Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections

RSA: Microsoft to arm the Internet's most vulnerable gatekeepers

  • Print
  • Share
  • Comment
  • Save

Perhaps counterintuitively, some of the Internet's biggest gatekeepers are also some of its least-protected enablers. Country-code Top-Level Domain registries (ccTLDs), whose databases are responsible for routing user requests to reach a website to that website, are typically universities or small organizations who provide the registry services to entire countries or regions.

 

A registry like this basically keeps a database of domain names for a country, a region or another grouping. Examples would be URLs ending with .fr (French domain name registry operated by a non-profit called AFNIC), .edu (operated by a non-profit that promotes the use of IT for education in US educational institutions) or .co.uk (a UK ccTLD, also operated by a non-profit).

 

These shops cannot afford to throw a lot of resources at security, which makes websites in their databases – which map domain names to websites – easy prey to hackers. “They don't have the resources to apply security teams to run scanning tools or do deep code reviews,” Mark Estberg, senior director of security and compliance for Microsoft's online services, says about ccTLDs.

 

A typical IT infrastructure of such a registry consists of a few servers in a colocation data center. They have the same security guidance all web-service providers have, but it's not enough. “Typically what happens is they'll have a cross-site scripting vulnerability on their web service or an unpatched server, and that vulnerability will be taken advantage of,” Estberg says.

 

On the end-user side, the result is a request to reach a certain website is simply redirected to a different website that may install some malware on the user's computer or display a message – often a political one. Such attacks have been happening for years, and many of the world's websites have suffered, including a number of Microsoft sites.

 

“It's been happening for years, and what we've noticed more recently is the volume of attacks [has] increased,” Estberg says. This is why Microsoft announced on Tuesday, in conjunction with the RSA Conference in San Francisco, that it will be providing free security services to all top-level domain registries, including ccTLDs, to help prevent and, if attacked, deal with such attacks. The risk-assessment service the company is offering (finding security vulnerabilities and suggesting ways to fix them) will employ the same procedures Microsoft uses to protect its own infrastructure.

 

Permanent state of alert

Being one of the world's largest software companies and now also a major provider of cloud-based services, Microsoft is basically in permanent state of being under attack, Estberg says. While its web services have suffered consequences of attacks on ccTLD registries, the most common type of attack on the infrastructure supporting Microsoft's cloud services is Denial of Service (DoS). “We're subject to Denial-of-Service attacks on a very regular basis,” he says.

 

Estberg's team – about 100 people responsible for security and compliance of the global cloud infrastructure – has built out a large infrastructure to manage these attacks and implemented technology to redirect the packets that attempt to flood the company's servers during a DoS attack.

 

He thinks there are two main reasons DoS attacks are so common. One is elasticity and scalability of public-cloud infrastructure. The main appeal of using cloud for “legitimate” IT purposes is also what makes DoS attacks fairly easy to undertake. Instead of looking for physical PCs around the world to send a flood of requests to a web service, attackers can now deploy a bunch of virtual machines in the Cloud to do the job. The second reason is that the attackers have become more organized, Estberg says.

 

The infrastructure Estberg's team secures is separate from Microsoft's own IT – a delineation the company keeps very deliberately. This is the infrastructure that supports its Azure Infrastructure- and Platform-as-a-Service offerings. These are subject to DoS attacks, but the most targeted part of Microsoft's cloud portfolio are its Software-as-a-Service offerings for consumers, such as Outlook.com or Bing. Attacks on its SaaS products for enterprises (Office 365 or CRM Live) are usually more focused on specific data, since these are the systems storing a lot of enterprise information, but they also come under typical DoS attacks on a regular basis.

 

Attackers' goals vary, Estberg says. Some of them look for publicity, others try to steal data, and yet others want to simply create disruption.

 

Estberg, 45, has been at Microsoft for 13 years, 11 of them in security. When asked if there was a single thing he thought every operator of cloud infrastructure should know about security, he is quick to answer simply: “Remember the fundamentals.”

Related images

  • Mark Estberg, senior director of online services security and compliance, Microsoft

Have your say

Please view our terms and conditions before submitting your comment.

required
required
required
required
required
  • Print
  • Share
  • Comment
  • Save

Webinars

  • Next Generation Data Centers – Are you ready for scale?

    Wed, 24 Aug 2016 16:00:00

    This presentation will provide a general overview of the data center trends and the ecosystem that comprises of “hyperscale DC”, “MTDC”, and “enterprise DC”.

  • White Space 46: We'll always have Paris

    Fri, 15 Jul 2016 10:35:00

    This week on White Space, we look at the safest data center locations in the world, as rated by real estate management firm Cushman & Wakefield. It will come as no surprise that Iceland comes out on top, while the US and the UK have barely made the top 10. French data center specialist Data4 is promoting Paris as a global technology hub, where it is planning to invest at least €100 million. Another French data center owned by Webaxys is repurposing old Nissan Leaf car batteries in partnership with Eaton. Brexit update: We’ve also heard industry body TechUK outline an optimistic vision of Britain outside the EU – as long as the country remains within the single market and subscribes to the principles of the General Data Protection Regulation.

  • Powering Big Data with Big Solar

    Tue, 12 Jul 2016 18:00:00

    The data center industry is experiencing explosive growth. The expansion of online users and increased transactions will result in the online population to reach 50% of the world’s projected population, moving from 2.3 billion in 2012 to an expected 3.6 billion people by 2017. This growth is requiring data centers to address the carbon impact of their business and to integrate more renewable resources into their projects. Join First Solar to learn: -Why major C&I companies are looking to utility-scale solar as a viable addition to their energy sourcing portfolios. -How cost-effective utility-scale solar options can support datacenters in securing renewable supply. -Case study of how a major data center player implemented solar into their portfolio

  • DC Professional - Meet John Laban

    Tue, 12 Jul 2016 15:25:00

    John has worked in the Telecommunications and Information Transport Systems (ITS) industry for over 35 years, beginning his career at the London Stock Exchange as a BT telecommunication technician. Believing there was a general lack of quality in the ITS industry, John was driven to "professionalize" the ITS industry – starting with a professional diploma programme for the Telecommunications Managers Association – which led to him becoming the first BICSI RCDD in the UK and soon after, a BICSI Master Instructor teaching RCDD and Technician programmes. Find out more about John and upcoming sessions here https://www.dc-professional.com/people/284/

  • White Space 45: Waste Not

    Sun, 10 Jul 2016 15:50:00

    In this episode of White Space, we look back at the news of the week with a special guest Adrian Barker, general manager for EMEA at RF Code and specialist in sensors and data.

More link