Data Centers

Peer pressure: Alliance hopes to prevent further DDoS attacks

The Alliance for Internet Security, a potentially powerful new alliance of ISPs and other organizations, wants companies to "clean up their own backyards" when it comes to Internet security. Here's what the Alliance suggests for your business.


When companies like Cable & Wireless, GlobalCenter, GTE Internetworking, and Sprint form an alliance, you’d better take notice.

After February’s distributed denial of service (DDoS) attacks, backbone providers, ISPs, and nearly 1,400 other companies joined ICSA.net, an Internet security-assurance services company, to form the Alliance for Internet Security , which primarily seeks to educate the Internet community about security issues related to distributed attacks.

Here’s why that matters to you: If your company has any sort of Internet presence, you may soon find security measures a part of your ISP contract. And if you fail to take basic security precautions, your peers may hold you accountable.

“It’s a loosely aligned group of people who all stood up, stuck their head out the window, and said, ‘We’re not going to take it anymore. We’re going to fix our own backyard. We’re going to make sure our ISP fixes theirs. We’re going to ask everybody else to do the same. And we’re going to stomp our feet, get mad, and point at people when they don’t do the right thing,’” said Peter Tippett, who chairs the Alliance and is the chief technologist for ICSA. “It’s like each of us is fouling our own drinking water, and the way to make the drinking water pure is for each of us to not wreck it.”

Could a deadly DDoS program be lurking on your system?


Why the pressure?
Unless companies and ISPs toughen their security measures, Tippett said, entire sections of the Internet could be shut down by future DDoS attacks. February’s assaults were launched from Sun Solaris computers, but the software has been modified since then for the Windows OS. Accordingly, ISPs have already detected attacks from Windows machines, he said.

DDoS attacks rely on machines that “host” an attack. It’s easy to set your security up so your machines cannot host an attack. But there’s no immediate pay off, so many companies have simply neglected to do this, Tippett said.

“There are lots of things all of us can do to protect our own site. What the Alliance worries about is the stuff that you couldn’t protect against at your corporation,” he said. ”The distributed denial of service [attacks] operate in such a way that it doesn’t matter if you’re Yahoo!, the biggest player in the world with the best security on the planet. You’re still going to die if someone shoots at you from 1,000 places.

“In half a day, a hacker can have a machine troll the Internet, find vulnerable machines, and have a system he can aim at any machine on the planet.”
To see how malicious hackers carry out DDos attacks, read TechRepublic’s “What the recent distributed denial of service attacks mean to e-commerce.”
Jim Lippard knows firsthand how dangerous the simple, but powerful, DDoS scripts can be. Lippard is the director of Internet security for GlobalCenter, network provider for Yahoo!, which was targeted in February’s attacks.

“We weren’t able to actually stop the attack. We were able to take a number of actions to mitigate the effects of the attack,” Lippard said. “Part of the reason for the Alliance for Internet Security is to basically get everybody to do the right thing with their own network so that nobody can be used as the launching point for an attack.”

Lippard sees the Alliance as the IT community’s best chance to regulate itself; otherwise, as losses mount, companies may resort to lawsuits or seek government intervention.

“I think that’s certainly an incentive for the industry to get on the ball,” he said. “A lot of companies have been rather cavalier about Internet security or just haven’t recognized that there are specific issues with having equipment on the Internet. By putting equipment on the Internet, you are giving everybody else in the world access to your equipment in some way or another.

“People need to realize that and make sure that the type of access that you’re giving the outside world is the type of access you want them to have.”

The heat is on
The Alliance isn’t wasting any time in getting its message out. ICSA, an affiliate of Stamford, CN-based Gartner Group, Inc., ran ads promoting Internet security in TheWall Street Journal and hosts a Web site dedicated to the Alliance. Security experts are also making themselves available for interviews about DDoS attacks.

But the Alliance’s impact may extend beyond awareness efforts. Members are also pushing to include security measures in providers’ contracts.

“We’ve actually changed our acceptable use policy, which is incorporated into all of our customers' contracts, so that it essentially says, ‘Here are some basic measures for combating denial of service attacks. We require you to do whichever mechanism is appropriate for your connection,’” Lippard said.

He compared the effort to the Internet community campaign against spam. Until it became a problem, no one had acceptable use policies to govern unsolicited e-mail. Now, such measures are common.

If U.S. companies tighten their security against DDoS attacks, it will also help as more countries come online because U.S. companies provide much of their conductivity, he said.

“It’s incumbent upon those of us who do provide that conductivity to have the right things in our acceptable use policies and make sure that those are applied internationally, as well as in the United States, because things they do over there can certainly affect the network here,” Lippard said.

Tippett said the Alliance is also pushing for a new Internet protocol that will make it impossible for systems to send messages from addresses foreign to the system, which would help make DDoS attacks impossible.

Do the right thing
What can you do to increase Internet security? Here are a few recommendations from the Alliance and Lippard:
  • All corporations with a presence on the Internet should configure their routers so that even if an attack were installed on your system, it wouldn’t work. Tippett said it would take the average person 10 minutes to turn this security feature on, and it won’t slow down routers.
  • Check to see if DDoS software has been installed on your system. If it has, disconnect the compromised machine from the Internet.
  • Establish a security policy that covers what comes in and what goes out.
  • Join the Alliance—it’s free, and once your system has been verified as non-aggressive, you’ll be listed on the Alliance Web site.
  • Urge your ISP and peers to help increase Internet security.
  • Test your system. ICSA has developed an online tool, called the NetLitmus Test Tool, that determines whether your network could be used to launch a DDoS attack. Already, more than four million companies have been verified as having non-aggressive systems.
Do you think peer pressure alone can solve the problem of Internet security or do you think government will have to intervene? If you think regulations will be necessary, what do you think they should be? Post a comment below or send us an e-mail.

Editor's Picks

Free Newsletters, In your Inbox