Arbor Networks fourth annual report

The "Arbor Networks" company has released (on November 11th, 2008) its fourth annual report, called "Worldwide Infrastructure Security Report". This report presents the results of a survey completed between August 2007 and July 2008 with 70 network operators (ISP), in North America, South America, Europe and Asia. This survey, which is made of 90 questions, aims at providing useful data to operators in order to set up the security measures required to protect their infrastructure.

The first point mentioned by this report is the increased diversification of attacks: even if network operators still spend a lot of time fighting distributed denial of service attacks (DDoS), they must now cope with attacks targeting network applications and services like DNS, HTTP, VoIP, IM or P2P.

From some megabits in 2000, distributed denial of service attacks (DDoS), which aim at making a network unavailable to its legitimate users, have reached this year the 40 gigabit per second barrier. 36% of the operators reported sustained attacks larger than one gigabit by second. And even if today most of the ISP are able to detect this kind of attacks, only few of them have the capability to quickly mitigate them (e.g. in less of 10 minutes).

If network infrastructures are the target of many attacks, botnets represent the main of the security activities the network operators will have to deal with, for the next 12 months. They are followed by DNS cache poisoning (https://wws.cert-ist.com/eng/hub/failledns) and BGP route hijacking (VulnCoord-2008.028). ISP also fear the development of new threats, related in particular to IPv6 and VoIP. This is especially because they are not always well prepared to these threats: only 21% of them declare having the tools necessary to detect attacks on VoIP infrastructure and services.

The operators must face with two main issues : on one hand attacks more and more sophisticated, massive and frequent, and on in the other hand, budgets more and more pressured, in a morose economic context. In such a context, many companies externalize their security management and turn themselves to "Managed Security Services" (MSS).

Some ISP also blame vendors for the lack of key security features (capacity for large ACL lists), the poor configuration management and near complete absence of IPv6 security features. They would like a better communication with the security community, and estimate that the poor handling of the DNS flaw this summer has only increased the threat.

Most of the operators agree nevertheless on one point: security threats will increase again in the next year.

For more information :

"Worldwide Intrastructure Security Report":