Here you’ll find articles, opinions and new solutions that we think are of interest in the data communications sector within NZ.
DDOS ATTACKS INCREASING WORLDWIDE
What Kiwi companies can do to prepare
Nearly three quarters of global brands and organisations were hit with a distributed denial of service (DDoS) attack during 2015, recent research has revealed.
American technology company Neustar, which provides real-time information and analysis to a wide range of industries, surveyed more than 1,000 IT professionals from six continents in the technology, financial, retail and government sectors.
What is a DDoS?
A DDoS occurs when hundreds, possibly thousands, of compromised computers, start flooding your IT system with an overwhelming volume of data every second. The likely source of this traffic is a botnet, which can be used to generate the massive amount of packets (data) needed to create a successful DDoS attack.
The type of attack may vary, from direct requests to your nodes from infected computers on the botnet to more sophisticated indirect methods like DNS spoofing, where a botnet sends queries to internet name servers while pretending to be one of your servers (with a spoof IP address). The result is a multiplier, where the hundreds or thousands of compromised computers are able to use name servers to generate a huge volume of data directed at your node.
Whatever form the attack takes, the end result is the same - a huge number of packets will be headed your way and they’ll be coming from many different sources. That’s the distributed part of the attack.
The ‘denial of service’ is when hundreds of thousands of packets per second are concentrated on either your internet connection or the connections of your upstream ISP and start to aggregate. At this point something is going to fail and it will happen one of two ways.
First the total DDoS traffic will saturate or exceed the size of your internet link. Like any responsible business you planned your bandwidth needs based on reasonable expectations of use but what is happening now isn’t reasonable. If the botnet is blasting you with 150Mbits/s of spoofed traffic and your connection maxes out at 100Mbits/s then your genuine traffic just got submerged. Performance will be so compromised your connection will be unusable.
So, what can Kiwi companies do to survive such an attack?
To minimise long-term damage, businesses need to prepare for the possibility of a DDoS and have robust – and tested – plans in place to mitigate the effects. You might not be a high profile business but, given the unpredictable motivations of those who launch DDoS attacks¸ that doesn’t mean you won’t be a target.
Step One – know your normal. Monitor and understand what your usual traffic profile is so you can quickly detect any spikes.
Step Two – rally the troops. Ensure your upstream ISP has the skills and resources to help when a DDoS occurs. You’ll want a provider that can scale quickly and has advanced DDoS detection techniques and mitigation software.
You’re under attack – what next?
The aim is stop the attack as soon as possible and the best place to do that is at your upstream ISP provider so the traffic is eliminated before it hits your connection.
If your provider hasn’t already detected the DDoS (which they may do if it is severe enough), contact their network operations centre (NOC) and give them the bad news. You’ll want them to either scrub the traffic or block it.
Scrubbing involves analysing the traffic and if there’s anything suspicious that looks like it’s come from a DDoS attack, it is quietly dropped (scrubbed) while legitimate traffic is untouched. Not all providers have the ability to scrub traffic and those that do may charge extra for the service so check the options and potential costs as part of your planning.
If your connection to your ISP is BGP-based (Border Gateway Protocol), and your ISP supports BGP communities that automatically null-route IPs with a specific community tag (ask your provider if they do this), then you can start advertising a /32 route with that tag to your upstream and they will automatically block it. This can be rapid, as it is semi-automated, and won’t require a human response from your provider’s NOC.
If your provider can’t scrub the traffic then blocking is the next best option. It will result in your network being completely blocked, which is obviously going to result in reduced internet availability, but it will end the DDoS attack. If the scale of the attack is big enough your provider may block traffic without a request from you; if the packet-per-second level is high enough to saturate their links they’ll act to protect themselves and other customers.
Once you’ve taken these steps, you then just have to wait it out. A DDoS attack isn’t an infinitely sustainable tactic. The longer it runs, the more responders learn about the botnets being used to launch it and the more focused the response will become.
Although major attacks lasting days have occurred, the majority of DDoS attacks are of a smaller scale and last from a few minutes to several hours.
