• Technology
  • Health and Safety
  • IT and Cyber Security
  • About Us
  • Contact Us
  • Download Media Kit
Saturday, January 16, 2021
Safety & Security Review Africa
  • Access Control
  • Fire prevention and detection
  • Video Surveillance
  • Perimeter Security
  • Home Automation and Smart Building
  • Access Control
  • Fire prevention and detection
  • Video Surveillance
  • Perimeter Security
  • Home Automation and Smart Building
Safety & Security Review Africa
No Result
View All Result

Keep VPNs Safe from Cyber Attacks during Lockdown

Keep VPNs Safe from Cyber Attacks during Lockdown
500
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

If cybercrime were a country, it would have the 13th highest gross domestic product (GDP) in the world, with large multi-national operations earning more than US$1 billion annually.

This is according to the recently-released 2H 2019 NETSCOUT Threat Intelligence Report, which says that this gives cybercriminals plenty of motivation to continue unleashing an onslaught of different types of attacks on the world – including phishing, distributed denial of service (DDoS) attacks, ransomware and many other forms of malicious malware.

And that was just last year – where are we at now that we’re four months into 2020?

“This year,” says Bryan Hamman, Regional Director at NETSCOUT, a leading provider of service assurance, security and business analytics, “cybercriminals have been given a golden opportunity to take advantage of the global COVID-19 pandemic to launch attacks on people working from home, as companies try their utmost to keep their organisations operational.”

“The fact that so many white-collar workers are now working remotely has, unfortunately, opened up nefarious new routes for cybercriminal elements around the globe. Defending business continuity is of paramount importance, and employees must now rely on VPNs to access critical business applications, which makes VPN endpoints – which are often undefended – a business lifeline.”

A remote-access VPN securely connects a device outside the corporate office to the network. Known as endpoints, these can include smartphones, tablets and laptops. And although VPN traffic is encrypted, vulnerabilities at the endpoints do exist.

NETSCOUT Security CTO Darren Anstee clarifies in a NETSCOUT blog, “The availability of the remote access systems that give us a route into our corporate networks is really crucial now. However, in many cases, the remote access endpoints that we’re relying on are vulnerable to DDoS attack, and there are a lot of people out there who are looking to exploit this.”

“We are seeing an increase in DDoS attacks targeting the TCP (Transmission Control Protocol) – a standard that defines how to establish and maintain a network conversation through which application programs can exchange data. TCP works with the Internet Protocol (IP), which defines how computers send packets of data to each other. Together, TCP and IP are the basic rules defining the Internet.”

“UDP (User Datagram Protocol) is part of the TCP/IP suite of protocols used for data transferring. UDP is known as a ‘stateless’ protocol, meaning it doesn’t acknowledge that the packets being sent have been received. For this reason, the UDP protocol is typically used for streaming media.”

DDoS attacks are an attempt to exhaust the resources available to a network, application, or service so that genuine users cannot gain access. Such attacks on VPN endpoints would have significant business continuity consequences.

Additionally, says Anstee, attackers are able to mix and match different DDoS vectors to maximise their chances of success, as follows:
·        Volumetric attacks saturate connectivity, filling up the pipes that connect network and resources together.
·        State exhaustion attacks target infrastructure, such as load balancers A load balancer is a piece of hardware (or virtual hardware) that acts to distribute network and/or application traffic across different servers. A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules, typically establishing a barrier between a trusted internal network and untrusted external network. A firewall maintains a ‘state table’ of the internal structure.
·        Application layer attacks target applications at layer seven For IT professionals, the seven layers refer to the Open Systems Interconnection (OSI) model, a conceptual framework that describes the functions of a networking or telecommunication system. Applications that work at Layer 7 are the ones that users interact with directly, such as web browsers and other apps such as Skype, Outlook, Office. with queries and authentication requests that use up resources and cause systems to come to a halt.

And so, if an attack saturates the link to a VPN endpoint or exhausts its state tables, home workers are effectively cut off from corporate resources. The question then is: how does an organisation protect itself from these insidious threats, to protect both itself as well as its business continuity during these unprecedented times?

Anstee advises that organisations need to apply best practice defences to protect VPN endpoints in the same way that customer-facing services are protected. This could include:
·        Extending current capabilities, making sure that traffic to VPN endpoints is routed through an existing suite of on-premises DDoS solutions;
·        Upgrading licences if required, to handle additional throughput;
·        Adding new defence capabilities to networks, either physically or as virtual network functions; and
·        Ensuring speed of reaction, for example via on-premises DDoS protection solutions.

