In a matter of days, alongside numerous other disruptions, the workplace has undergone a wholesale upheaval. Instead of in-person meetings, access to local networks and fileshares, and casual conversations in breakrooms, we’re spending all our time on video conferences, using home Wi-Fi networks and trying to stay in touch with colleagues in every way possible short of seeing them in person. My workplace is even hosting virtual yoga sessions with our instructor leading us through our poses over a web session. As much as I couldn’t have imagined wanting this just a few weeks ago, today it’s a welcome break from the onslaught of bad news.
Thinking back to the network, organisations to varying degrees have been accommodating and even encouraging a remote workforce for many years now, but few organisations of size have had to deal with a large majority of their employees accessing enterprise resources entirely from the outside of their office locations. Suddenly, the VPN is the central connection point for the majority of the enterprise.
But even as there are frantic attempts to ensure that the capacity of these networks is sufficient to withstand the increased demands, those of who follow the threat landscape are concerned about the risk to enterprises that are dependent on these services. One key aspect of the risk is the availability of the service.
Our past experiences lead us to the following understanding:
· Distributed Denial of Service (DDoS) attacks against the availability of Internet-based services will occur. This is not a new thing – we observed 8.4 million attacks in 2019
· The adversary, regardless of motivation, will focus on the services that matter the most at any given time. During these times, we can expect that VPN concentrators will quickly ratchet up to the top of the list of services that enterprises depend on
· Similarly, institutions that are in focus today – government agencies, healthcare organisations, financial institutions – will see a level of targeting
· The large population of disaffected people with time on their hands will contribute to this phenomenon. These are times of high anxiety for everyone and as the economic consequences are felt across our populations, it is possible that some subset of society will channel their anger online
While the individual enterprise or educational institution can’t address the causes of these attacks by itself, they can certainly prepare for the eventuality that their online services – think remote access for employees, portals for vendors and partners, online retail, educational testing – can be targeted during the times, causing further challenges during these already trying times.
There are a number of measures that everyone can take to protect against these attacks:
· Reconsider what needs to be behind the VPN – where possible use well-established SaaS-based services for productivity suites, collaboration tools etc. This will reduce the dependency on the VPN in the first place
· Establish split tunnelling and acceptable use policies – you don’t want your employees gaming on their corporate equipment and you certainly don’t want it traversing your VPN, both for the added cost but also the risk of your network getting targeted for a gaming advantage
· Run table-top exercises to understand your DDoS posture – whether you’re following best practices involving dedicated equipment and a managed service to back you up, or you’re counting on being lucky and not being targeted (I wouldn’t recommend this), it’s imperative that you have a good handle on how you expect to respond to a DDoS attack. This is vastly superior to figuring it out while you’re under attack.
We have plenty to worry about in these times and it’s unfortunate that the availability of your remote services has to be on that list, but it does. Fortunately, there are well understood means to overcome these challenges, unlike some of the other ones we confront in these times. Remote network access has vaulted to the forefront of technologies enabling the enterprise and those of us responsible for its availability need to do our best to protect them.
Hardik Modi is AVP Engineering, Threat and Mitigation Product at Netscout