Please give Craig Sutton on 021 590 908 if you would like to discuss this article, and your readiness for a DDoS attack.
BEATING THE FLOODWATERS: SURVIVING A DDOS ATTACK ISN’T A MATTER OF LUCK
Just like being prepared for an extreme weather event surviving a DDoS attack on your business takes more than a few sandbags deployed at the last minute.Being hit with a distributed denial of service (DDoS) attack is the digital equivalent of being in the path of rising flood waters. Like a physical flood, a DDoS can feel like a force of nature; uncontainable, unstoppable and requiring both time and money to recover from. But like a physical flood, not everybody suffers equally in a DDoS attack. Businesses that prepare for the possibility and have robust – and tested – plans in place to mitigate the effects will get their feet drier sooner and suffer less long term damage to their operations. So what is a DDoS and how do you effectively prepare for and survive one?
THE RAINS ARE COMING
When a DDoS comes rushing in your direction you have become the target of hundreds if not thousands of compromised computers which are flooding the target with an overwhelming volume of packets per second. The likely source of all this traffic is a botnet, which can be used to generate the massive amount of packets (data) needed to create a successful DDoS attack.
The shape the attack takes may vary, from direct requests to your nodes from infected computers on the botnet to more sophisticated indirect methods like DNS spoofing. In a DNS spoofing attack a botnet sends queries to internet name servers while pretending to be one of your servers (using a spoofed IP address). The name servers respond to the queries and thanks to the spoofed IP address send their responses to your servers. What makes this type of attack so dangerous is the fact that while each query may have been less than 100 bytes the responses sent to your node by the name servers can be as large as 4096 bytes. The result is a multiplier, where the hundreds or thousands of compromised computers are able to use name servers to generate a vastly larger volume of data directed at your node than they could through simple direct queries.
Whether you’re the victim of a DNS spoofing attack or something cruder, the end result is the same; a huge number of packets will be headed your way and they’ll be coming from many different sources. That’s the distributed part of the attack. The ‘denial of service’ part of the attack is what happens when hundreds of thousands of packets per second are concentrated on either your internet connection or the connections of your upstream ISP and start to aggregate. At this point something is going to fail and it will happen one of two ways.
Firstly the total DDoS traffic will saturate or exceed the size of your internet link. This happens because like any responsible business you planned your bandwidth needs based on reasonable expectations of use. But what is happening now isn’t reasonable. If the botnet is blasting you with 150Mbits/s of spoofed traffic and your connection maxes out at 100Mbits/s then your genuine traffic just got submerged in the flood waters. Performance will be so compromised as to render your connection unusable.
But even if your typical bandwidth needs are high and you’ve got fat pipes it’s possible that the total amount of packets per second (pps) will exceed the ability of your router to process. Equipment specified to handle 20,000pps may find itself trying to deal with 200,000pps. The reality is that few companies have equipment able to handle an unexpected throughput spike an order of magnitude greater than normal. Your router will be at 100% CPU load and again, your genuine traffic cannot get through.
The rains have come, the river has burst its banks and your sandbag wall was too low to keep the floodwaters out.
WATCH THE WEATHER FORECAST
The first step to surviving this disaster starts before it happened. Because of the unpredictable motivations of those that launch DDoS attacks simply assuming it won’t happen to you because your business doesn’t have a profile likely to be targeted is not a defence. You need to assume it will happen and have a DDoS mitigation plan in place.
STOP THE FLOOD
Just like a flood, the best place to stop DDoS attack is not at your front door but upstream. When your DDoS mitigation plan swings into action, here’s what you and your upstream ISP can do. You need to stop the traffic and the best place to do that is at the upstream provider so it’s eliminated before it hits your connection.
If they haven’t already detected the DDoS (which they may do if it is severeenough) contact your provider’s NOC and give them the bad news. You’ll want them to either block the traffic or scrub it. Scrubbing traffic involves analysing the traffic and suspicious traffic that looks like DDoS traffic is quietly dropped (scrubbed) while legitimate traffic is untouched. Not all providers have the ability to scrub traffic and those that do may charge extra for the service so check what your options and potential costs are as part of your planning.
