Standards and Security: The Great DDoS Challenge
DDoS attacks can wreak havoc on your company’s efficiency if you’re not careful. The Mirai botnet — malware that can be used for large-scale network attacks — can often go undetected due to common oversights and lack of preparation. It may be daunting to think about how IoT devices that make your company run smoothly can be used against you; however, it doesn’t take much time to set up multiple precautions to prevent it. Below, executives from Forbes Technology Council highlight simple and cost-effective ways that you can safeguard your company from baleful botnets.
1. Start By Looking At Your Infrastructure There are many botnets, Mirai just happens to be one of the largest known ones. Technology companies need to start developing more secure products rather than security being an afterthought. Firms need to look at their internet infrastructure to funnel botnet traffic away from their core business to enable the business to function when these attacks occur. – Heeren Pathak, Vestmark
2. Understand That Anyone Can Be A Target It’s very important to understand that anyone can be a target, no matter if you are a big or small company. If being offline just for a few minutes can cause a big economical impact, then you definitely should find a trusted partner that offers good solutions to mitigate against DDoS attacks. There are some companies offering this kind of service, but a quick Google search should be handy. – Cesar Cerrudo, IOActive
3. Choose The Right Hosting Partners No matter your line of business, your public-facing websites are potential targets of massive DDoS attacks. For business without a dedicated team of security experts, it’s important to choose the right hosting partners. For many customers of AWS, you automatically received free protection against some forms of attacks similar to Mirai botnet with the release of AWS Shield in December of 2016. – Jamey Taylor, Ticketbiscuit, LLC.
4. Monitor Your Traffic Companies need to be skeptical of any device they have hanging on their networks. The average company now needs to apply firewall rules on a device-by-device basis, anticipating the possibility of a printer, web camera or AV control system becoming infected. Smart traffic monitoring software and methods of quarantining devices should be commonplace. – Chris Kirby, Voices.com.
5. Set Strong, Custom Passwords IT security organizations should ensure their IoT devices have no direct public management access from outside the network. If an IoT device must be managed remotely through publicly accessible IPs, change the management password on the device from the default to a strong, custom one. IT admins need to put intrusion prevention, gateway anti-malware and network sandbox solutions at the network perimeter. – Bill Conner, SonicWall.
6. Don’t Rely On The Internet Nearly all consumer products are computer-based in today’s marketplace, which makes reliance on the internet dangerous to a product’s infrastructure. That said, Cloudflare, Akamai and Dynect are solution services that will act as a protective wall for your servers and prevent large-scale network attacks. – Pin Chen, ONTRAPORT.
7. Have The Right Company Policies In Place Technology companies should have policies in place to make sure IoT devices default factory credentials are changed as soon as they are procured. Will this guarantee they will never get infected with Mirai botnet? No. But this basic step along with modifying factory default privacy and security settings, firmware updates, audits, etc. will reduce the chances of an IoT device being infected. – Kartik Agarwal, TechnoSIP Inc.
8. Cooperate And Act Mirai shows how an internet of everything can cause new kinds of net-quakes. Attackers can fire so much hostile traffic at one target that it takes down entirely unrelated sites nearby, in effect, causing major collateral damage. Unfortunately, there’s no simple defensive fix — it takes cooperation and active network control to deflect traffic tsunamis. – Mike Lloyd, RedSeal
9. Be Prepared Large-scale network attacks are not going away, and technology companies need to ensure they’re prepared. Doing a security audit of what protections are currently in place, and looking for existing holes that need to be plugged, is a good place to start. Also, make sure any IoT devices used at your company have security in place to prevent them from becoming part of this bot army. – Neill Feather, SiteLock Source: https://www.forbes.com/sites/forbestechcouncil/2017/03/16/nine-ways-to-protect-your-technology-company-from-ddos-attacks/2/#73d67f6a7178