Addressing Challenges With Network Security Preparedness

This article originally appeared on MediaNama, which has kindly let us republish it.

As the Internet grows, its foundational design flaw of not having security built in is leaving the door open for attacks worldwide, something organisations and network providers have to take steps to prevent. After an inadvertent Border Gateway Protocol (BGP) hijacking incident in September 2020, Australian telecom operator Telstra accidentally routed encrypted email traffic through its servers that it was not supposed to process.

The role of adequately secured routing infrastructure is critical. Much of Internet routing relies on trust; when a bad actor or a misconfiguration leads to incorrect prefixes being announced, the outcome can have adverse consequences for network security and global Internet security. The increase in teleworking and work-from-home (WFM) in the wake of the COVID-19 pandemic has led to an increased dependence on the Internet. “We have seen a huge rise in certain kinds of attacks during this period of time,” a cyber intelligence researcher said.

“Overall access capacity from the public Internet to our public Cloud platform has been increased by 50% due to increased utilization of our Cloud Platform. This seems to be permanently up now.”

Tarun Dua, CEO of E2E Networks

This makes routing security all the more important, especially when the networks’ edge nodes have increasingly gone remote all over the world. One major challenge has been to distinguish between legitimate and malicious traffic when usage has risen so dramatically, according to Alok Gupta, Founder and CEO of Pyramid Cyber Security & Forensic. 

Implementing basic network security norms can go a long way in tackling network security issues.

Securing the network layer

Network security is a dynamic environment, which means that fresh attacks and preventive measures are deployed periodically. But even if it’s not possible to be invulnerable, it is possible to be prepared.

When organizations and networks take steps to be prepared, they can prevent commonplace security issues and also be better positioned to evolve security as the threat landscape shifts.

The Mutually Agreed Norms for Routing Security are an important resource for ISPs and network operators to prevent basic exploits that rely on the insecurities of BGP. ISPs, Internet exchanges, cloud service providers, content delivery providers, research and education networks, and other large networks need to take action to implement MANRS guidelines for overall network security. MANRS guidelines are not technically specific, an intentional feature that lets their implementation scale as the network security landscape evolves. “The biggest issue is incorrect routing information,” Gupta said of routing security.

Resource Public Key Infrastructure (RPKI) is an attempt to better authenticate BGP route announcements, which if deployed widely can reduce the frequency of incidents like route leaks and hijacks. RPKI deployment globally has been lagging, with only 18.44% of networks surveyed by the MANRS Observatory as on date classified as “ready”.

Network security is an ongoing concern that needs close cooperation and commitment to best practices from large networks. Complying to MANRS and leveraging RPKI are key steps towards achieving a better network security posture.

Securing enterprises

Enterprise networks have seen a dramatic shift in their typical structure over the last year. Even security-conscious organisations that may have restricted user access to onsite and local networks were forced in large numbers to accommodate remote workforces.

What can organisations do to secure themselves from attacks?

Even with office-based aggregated workplace designs, interoffice connectivity is an important requirement that could pose networking security challenges. This is another area where compliant vendors and best-practices diligence like MANRS compliance can help.

Even with office-based aggregated workplace designs, interoffice connectivity is an important requirement that could pose networking security challenges. This is another area where compliant vendors and best-practices diligence like MANRS compliance can help.

1. Vendor security: Anand Raje, Chief Technology Officer of the India Internet Foundation (IIFON) said that when deciding vendors for interoffice connectivity and Internet connectivity, enterprise organisations need to vet vendors more thoroughly; for instance, he argued, Remotely Triggered Black Hole filtering should be a must in an enterprise grade network to prevent Distributed Denial of Service (DDoS) attacks, and extensions of the network like VPN services used by enterprises for remote work should also adhere to security standards like ISO 27001. MANRS provides a useful framework to complement and enhance such measures, and helps enterprises be prepared.
2. Best practices: With large-scale data breaches happening more and more frequently, the security of enterprise networks has frequently been questioned. “One of the most important things which people don’t realise is that these are misconfigurations in the best practices which have been defined,” according to Gupta. Developers making changes for testing purposes, for instance, may provide malicious actors with gaping attack vectors to exploit. 

It can be a problem when enterprises expect security without actually working significantly towards that goal. “Security works on the sunlight principle; if there is enough visibility on all metrics related to a cloud deployment, it is easy to detect anomalies but the way customers want to have security is as a shrink-wrapped product that guarantees a binary outcome,” Dua said.

A senior network researcher pointed out that state-sponsored attacks also target enterprises, especially poorly prepared ones. “It’s not like a state will only attack another state because of its cyber advantages. A state attacking commercial organizations is something that is happening today.”

Many network threats are based on social engineering attacks or malicious applications, as opposed to network-layer exploits like DDoS attacks, IIFON’s Raje said. As such, the behaviour of individual users is emerging as a significant security issue alongside network routing hygiene.

Despite protections against DDoS attacks having been around for quite some time, they still remain an issue. “The scale of DDoS attacks keeps increasing as the capacity of the edge networks is increasing,” a network researcher with a large service provider that also provides data centre services said. Route leaks happen “all the time”, and “people accidentally leak our routes and we detect those cases and inform people to clean them up”, he said. 

As per Gupta, the rise of Artificial Intelligence (AI) could potentially pose another threat vector. While AI can be useful to detect hackers’ behaviour, Gupta said, it can be weaponized to automate large scale attacks. “We used to have SQL injections in the early days. Now we have machine learning poisoning, where hackers are injecting instructions into machine learning models that others have built,” per Gupta.

MANRS is a critical component of the array of defence mechanisms that need to be in place to guard against network-level attacks. The ultimate effectiveness of other defensive measures depend on these first steps.

Anticipating what’s to come

Networks and enterprises can both expect securing their infrastructure to be a multi-pronged ongoing process that will need to protect threats from the network, application and social layers. Simple, but potentially devastating threats, can be triggered by human error as well as malice. Next generation devices can also introduce new threats. “With IoT devices coming up, home network devices and routers are becoming more vulnerable,” Raje of IIFON said.

While networks can secure themselves to a reasonable degree by implementing techniques that enhance their overall cyber security posture, they will also need to continuously account for new threats. It is critical that basic steps like MANRS compliance are in place, as securing routing network infrastructure serves as a foundation for dealing with higher-level threats and attack vectors.

Enterprises that sit atop the network layer may be less vulnerable if they have high standards of security and hygiene to prevent exploits. However, they will have to make sure that best practices stay implemented. They also have to collaborate with each other on this end: “There has to be immense coordination and collaboration among the networks, because if one network fails, that can have a deep impact on the reputation of the others,” Gupta said.