Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections

RSA: Microsoft to arm the Internet's most vulnerable gatekeepers

  • Print
  • Share
  • Comment
  • Save

Perhaps counterintuitively, some of the Internet's biggest gatekeepers are also some of its least-protected enablers. Country-code Top-Level Domain registries (ccTLDs), whose databases are responsible for routing user requests to reach a website to that website, are typically universities or small organizations who provide the registry services to entire countries or regions.

 

A registry like this basically keeps a database of domain names for a country, a region or another grouping. Examples would be URLs ending with .fr (French domain name registry operated by a non-profit called AFNIC), .edu (operated by a non-profit that promotes the use of IT for education in US educational institutions) or .co.uk (a UK ccTLD, also operated by a non-profit).

 

These shops cannot afford to throw a lot of resources at security, which makes websites in their databases – which map domain names to websites – easy prey to hackers. “They don't have the resources to apply security teams to run scanning tools or do deep code reviews,” Mark Estberg, senior director of security and compliance for Microsoft's online services, says about ccTLDs.

 

A typical IT infrastructure of such a registry consists of a few servers in a colocation data center. They have the same security guidance all web-service providers have, but it's not enough. “Typically what happens is they'll have a cross-site scripting vulnerability on their web service or an unpatched server, and that vulnerability will be taken advantage of,” Estberg says.

 

On the end-user side, the result is a request to reach a certain website is simply redirected to a different website that may install some malware on the user's computer or display a message – often a political one. Such attacks have been happening for years, and many of the world's websites have suffered, including a number of Microsoft sites.

 

“It's been happening for years, and what we've noticed more recently is the volume of attacks [has] increased,” Estberg says. This is why Microsoft announced on Tuesday, in conjunction with the RSA Conference in San Francisco, that it will be providing free security services to all top-level domain registries, including ccTLDs, to help prevent and, if attacked, deal with such attacks. The risk-assessment service the company is offering (finding security vulnerabilities and suggesting ways to fix them) will employ the same procedures Microsoft uses to protect its own infrastructure.

 

Permanent state of alert

Being one of the world's largest software companies and now also a major provider of cloud-based services, Microsoft is basically in permanent state of being under attack, Estberg says. While its web services have suffered consequences of attacks on ccTLD registries, the most common type of attack on the infrastructure supporting Microsoft's cloud services is Denial of Service (DoS). “We're subject to Denial-of-Service attacks on a very regular basis,” he says.

 

Estberg's team – about 100 people responsible for security and compliance of the global cloud infrastructure – has built out a large infrastructure to manage these attacks and implemented technology to redirect the packets that attempt to flood the company's servers during a DoS attack.

 

He thinks there are two main reasons DoS attacks are so common. One is elasticity and scalability of public-cloud infrastructure. The main appeal of using cloud for “legitimate” IT purposes is also what makes DoS attacks fairly easy to undertake. Instead of looking for physical PCs around the world to send a flood of requests to a web service, attackers can now deploy a bunch of virtual machines in the Cloud to do the job. The second reason is that the attackers have become more organized, Estberg says.

 

The infrastructure Estberg's team secures is separate from Microsoft's own IT – a delineation the company keeps very deliberately. This is the infrastructure that supports its Azure Infrastructure- and Platform-as-a-Service offerings. These are subject to DoS attacks, but the most targeted part of Microsoft's cloud portfolio are its Software-as-a-Service offerings for consumers, such as Outlook.com or Bing. Attacks on its SaaS products for enterprises (Office 365 or CRM Live) are usually more focused on specific data, since these are the systems storing a lot of enterprise information, but they also come under typical DoS attacks on a regular basis.

 

Attackers' goals vary, Estberg says. Some of them look for publicity, others try to steal data, and yet others want to simply create disruption.

 

Estberg, 45, has been at Microsoft for 13 years, 11 of them in security. When asked if there was a single thing he thought every operator of cloud infrastructure should know about security, he is quick to answer simply: “Remember the fundamentals.”

Related images

  • Mark Estberg, senior director of online services security and compliance, Microsoft

Have your say

Please view our terms and conditions before submitting your comment.

required
required
required
required
required
  • Print
  • Share
  • Comment
  • Save

Webinars

  • 5 Reasons Why DCIM Has Failed

    Wed, 15 Jul 2015 09:00:00

    Historically, DCIM systems have over-promised and under-delivered. Vendors have supplied complex and costly solutions which fail to address real business drivers and goals. Yet the rewards can be vast and go well beyond better-informed decision-making, to facilitate continuous improvement and cost savings across the infrastructure. How can vendors, customers and the industry as a whole take a better approach? Find out on our webinar on Wednesday 15 July.

