Over the last 50 years, our means of communicating with one another has evolved radically through the influence of technology. From the telegram to emails, from the telephone call to over-the-top applications, the realm of communications is constantly evolving. In Australia, the Internet of Things (IoT) and smartphone proliferation are the biggest trends that continue to evolve and drive data growth. Hence, optimising, monetising and securing the IoT mega-trend, is the new consideration.
With the rise of smartphones and subsequent surge in data exchange, networks are under enormous pressure to deal with extra bandwidth demands efficiently and securely. Moreover, the plethora of apps being downloaded continues to put pressure on service providers to scale their networks.
The legacy infrastructure of 3G faced the same pressures, but it was manageable back then because the cables were not as advanced as those used for NGN and LTE today. To put this into context, the average speed of 3G before ranged from 1.5 – 7 Mbps while the speed of LTE can go up to 150Mbps. Therefore, the possibilities for DDoS and DoS to manifest itself as a result of greater bandwidth are vast.
As the Internet develops and apps became a “part and parcel of life”, and in Australia in particular with the National Broadband Network and the 4G LTE network, more avenues of attack have emerged. The DDos and Dos are the most common attacks that service providers face today. These can bring down entire systems, in particular the DNS Services.
DNS is one of the primary technologies enabling the Internet – translating the names people type into a browser into an IP address so the requested service can be found on the Internet. It is one of the key elements in the network that delivers content and applications to the user. If DNS goes down, most web applications will fail to function properly so it is critical to have a strong, secure and scalable DNS infrastructure.
This damage can be accomplished from a single Internet subscriber, accessing the DNS server, and accessing all manner of sensitive information both from the server and from the provider.
What does this mean to the average Internet user?
If one person can deny hundreds of thousands of users access to the Internet, it’s not too hard to imagine the personal and business implications.
These attacks can lead to significant amounts of downtime and, especially for service providers (SP), loss of revenues and increase in subscriber churn.
Battling DDoS and DoS attacks
So what is being done about these weaknesses to DDoS and DoS attacks in Australia? Internet service providers are taking serious measures to ensure the 100% availability of its DNS systems. This is achieved by placing greater emphasis on ensuring capacity as well as security when DNS systems are built.
There is no silver bullet when it comes to preventing DoS and DDoS attacks on DNS systems. They will continue to exist in every service provider’s network. Having said that, service providers can build DNS systems that allow for both absorption and mitigation of these attacks.
The best way to mitigate DoS and DDoS attacks is through a distributed and purpose built carrier grade DNS architecture. It is designed to perform main functions like DNS caching and security measures, such as anti-cache poisoning and executing DoS and DDoS prevention vectors.
These vectors enable high numbers of DNS requests to be fulfilled, faster DNS responses to the subscriber, as well as absorption of the attacks, which then gives time for measurements to either kick in immediately or be put in place.
There are also DNS resolvers that retrieve information from authoritative servers and return answers to end-user applications. A DNS resolver that is configured correctly will only respond for the hosts in its domain. By using such technologies, a distributed carrier grade DNS architecture can isolate and limit the impact of DoS and DDoS attacks.
Since the dawn of the Internet, data usage on service provider networks continues to grow. A successful user experience consists of a carrier grade DNS providing high availability, economical scalability, subscriber security, and high performance. With the many challenges within service provider networks, basic IP infrastructure can be overlooked. An intelligent management system of these IP essential systems is the first step to reducing an ever-expanding Capex and providing for a high quality of experience for subscribers.