Anstee says that hybrid DDoS defences, which combine localised protection with cloud-based backup, constitute the current best practice for complete protection.

In conclusion, Hamman adds, “The global pandemic is obviously having a huge impact on businesses around the world as they continue trying to operate. As South Africans phase the reality of having the lockdown lifted in a phased approach, we realise that remote working for many will be here for at least a while longer. We, therefore, urge companies to ensure that they have put in place the required cybersecurity measures to protect their remote workers as these unprecedented times continue for the foreseeable future.”

Share200Tweet125Share50

RSS More News

  • Militants continue to stage deadly attacks as insecurity expands into previously ‘safe’ zones in West Africa, Sahel, top official tells Security Council January 12, 2021
  • South Sudan: Timely action by Ghanaian peacekeepers proves ‘every second counts’ January 11, 2021
  • Guterres ‘shocked’ at massacre of civilians in eastern DR Congo January 7, 2021
  • Statement of International Criminal Court (ICC) Prosecutor to the United Nations Security Council on the Situation in Libya, pursuant to United Nations Security Council Resolution (UNSCR) 1970 (2011) November 11, 2020
  • Security Council Press Statement on Libya October 28, 2020
  • Statement of the Chairperson of the African Union Commission on the Signing of a Ceasefire in Libya October 24, 2020
  • UNSMIL Statement on the resumption of intra-Libyan political and military talks October 11, 2020
Facebook Twitter

About Us

Safety & Security Review Africa

The Safety and Security Review
Africa is a quarterly publication
which brings your brand to the world of safety and security.
Our magazine is a source of insightful information on safety and security markets, and developments in Africa. Whether you want to increase brand awareness, deliver a
complex message or launch a new product, Safety and Security Review Africa provides a creative media to communicate competently and effectively with your audience.
Our main readers are key decision makers across Africa. Our publication serves as a knowledge, news and information sharing platform which drives up-liftment and sustainable development across
the safety and security sector in
Africa, hence the magazine is
recognized as the industry’s thought leadership, innovation and strategic business content leader.

Recent Posts

  • Global Cosmetics Giant Installs Fire System from Advanced at South African HQ January 13, 2021
  • Axis EN Fire System Protects Dubai’s Latest $750million Hotel Complex and Mall January 7, 2021
  • Invixium Brings Mask Detection and Face Recognition While Wearing a Mask to IXM TITAN December 4, 2020
  • Invixium Establishes New Middle East Headquarters in Dubai December 4, 2020
  • Motorola Solutions Presents Latest Video Security & Analytics Solutions at Virtual Experience Events December 4, 2020
  • Motorola Solutions’ Video Security and Access Control Solutions Meet Federal Government Standards for Securing Sensitive Information December 4, 2020
  • Motorola Solutions Introduces H4 Thermal Elevated Temperature Detection (ETD) Solution for Contactless Temperature Screening December 4, 2020
  • INIM ELECTRONICS’ NOW COMPATIBLE WITH CSL ALARM SIGNALLING December 4, 2020
  • Classic Door Entry Speaker Phone Gets a New Coat of Paint – Literally! December 3, 2020
  • AGIL Fence completes integration with Milestone XProtect 2020 R2 December 1, 2020

RSS More News

  • Militants continue to stage deadly attacks as insecurity expands into previously ‘safe’ zones in West Africa, Sahel, top official tells Security Council
  • South Sudan: Timely action by Ghanaian peacekeepers proves ‘every second counts’
  • Guterres ‘shocked’ at massacre of civilians in eastern DR Congo
  • Statement of International Criminal Court (ICC) Prosecutor to the United Nations Security Council on the Situation in Libya, pursuant to United Nations Security Council Resolution (UNSCR) 1970 (2011)
  • Security Council Press Statement on Libya
  • Statement of the Chairperson of the African Union Commission on the Signing of a Ceasefire in Libya
  • UNSMIL Statement on the resumption of intra-Libyan political and military talks

Copyright © 2020 Safety & Security Review Africa.

No Result
View All Result
  • Access Control
  • Fire prevention and detection
  • Video Surveillance
  • Perimeter Security
  • Home Automation and Smart Building

Copyright © 2020 Safety & Security Review Africa.