  • Is Your Data Center Network Adapting To Constant Change? (APAC)

    Wed, 24 Jun 2015 05:00:00

    Over the next three years, global IP data center traffic is forecast to grow 23 percent—and 75 percent of that growth is expected to be internal*. In a constantly changing environment and as planners seek to control costs by maximizing floor space, choosing the right cabling architectures is now critical. Is your structured cabling system ready to meet the challenge? Join Anixter's Technical Services Director, Andrew Flint and DatacenterDynamics CTO Stephen Worn and Jonathan Jew, Editor ASI as they discuss how to: •Create network stability and flexibility •Future-ready cabling topology •Make the right media selection •Anticipate and plan for density demands Essential viewing for data center planners and operators everywhere – Register Now! Please note that these presentations will only be delivered in English. 1.EMEA: Tuesday 23 June, 3 p.m BST 2.Americas: Tuesday 23 June, 1 p.m CST 3.APAC: Wednesday 24 June, 1 p.m SGT APAC customers – please note the equivalent country times: India: 10:30am; Indonesia, Thailand: 12 noon; Singapore, Malaysia, Philippines, China, Taiwan, Hong Kong: 1pm; Australia (Sydney): 3pm ; New Zealand: 5pm.

  • Is Your Data Center Network Adapting To Constant Change? (Americas)

    Tue, 23 Jun 2015 18:00:00

    Over the next three years, global IP data center traffic is forecast to grow 23 percent—and 75 percent of that growth is expected to be internal. In a constantly changing environment and as planners seek to control costs by maximizing floor space, choosing the right cabling architectures is now critical. Is your structured cabling system ready to meet the challenge? Join Anixter's Technical Services Director, Andrew Flint and DatacenterDynamics CTO Stephen Worn and Jonathan Jew, Editor ASI as they discuss how to: - Create network flexibility - Future-ready cabling technology - Make the right media selection - Anticipate and plan for density demands Essential viewing for data center planners and operators everywhere - Register Now! Please note that these presentations will only be delivered in English. 1. EMEA: Tuesday 23 June, 3 p.m BST 2. Americas: Tuesday 23 June, 1 p.m CST 3. APAC: Wednesday 24 June, 1 p.m SGT APAC customers – please note the equivalent country times: India: 10:30am; Indonesia, Thailand: 12 noon; Singapore, Malaysia, Philippines, China, Taiwan, Hong Kong: 1pm; Australia (Sydney): 3pm ; New Zealand: 5pm.

  • Is Your Data Center Network Adapting To Constant Change? (EMEA)

    Tue, 23 Jun 2015 14:00:00

    Over the next three years, global IP data center traffic is forecast to grow 23 percent – and 75 percent of that growth is expected to be internal. In a constantly changing environment and as planners seek to control costs by maximizing floor space, choosing the right cabling architectures is now critical. Is your structured cabling system ready to meet the challenge? Join Anixter's Technical Services Director, Andrew Flint and DatacenterDynamics CTO Stephen Worn and Jonathan Jew, Editor ASI as they discuss how to: • Create network stability and flexibility • Future-ready cabling topology • Make the right media selection • Anticipate and plan for density demands Essential viewing for data center planners and operators everywhere – Register Now! 1. EMEA: Tuesday 23 June, 3 p.m BST 2. Americas: Tuesday 23 June, 1 p.m CST 3. APAC: Wednesday 24 June, 1 p.m SGT APAC customers – please note the equivalent country times: India: 10:30am; Indonesia, Thailand: 12 noon; Singapore, Malaysia, Philippines, China, Taiwan, Hong Kong: 1pm; Australia (Sydney): 3pm ; New Zealand: 5pm.

  • Do Industry Standards Hold Back Data Centre Innovation?

    Thu, 11 Jun 2015 14:00:00

    Upgrading legacy data centres to handle ever-increasing social media, mobile, big data and Cloud workloads requires significant investment. Yet over 70% of managers are being asked to deliver future-ready infrastructure with reduced budgets. But what if you could square the circle: optimise your centre’s design beyond industry standards by incorporating the latest innovations, while achieving a significant increase in efficiency and still maintaining the required availability?

More link