Question

Find an article regarding a network problem that occurred in the past 6 to 8 months. Be sure to pick an article that reports on a problem that relates back to a topic covered in class. The problem could be related to security, design, redundancy, etc. (Top Down Network Design)

Choose your article wisely! If you cannot respond to the requirements of the assignment then choose a different article or find supporting articles that will help.

The article cannot be about Heartbleed, Target, Sony or Yahoo!

Imagine that you are a network administrator working for the company in question. Write a one page memo to your manager about the problem and how to prevent it.

Your memo should include the following information:

• A link to the original article

• A brief summary of the problem

o When did the problem occur?

o How did the problem occur?

o Who was affected? o

How many users (or sites or companies) were affected?

o Were specific locations affected? o Were specific users affected?

• An analysis of the effect of the problem on the company or customers.

What are the consequences of this problem?

• Your suggestions on what they could have done to prevent the problem from occurring in the first place OR what they could do to prevent the problem from occurring again in the future. Format: Microsoft Word or compatible document

Answer 1

To: The Manager

From: XXXX

Date: April 28, 2017

Subject: Report on Disrupt of Major Websites across U.S

Dear Sir,

I have attached the detail report on Disrupt of Major Websites across US.

A link to the article is can be accessed from the below url:

https://www.nytimes.com/2016/10/22/business/internet-problems-attack.html?_r=0

Summary of the problem:

Major Websites across US were not accessible to people of the United States after a company that manages crucial part of internet’s infrastructure said it was under attack. Users reported sporadic problems reaching several websites, including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times

The company, Dyn, whose servers monitor and reroute internet traffic, said it began experiencing what security experts called a distributed denial-of-service attack just after 7 a.m. Reports that many sites were inaccessible started on the East Coast, but spread westward in three waves as the day wore on and into the evening.

This Occurred in the month of October’ 2016.

How did the problem occur?:

A distributed denial-of-service attack, or DDoS, occurs when hackers flood the servers that run a target’s site with internet traffic until it stumbles or collapses under the load. Such attacks are common, but there is evidence that they are becoming more powerful, more sophisticated and increasingly aimed at core internet infrastructure providers.

Dyn is one of many outfits that host the Domain Name System, or DNS, which functions as a switchboard for the internet. The DNS translates user-friendly web addresses like fbi.gov into numerical addresses that allow computers to speak to one another. Without the DNS servers operated by internet service providers, the internet could not operate.

In this case, the attack was aimed at the Dyn infrastructure that supports internet connections. While the attack did not affect the websites themselves, it blocked or slowed users trying to gain access to those sites.

Who was affected?

Major websites like Netflix, Twitter, Spotiy, PayPal and Fox News, The New York Times and the Wall Streets were affected. Amazon's web service division also reported an outage.

The services was disrupted across Europe and US. This was widespread on both sides of Atlantic.

Consequences of this problem

The attacks underline a seious vulnerability in the way the internet functions.DNS is one of the ageing technologies which industry is struggling to update. DNS has often been neglected in terms of its security and availability. Attackers are learning to ake down the internet and are extensively testing core defensive capabilities of the companies that provide critical Internet services, which relusts in huge loss of information and revenue.

Prevention

A variety of methods allow security teams to gain insight into whats going on in a network.One of the propular approvaches is flow sampling as virtually all routers support some form of Flow technology, such as NetFlow, IPFIX or SFlow.In this process, the router samples packets and exports a datagram containing information about that packet. This is commonly available technology, scales well, and is quite adequate to indicate trends in network traffic.

Common DDoS protection deployments use a flow analytics device, which reacts to the discovered incident by redirecting the victim’s traffic to a mitigation device and telling it what action to take. This method scales well for gathering traffic to be analyzed, and the reactive model only redirects potentially bad traffic, which allows for some bandwidth oversubscription. But this is risky business as the mean time to mitigate can run into minutes.

For the most insightful detection and fastest mitigation, you can’t beat in-path deployment of a high-performance DDoS mitigation device that is able to detect and mitigate immediately. In-path deployment allows for continuous processing of all incoming traffic (asymmetric) and possibly also the outgoing traffic (symmetric). This means the mitigation device can take immediate action, providing sub-second mitigation times. Care should be taken that the mitigation solution is able to scale with the uplink capacity, and the real-world performance during multi-vector attacks.

As an alternative to in-path detection and sampling, mirrored data packets provide the full detail for analysis, while not necessarily in the path of traffic. This allows for fast detection of anomalies in traffic, which may have entered from other entry points in the network. While setting up a scalable mirroring solution in a large network can be a challenge, it can also be an excellent method for a centralized analysis and mitigation center.

Best Regards

XXXXX