If your connection to your ISP is BGPbased, and your ISP supports BGP communities that automatically nullroute IPs with a specific community tag (ask your provider if they do this) then you can start advertising a /32 route with that tag to your upstream, and they will automatically block it at their edge. This can be rapid, as it is semiautomated, and won’t require a human response from your provider’s NOC.
If your provider can’t scrub the traffic then blocking is the next best option. This will result in your network being completely blocked at the provider’s edge. This is obviously going to result in reduced internet availability to you but it will end the DDoS attack. If the scale of the attack is big enough your provider may block traffic without a request from you; if the throughput or packetper- second level is high enough to saturate their links they’ll act to protect themselves and other customers.
Finally, you’ll be left to do the inevitable – wait it out. A DDoS attack isn’t an infinitely sustainable tactic. The longer it runs, the more responders learn about the botnets being used to launch it and the more focused the response will become. Although major attacks lasting days have occurred the majority of DDoS attacks are of a smaller scale and last from a few minutes to hours.
Surviving a DDoS attack is all about getting your planning right. You can never eliminate the chance of an attack happening but if it does the right mitigation plan – created and tested with your ISP – means that when you have to make the emergency call you’re well positioned to ride out the storm.
Please give Grant Barrow a call on 021 404 336 if you would like to discuss this article, and your readiness for a DDoS attack.
WHEN YOUR NETWORK DOESN'T WORK NEITHER DO YOU
Network outages can add large costs and impact profitability through lower productivity and reduced revenue, and no business wants that.
That's the reason we have a service option for IP Hub or Managed WAN called Wireless Redundancy. This does exactly what it says, we'll provide a secure and diverse WAN connection via the mobile network in addition to the wired (fibre/copper) service ensuring critical data and applications can continue to run.
Our service is designed to automatically switch over to the wireless in case of any events on the primary connection. You don't have to worry about the switch-over or the data charges it is completely managed by us.
The service is delivered on a router at your site that connects to the national 3G or 4G mobile network. The connectivity is monitored from our Network Operations Centre which has processes in place to ensure notification and management of any issues.
For more information on how to combat network outages give us a call on 0800 826 436 or email firstname.lastname@example.org.Less..
HOW TO KEEP YOUR NETWORK SAFE - WITHOUT ANNOYING YOUR USERSIt’s a dangerous world out there. New Internet security threats appear each day and staying ahead of the hackers and cyber criminals is a constant battle. It’s clear that no matter how big you are, you can’t take shortcuts when it comes to network security.
Just look at last year’s Sony Pictures, iCloud and Home Depot data breaches, and the recent US Government Office of Personnel Management (OPM) hack where personal information for 21.5 million people was stolen.
Of course not all organisations are prime hacking targets like corporate giants or public agencies, but could your business risk the damage to its reputation and the costs associated with a massive security breach?
How can you, as an IT manager, protect your organisation from attacks and other nasty cyber activity?
Locking down your network completely just to keep it safe is not option, even if it sounds tempting! Besides, if you did that, you’re sure to have a user revolt on your hands. After all, the whole purpose of the network is to let everyone in the business communicate easily with each other and its customers.
Here now is a guide to some of the ways you can keep your network safe and secure, without causing hassles for your users.
1. ADVANCED FIREWALLING
For any network connected to theInternet you’ll need a firewall. It’s the simplest form of protection for your network. Firewalls make your network less vulnerable to attacks and give you control over how traffic flows in to and out of your network.
Firewalls provide critical protection, but to really protect your network you’ll need more security measures, such as those covered in this article.
2. WEB FILTERING
Effective web content filtering is essential – giving users unrestricted access to the Internet opens your company to a world of problems. The latest web content filtering offerings scan more than just domain names. They break down and analyse web traffic and target specific content on web pages that you don’t want on your internal network.
Keeping unwanted content off your network not only keeps your business more secure, it also lowers the legal risk of people being exposed to inappropriate content at work.
Plus, it can help to reduce productivity lost as a result of people abusing their internet access privileges.
