Arbor Networks, in cooperation with the Internet security operations community, has completed the fifth edition of an ongoing series of annual operational security surveys. Key findings are outlined below.
DDoS bandwidth growth slows
Over the last six years, service providers reported a near doubling in peak DDoS attack rates year-to-year. The figure below illustrates that peak attack rates grew from 400 Mbps in 2001 to more than 40 Gbps in 2007. This year, providers reported a peak rate of only 49 Gbps (a more modest 22 percent growth over the previous year). The slowing in DDoS flood growth likely reflects attacks reaching underlying Internet physical constraints and a migration to other more effective denial of service attack vectors.
Attacks shift to the cloud
Again this year, more than half of the surveyed providers reported growth in service-level attacks at gigabit or less bandwidth levels. Such attacks are specifically designed to exploit service weaknesses, like vulnerable and expensive back-end queries and computational resource limitations. Several ISPs reported prolonged (multi-hour) outages of prominent Internet services during the last year due to application-level attacks. These service-level attack targets included distributed DNS infrastructure, load balancers and large-scale SQL server back-end infrastructure.
The Internet is not IPv6-ready
A majority of this year’s surveyed providers reported concerns over the security implications of IPv6 adoption and the slow rate of IPv4 to IPv6 migration. As in previous years, providers complained of missing IPv6 security features in routers, firewalls and other critical network infrastructure. Other providers worried the lack of IPv6 testing and deployment experience may lead to significant Internet-wide security vulnerabilities.
IPv4 address exhaustion, IPv6 migration, DNSSEC migration, 4-Byte ASN migration
The “perfect storm’ of looming IPv4 address exhaustion, concerns surrounding migration to IPv6, concerns surrounding migration to DNSSEC, and concerns surrounding migration to 4-byte ASNs is a source of uncertainty for respondents with regards to their ability to operate, maintain, secure and defend their networks.
Lack of skilled resources
Non-technical factors such as lack of skilled resources, internal/external communications siloing, lack of clearly defined operational responsibilities, lack of clearly defined policies, and lack of management understanding and commit- ment are the most significant obstacles to reducing mitigation times and proactively strengthening operational security postures.
The survey by Arbor Networks covers roughly a 12-month period from 3Q 2008 through 3Q 2009, is designed to provide industry-wide data to network operators.
Operational network security issues the day-to-day aspects of security in commercial networks—are the primary focus of survey respondents. As such, the results provided in this survey more accurately represent real-world concerns than theoretical and emerging attack vectors addressed and speculated about elsewhere.