Paessler Blog - All about IT, Monitoring, and PRTG

Refuse to Take Part in a DDoS Botnet

Written by Kimberley Parsons Trommler | Oct 3, 2016

One of the big topics in the IT world last week was the massive DDoS attack against Brian Krebs' "Krebs on Security" website, which appears to have come from compromised IoT devices, including security cameras.  As the Register reports, the attack is the largest known single DDoS attack to date, with over 152K devices involved, generating over 620Gbps in the attack.

 

 If you're not part of the solution, you're part of the problem.

(rephrased quote from Eldridge Cleaver)

 

The scale of the attack begs the question of how the compromised companies could have lessened the attack by ensuring that their IoT devices aren't part of a botnet.  Many IoT devices simply don't offer endpoint security, but that's no excuse for leaving them unprotected.  In fact, quite the opposite:  the "dumbest" devices are the ones that need the most protection since they have no way to defend themselves. 

Some of the possibilities to defend even the simplest IoT devices using the rest of your infrastructure include:

  • Running IDS/IPS systems to detect unusual activity in your network, not only from IoT devices. Keep in mind that the IDS requirements for IoT devices are very different from standard enterprise PCs and will depend on the protocols used by the IoT devices.
  • Limiting outgoing communication from IoT devices to only the minimum required (e.g. do these cameras require Internet access, or only access to internal servers?). Limit communication to/from IoT devices to specific known hosts only.
  • Separating your IoT network from the rest of your network, as much as possible. If the devices themselves don't offer embedded firewalls, place firewalls in front of them.
  • Limiting bandwidth at the point where IoT devices access the rest of network
  • Monitoring bandwidth at the point where IoT devices access the rest of the network, to detect unusual patterns

PRTG can help with the bandwidth monitoring part of this solution: traffic sensors with limits will alert you when your outgoing traffic is higher than expected, and PRTG's Unusual Detection heuristics will notify you about unusual patterns in your PRTG sensors. 

 

You work with ‪‎PRTG‬ and would like to voice your opinion?
Leave a short review on Trustpilot.

Thanks, your feedback is appreciated!
View full post