resilient, and lower cost than implementing DNS on your own. In short, people go to DNS providers like DYN to ensure resiliency and high-performance.
Does this mean Managed DNS proposes a greater security or resiliency risk? Is concentration bad? One question that arises is whether using a cloud-based “DNS as a Service” solution in the first place exposes enterprises to risk due to their being an attractive target. Many attractive eggs in one basket. It is important to note that DYN had DDOS countermeasures in place, a geographically distributed set of servers, and the expertise to fight off a DDOS attack (which they did). If an enterprise or commercial website were to be attacked with the volume and speed of last Friday’s attack, it is highly unlikely they would have been able to respond anywhere nearly as quickly or effectively. Just as viruses continue to infect computers, dark forces will continue to probe at and impact the Internet. It is likely that any DNS provider facing the same attack would have been affected.
One the bright side, the DNS provider community collaborated and cooperated with DYN and all are likely to have learned new and valuable lessons about vulnerabilities.
So what do we do? In watching the attacks unfold last Friday, it was fascinating to monitor which sites were affected, but then came back online within 15 minutes. The implication here is that these sites were affected by DYN’s attack, but had secondary DNS options in place. In an interconnected world, where many resources meet on the commons, there will always be malefactors. Just as we get used to computer viruses and terrorism by slightly altering our routines and implementing new ones, this attack just shows the value of planning for disruption in an interconnected world. If we are talking about cloud resources, we accept that we should use multiple availability zones, and or write resilience into our application stack. If we are talking about networking, it’s usually best practices to have a redundant path. In the world of managed DNS, this just highlights the wisdom of having a dual source strategy. How that is to be implemented is the subject of upcoming research. In the interim, here are some best practices regarding external DNS:
If External DNS Fails, So Does Your Digital Business, http://www.gartner.com/document/3118119
Thanks, Bob Gill
Note: A few quick thoughts from Andrew…
- There is a nice explanation from ThousandEyes on the attack.
- Just like DNS problems, Network Outages also really stink (research on that coming soon). Any Questions?
Image via openclipart.org.
Read Complimentary Relevant Research
Security Monitoring and Operations Primer for 2017
Security monitoring and operations excellence is a key component of any effective security program. Gartner's 2017 research will guide...
View Relevant Webinars
The Rise of Hardware Security in the IoT Era
Global economic impact of $2 trillion. More than 21 billion connected "things" by 2020. While the Internet of Things is creating more...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.