Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections

RSA: Microsoft to arm the Internet's most vulnerable gatekeepers

  • Print
  • Share
  • Comment
  • Save

Perhaps counterintuitively, some of the Internet's biggest gatekeepers are also some of its least-protected enablers. Country-code Top-Level Domain registries (ccTLDs), whose databases are responsible for routing user requests to reach a website to that website, are typically universities or small organizations who provide the registry services to entire countries or regions.

 

A registry like this basically keeps a database of domain names for a country, a region or another grouping. Examples would be URLs ending with .fr (French domain name registry operated by a non-profit called AFNIC), .edu (operated by a non-profit that promotes the use of IT for education in US educational institutions) or .co.uk (a UK ccTLD, also operated by a non-profit).

 

These shops cannot afford to throw a lot of resources at security, which makes websites in their databases – which map domain names to websites – easy prey to hackers. “They don't have the resources to apply security teams to run scanning tools or do deep code reviews,” Mark Estberg, senior director of security and compliance for Microsoft's online services, says about ccTLDs.

 

A typical IT infrastructure of such a registry consists of a few servers in a colocation data center. They have the same security guidance all web-service providers have, but it's not enough. “Typically what happens is they'll have a cross-site scripting vulnerability on their web service or an unpatched server, and that vulnerability will be taken advantage of,” Estberg says.

 

On the end-user side, the result is a request to reach a certain website is simply redirected to a different website that may install some malware on the user's computer or display a message – often a political one. Such attacks have been happening for years, and many of the world's websites have suffered, including a number of Microsoft sites.

 

“It's been happening for years, and what we've noticed more recently is the volume of attacks [has] increased,” Estberg says. This is why Microsoft announced on Tuesday, in conjunction with the RSA Conference in San Francisco, that it will be providing free security services to all top-level domain registries, including ccTLDs, to help prevent and, if attacked, deal with such attacks. The risk-assessment service the company is offering (finding security vulnerabilities and suggesting ways to fix them) will employ the same procedures Microsoft uses to protect its own infrastructure.

 

Permanent state of alert

Being one of the world's largest software companies and now also a major provider of cloud-based services, Microsoft is basically in permanent state of being under attack, Estberg says. While its web services have suffered consequences of attacks on ccTLD registries, the most common type of attack on the infrastructure supporting Microsoft's cloud services is Denial of Service (DoS). “We're subject to Denial-of-Service attacks on a very regular basis,” he says.

 

Estberg's team – about 100 people responsible for security and compliance of the global cloud infrastructure – has built out a large infrastructure to manage these attacks and implemented technology to redirect the packets that attempt to flood the company's servers during a DoS attack.

 

He thinks there are two main reasons DoS attacks are so common. One is elasticity and scalability of public-cloud infrastructure. The main appeal of using cloud for “legitimate” IT purposes is also what makes DoS attacks fairly easy to undertake. Instead of looking for physical PCs around the world to send a flood of requests to a web service, attackers can now deploy a bunch of virtual machines in the Cloud to do the job. The second reason is that the attackers have become more organized, Estberg says.

 

The infrastructure Estberg's team secures is separate from Microsoft's own IT – a delineation the company keeps very deliberately. This is the infrastructure that supports its Azure Infrastructure- and Platform-as-a-Service offerings. These are subject to DoS attacks, but the most targeted part of Microsoft's cloud portfolio are its Software-as-a-Service offerings for consumers, such as Outlook.com or Bing. Attacks on its SaaS products for enterprises (Office 365 or CRM Live) are usually more focused on specific data, since these are the systems storing a lot of enterprise information, but they also come under typical DoS attacks on a regular basis.

 

Attackers' goals vary, Estberg says. Some of them look for publicity, others try to steal data, and yet others want to simply create disruption.

 

Estberg, 45, has been at Microsoft for 13 years, 11 of them in security. When asked if there was a single thing he thought every operator of cloud infrastructure should know about security, he is quick to answer simply: “Remember the fundamentals.”

Related images

  • Mark Estberg, senior director of online services security and compliance, Microsoft

Have your say

Please view our terms and conditions before submitting your comment.

required
required
required
required
required
  • Print
  • Share
  • Comment
  • Save

Webinars

  • Hybrid IT: Finding the right formula

    Tue, 20 Jan 2015 16:00:00

    Within just 5 years, 70% of all IT infrastructures will shift from in-house to an outsourced managed infrastructure model.

  • A Revised Approach to Multi-Tenant Data Center Design, Build, Operations

    Thu, 20 Nov 2014 08:30:00

    In today’s rapidly changing data center landscape, multi-tenant data center service providers are constantly advancing with the demands of the market.

  • The Industrialisation of Data Centers

    Mon, 20 Oct 2014 14:00:00

    This webinar will present the technical background to modular approaches, the implications of implementation, and an assessment of the pros and cons. Intensive research has already been carried out, and a wide range of projects completed.

  • Thinking outside the pizza box: a sideways look at high-density Fiber Management

    Thu, 9 Oct 2014 15:00:00

    Connectivity specialists HUBER+SUHNER examine the evolution of Data Centers and challenge the traditional “pizza box” approach to fiber management by examining how alternative solutions can significantly reduce footprint, increase port density and lower operational costs.

  • EU Data Center Quarterly IT update for Q2 2014

    Thu, 2 Oct 2014 13:00:00

    In June this year DCD Intelligence (DCDi) in conjunction with IT Candor launched a new quarterly service to track the IT spending development and market shares within data centres in the European Union.

More link