3. INTRUSTION DETECTION AND PREVENTION SYSTEMS – IDS & IPS
It’s just about impossible for any person to keep an eye on all of the connections and traffic that come in and out of a network. That’s why we rely on machines, like automated intrusion detection (IDS) and prevention systems (IPS).
Intrusion detection systems keep a look out for any unwanted or malicious activity on the network. Anything suspicious is flagged as possibly nasty, with an alert sent to your network administrator. Intrusion prevention systems go a step further and also proactively block any suspicious traffic or programs spotted on the network.
You can choose to run IDS and IPS either as a dedicated appliance at the edge of the network or as a software program running on workstations or servers. A network appliance is usually a better option since it can block anything nasty before it gets onto the network.
IDS and IPS run at high speeds, so shouldn’t affect network performance – most of the time your users won’t even know they’re running on the network. And because these systems stop trouble causing activity in its track, they help keep the network running smoothly.
4. UNIFIED THREAT MANAGEMENT – UTM
As the name suggests, unified threat management (UTM) lets you combine all of your network protection into one system. Usually this comes in the shape of a single appliance at the network border taking care of firewalling, virus and spam protection, IDS, IPS, and other security tasks like content filtering. The benefit of UTM is that you only have one appliance to manage, instead of many smaller devices or pieces of software. This also means there will be less of an effect on network performance. Plus, a properly configured UTM box can help you gain compliance with your relevant industry security standards, like PCI-DSS.
With the sheer number of threats on the Internet these days, you want to stop anything malicious before it can even get to your network or users – the closer to the edge they’re stopped, the better. That’s exactly what you get with an antivirus appliance.
There are two ways of running antivirus filtering on a security appliance – each with its own pros and cons:
The most important thing with antivirus though is to have virus definitions downloaded automatically to your security appliance. Also, choose a trusted security vendor that provides quick and timely updates of these definitions.
6. MAIL CONTENT FILTERING
Email content filtering helps keep spam or phishing attempts out of your users’ inboxes. You can set the filtering to either block any suspicious messages completely or tag them so users decide what is risky or not:
7. VULNERABILITY SCANNING
Vulnerability scanning helps protect devices on your network by scanning them for security weaknesses, the software looks for any security flaws that can be exploited by hackers or malware. It tests possible flaws against a database of known weaknesses and reports the results so that you can tighten the network's security. Vulnerability scans can also be used on internal networks not connected to the Internet to assess the threat of rogue software or malicious employees.
8. HOSTED SECURITY
Wouldn’t it be great to tie up all of these security tools into one easy-to-manage hosted service?
Well that’s exactly what you get with a hosted security service from Vector Communications. Just like other hosted services, it means you get to hand over running your security to the experts. This frees up your IT team from having to spend their time managing security – so they can focus on their core job.
Also, hosted security is often more cost-effective than taking care of your own security systems. And since threats are typically dealt with before they even reach your network, you won’t experience any network performance impact.
New cybersecurity threats are being created every day. Staying ahead of these to keep your business safe and secure is an important task that needs dedicated focus and attention.
For this reason at Vector Communications we believe a hosted security service is the best option for most organisations.
And that’s why we now offer our own hosted security service that covers all of your security needs including:
Our hosted security services are backed up by some of the most advanced firewall and unified threat management technology available today, offering high availability and redundancy. We separate each customer’s services, so they can choose exactly what they want and so they only pay for what they need.
Keeping a watchful eye over the performance and availability of our hosted security services around the clock is our Network Operations Centre, so you know you are in great hands.
Make sure your business gets the full benefit of hosted security as soon as possible. Call us on 0800 826 436 or email email@example.com today.Less..
Lotto Case Study
When Lotto NZ moved headquarters recently, it also transformed the way it ran the data side of a business connecting more than 1300 locations. Lotto NZ and Vector Communications worked together to deliver a high performance, high availability network.Less..
CLOUD CONNECTIONS A BREEZE FOLLOWING LAUNCH
New Zealand companies will be able to connect to the cloud at a lower cost* with no long-term contracts following today’s launch of Vector Cloud Link.
