Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections

RSA: Microsoft to arm the Internet's most vulnerable gatekeepers

  • Print
  • Share
  • Comment
  • Save

Perhaps counterintuitively, some of the Internet's biggest gatekeepers are also some of its least-protected enablers. Country-code Top-Level Domain registries (ccTLDs), whose databases are responsible for routing user requests to reach a website to that website, are typically universities or small organizations who provide the registry services to entire countries or regions.

 

A registry like this basically keeps a database of domain names for a country, a region or another grouping. Examples would be URLs ending with .fr (French domain name registry operated by a non-profit called AFNIC), .edu (operated by a non-profit that promotes the use of IT for education in US educational institutions) or .co.uk (a UK ccTLD, also operated by a non-profit).

 

These shops cannot afford to throw a lot of resources at security, which makes websites in their databases – which map domain names to websites – easy prey to hackers. “They don't have the resources to apply security teams to run scanning tools or do deep code reviews,” Mark Estberg, senior director of security and compliance for Microsoft's online services, says about ccTLDs.

 

A typical IT infrastructure of such a registry consists of a few servers in a colocation data center. They have the same security guidance all web-service providers have, but it's not enough. “Typically what happens is they'll have a cross-site scripting vulnerability on their web service or an unpatched server, and that vulnerability will be taken advantage of,” Estberg says.

 

On the end-user side, the result is a request to reach a certain website is simply redirected to a different website that may install some malware on the user's computer or display a message – often a political one. Such attacks have been happening for years, and many of the world's websites have suffered, including a number of Microsoft sites.

 

“It's been happening for years, and what we've noticed more recently is the volume of attacks [has] increased,” Estberg says. This is why Microsoft announced on Tuesday, in conjunction with the RSA Conference in San Francisco, that it will be providing free security services to all top-level domain registries, including ccTLDs, to help prevent and, if attacked, deal with such attacks. The risk-assessment service the company is offering (finding security vulnerabilities and suggesting ways to fix them) will employ the same procedures Microsoft uses to protect its own infrastructure.

 

Permanent state of alert

Being one of the world's largest software companies and now also a major provider of cloud-based services, Microsoft is basically in permanent state of being under attack, Estberg says. While its web services have suffered consequences of attacks on ccTLD registries, the most common type of attack on the infrastructure supporting Microsoft's cloud services is Denial of Service (DoS). “We're subject to Denial-of-Service attacks on a very regular basis,” he says.

 

Estberg's team – about 100 people responsible for security and compliance of the global cloud infrastructure – has built out a large infrastructure to manage these attacks and implemented technology to redirect the packets that attempt to flood the company's servers during a DoS attack.

 

He thinks there are two main reasons DoS attacks are so common. One is elasticity and scalability of public-cloud infrastructure. The main appeal of using cloud for “legitimate” IT purposes is also what makes DoS attacks fairly easy to undertake. Instead of looking for physical PCs around the world to send a flood of requests to a web service, attackers can now deploy a bunch of virtual machines in the Cloud to do the job. The second reason is that the attackers have become more organized, Estberg says.

 

The infrastructure Estberg's team secures is separate from Microsoft's own IT – a delineation the company keeps very deliberately. This is the infrastructure that supports its Azure Infrastructure- and Platform-as-a-Service offerings. These are subject to DoS attacks, but the most targeted part of Microsoft's cloud portfolio are its Software-as-a-Service offerings for consumers, such as Outlook.com or Bing. Attacks on its SaaS products for enterprises (Office 365 or CRM Live) are usually more focused on specific data, since these are the systems storing a lot of enterprise information, but they also come under typical DoS attacks on a regular basis.

 

Attackers' goals vary, Estberg says. Some of them look for publicity, others try to steal data, and yet others want to simply create disruption.

 

Estberg, 45, has been at Microsoft for 13 years, 11 of them in security. When asked if there was a single thing he thought every operator of cloud infrastructure should know about security, he is quick to answer simply: “Remember the fundamentals.”

Related images

  • Mark Estberg, senior director of online services security and compliance, Microsoft

Have your say

Please view our terms and conditions before submitting your comment.

required
required
required
required
required
  • Print
  • Share
  • Comment
  • Save

Webinars

  • Powering Big Data with Big Solar

    Tue, 12 Jul 2016 18:00:00

    The data center industry is experiencing explosive growth. The expansion of online users and increased transactions will result in the online population to reach 50% of the world’s projected population, moving from 2.3 billion in 2012 to an expected 3.6 billion people by 2017. This growth is requiring data centers to address the carbon impact of their business and the increasing need for data centers to integrate more renewable resources into their projects. Join First Solar to learn: -Why major C&I companies are looking to utility-scale solar as a viable addition to their energy sourcing portfolios. -How cost-effective utility-scale solar options can support datacenters in securing renewable supply. -Case study of how a major data center player implemented solar into their portfolio

  • Smart Choices for your Digital Infrastructure

    Tue, 28 Jun 2016 10:00:00

    Your data centre is a key part of successfully transforming and building your digital business. The challenge today is to create a highly reliable, flexible, scalable and cost-effective digital infrastructure. Your cabling system is an important element in the creation of that infrastructure. Attend and learn how to: - Piece together different elements of standards, technical specifications and physical properties in order to choose the right networking equipment - Reduce the time and labour spent maintaining, repairing or installing cabling by adopting improved design and management practices.

  • White Space 39: Attacks on power and cooling

    Tue, 17 May 2016 08:25:00

    This week on White Space, we talk about the security of Industrial Control Systems – the systems that control your CRAC or PDUs. If these devices are connected to a network, attackers can reach them, and shut down a facility. Special guests Ed Ansett and George Rockett.

  • White Space 38: Leaving Las Vegas

    Tue, 10 May 2016 13:25:00

    This week we talk about: Tax Break for a data center Efficiency standards News form the Las Legad event - EMC World The Dell/EMC merger. And much more...

  • Designing Flexibility into your Data Center Power Infrastructure

    Wed, 4 May 2016 18:00:00

    As power density is rapidly increasing in today’s data center, provisioning the right amount of power to the rack without under sizing or over provisioning the power chain has become a real design challenge. Managing the current and future power needs of the data center requires Cap-Ex to deploy a flexible power infrastructure: safely handling peak power demands, balancing critical loads and easily scaling to meet growing power needs. In this webinar you will learn: > How to create Long term power flexibility and improved availability for your operation > How to increase energy efficiency and improve SLAs through a comprehensive set of best practices.

More link