Refuse to Take Part in a DDoS Botnet

Kimberley from PaesslerPRTG Product Evangelist
PRTG expert and networking nerd
Published:
If you're not part of the solution, you're part of the problem.  

Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual traffic patterns.
One of the big topics in the IT world last week was the massive DDoS attack against Brian Krebs' "Krebs on Security" website, which appears to have come from compromised IoT devices, including security cameras.  As the Register reports, the attack is the largest known single DDoS attack to date, with over 152K devices involved, generating over 620Gbps in the attack.
 
 If you're not part of the solution, you're part of the problem.
(rephrased quote from Eldridge Cleaver)
 
The scale of the attack begs the question of how the compromised companies could have lessened the attack by ensuring that their IoT devices aren't part of a botnet.  Many IoT devices simply don't offer endpoint security, but that's no excuse for leaving them unprotected.  In fact, quite the opposite:  the "dumbest" devices are the ones that need the most protection since they have no way to defend themselves. 

Some of the possibilities to defend even the simplest IoT devices using the rest of your infrastructure include:
  • Running IDS/IPS systems to detect unusual activity in your network, not only from IoT devices. Keep in mind that the IDS requirements for IoT devices are very different from standard enterprise PCs and will depend on the protocols used by the IoT devices.
  • Limiting outgoing communication from IoT devices to only the minimum required (e.g. do these cameras require Internet access, or only access to internal servers?). Limit communication to/from IoT devices to specific known hosts only.
  • Separating your IoT network from the rest of your network, as much as possible. If the devices themselves don't offer embedded firewalls, place firewalls in front of them.
  • Limiting bandwidth at the point where IoT devices access the rest of network
  • Monitoring bandwidth at the point where IoT devices access the rest of the network, to detect unusual patterns

PRTG can help with the bandwidth monitoring part of this solution: traffic sensors with limits will alert you when your outgoing traffic is higher than expected, and PRTG's Unusual Detection heuristics will notify you about unusual patterns in your PRTG sensors. 

For a short introduction to monitoring bandwidth using PRTG, check out this video.


----------
This article originally appeared on the Paessler corporate blog: https://www.paessler.com/blog/2016/10/04/monitoring-knowledge/refuse-to-take-part-in-a-ddos-botnet
0
1,806 Views
Kimberley from PaesslerPRTG Product Evangelist
PRTG expert and networking nerd

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.