Vector Communications, the data network arm of Vector Ltd (NZX: VCT), has developed the new Cloud Link service and is offering it directly to businesses which need to link their offices to two or more data centres to access cloud applications and other services.
A “disruptor” product, Vector Cloud Link not only offers considerably lower costs*, it also provides businesses with greater flexibility and agility because it requires no fixed-term contracts. Consequently, companies can add, remove or modify Vector Cloud Link connections at any time depending on how their cloud strategy and app providers change.
Vector Communications’ ownership of its own fibre optic network has made Vector Cloud Link possible.
Vector Communications has built numerous fibre paths into data centres around New Zealand so Vector Cloud Link is able to leverage the investment already made in that infrastructure.
By using its own network, Vector Cloud Link can provide virtual connections to more than 40 data centres throughout New Zealand, another 20-plus in Australia, plus Amazon Web Services (AWS) and Azure, at very competitive rates* compared to the price companies have paid previously.
Vector Communications has been building fibre into those types of data centres since the year 2000. Back then, many businesses would have housed all their software applications and security back-up in their own server room or data centre. Today, up to 90% of companies outsource many, or all, of their applications to an off-site secure data centre – referred to as being “in the cloud”.
Vector Cloud Link will initially target New Zealand businesses looking to move to the cloud, particularly those with around 500 to 3,000 staff who need more dedicated bandwidth.
Vector Cloud Link’s flexibility and cost-effectiveness will also appeal to existing cloud users looking to re-assess their current IT strategy.
To find out how Vector Cloud Link can help your business, go to www.vectorcomms.co.nz or call 0800 826 436.
* Compared to Vector Communications’ standard MetroEthernet pricing.Less..
HOW TO APPLY A CRITICAL INFRASTRUCTURE APPROACH TO NETWORK DESIGNIf something goes wrong on the electricity network, the consequences can be far reaching – people and businesses can be left without power, and the impact on businesses can be significant.
Monitoring the power grid for any faults which can cause an outage, is therefore critical and demands extremely strict availability, security and performance requirements. Alerts and responses need to happen within milliseconds and the communications links across the network need to keep on working – no matter what.
There is very little room for error.
It is in this environment that Vector Communications hasforged its approach to network management –providing the communications backbone supporting thesystems used to monitor and control Auckland’s electricity network.
While demands on most corporate networks may not be as extreme as those for an electricity network, the consequences of a failure can be very serious for a business.
Applying the same principles to building and managing a corporate network as to supporting critical infrastructure, like a power grid, reduces the risk of something going wrong.
Here is how Vector Communications applies its experience supporting critical infrastructure to the design, build and management of enterprise networks.
THE DESIGN PHASE IS THE MOST CRUCIAL PART OF DELIVERING A HIGH-PERFORMING NETWORK.
Designing a network to support critical infrastructure requires thorough planning and a full understanding of the business needs and the network requirements, namely, availability, performance and security. Our network architects work with customers to map the business requirements into technical requirements. We then evaluate various technologiesthat meet the specifications. Finally adding cost constraints enablesus to provide the best solution.
The communications networks that support critical infrastructure usually involve multiple components. Integration of thesevarious components in a manageable way is critical for ensuring high service levels. This requires pre-installation site surveys, collecting baseline data for proactive management and quick troubleshooting.
Applying the same approach to developing corporate networks means a faster and more reliable build. With established relationships with all local fibre companies (LFCs) and service providers across New Zealand, we understand the integration and configuration requirements of these providers. This enables us to deploy network relatively fast with few surprises for our customers.
HOLISTIC NETWORK MANAGEMENT IS THE BEST APPROACH FOR RUNNING ANY NETWORK, ESPICIALLY THOSE SUPPORTING CRITICAL INFRASTRUCTURE.
Monitoring a service holistically rather than its individual components enables proactive management of any issues that may cause performance issues. This is essentialwhen it comes to critical infrastructure but equally important in a corporate environment to prevent or mitigate faults.
Through our New Zealand-based network operations centre, we provide around-the-clock proactive management of customers’ environments.
Vector Communications’ core network infrastructure was designed to meet the strict availability,security and performance requirements of Auckland’s electricity network. To support this network we have built our own fibre network, with diverse routes between main exchanges.
WE CAN DESIGN NETWORKS FOR BUSINESS CUSTOMERS WITH SERVICE AVAILABILITY OF UP TO 99.999%.
That means we are able to offer business customers service levels equivalentto those we deliver to support the electricity network.This includes availability of up to 99.999% instead of the standard 99.97% uptime most telecommunications providers offer.
While the difference between these levels of availability may appear small,any downtime of core systems can have a serious impact on an organisation’s productivity, bottom lineand even reputation. A higher level of availability reduces these risks and offers greater security and peace of mind for customers.
Your business requirements may not be as stringent as that of a piece of critical infrastructure, such as a power network, but having a reliable and secure network is nevertheless crucial.
So why not work with a network provider that can potentially offeranimproved level of performance and uptime? Why take the risk ofnotseriouslylooking at other options for your business?
To find out more about how Vector Communications can help your business, visit http://vectorcomms.co.nz/solutionsor call Craig Sutton on 021 590 908or 978 8245.
HOW BUSINESS PERFORMANCE IS RELATED TO YOUR NETWORK
How critical is the performance of your organisation’s network to the success of your business? Vector Communications shares insights on what organisations should consider to get the best performance out of their network.
No longer just a conduit for mundane traffic, the company data network has become the backbone for many organisations, supporting their entire operation. As more IT infrastructure moves off-premise to be hosted in data centres or the cloud, critical applications are increasingly no longer on the company network.
This means the data network which connects an organisation to its applications and systems is now central to the core services and value many businesses deliver to their customers.
So what should you consider to ensure your network enables optimal business performance?
Performance is not just about bandwidth
Many businesses focus on one aspect when rating how well their network performs – bandwidth. Adding more is often seen as the way to solve this.
However, while having adequate bandwidth is important, bigger links will not necessarily result in better performance, especially if you host your applications offshore in the cloud, where latency becomes an important factor in performance. To ensure you have the lowest latency, use a service provider with the shortest or most direct path to where your data or applications reside.
For instance, VectorCommunications can offer direct links into Amazon Web Services and Microsoft Azure data centres in Australia. These dedicated connections into the hosted services our customers want to access means we can guarantee lower latency, faster access and greater performance for the cloud-based applications and systems our customers rely on.
Performance impacts productivity
Another important consideration is how the performance of the network affects overall productivity.
A slow network can impact the performance of applications and the productivity of staff. For example, on a sluggish network time-sensitive applications, such as your ERP system, will slow down or not work at all, impacting how well your staff can work.
A high-performing network can improve the bottom line through increased uptime, improved application performance and enabling cloud applications to run securely. It also enables remote access for staff working with customers in the field and helps businesses to roll-out new or enhanced services faster.
Reliability and security are vital
The reliability of the network can also have a direct impact on business results. Imagine how a network failure at a crucial time will impact your organisation’s performance. An extended period of downtime can result in lost revenues through reduced sales or lower productivity as staff wait around for IT systems to come online.
A resilient network, with redundancy for critical sites, will allow you to continue operating even during a failure. Knowing how much downtime you can afford and the impact of outages to your business will help you decide when to invest in a redundant link or network.
With big data, cloud solutions, online applications and a mobile workforce, organisations today collect and store more data than ever before, and more of that often sensitive information is now hosted outside the core network.
Keeping data secure is therefore paramount. Ensure your network provider has the highest-level of security in place so youand your customers’ data are protected.
Performance, reliability, redundancy and security are all important considerations when designing a data network that supports all users and enables business performance.
Data networks play an important role in how efficiently IT resources are connected, utilised and secured. They are the common, critical infrastructure component that needs to be considered upfront to ensure your business gets the most from your investment in technology.
Choosing the right network partner is vital to getting this right for your business. Working with a provider with a network designed from the ground up for business is essential to guarantee optimal business performance.
For more information, please contact either:Less..