Anyone For Tennis? Serving Up Secure DNS

25 October 2016

15-blogpost-ddiinsport-03-1If you think about the ideal scenario for a hacker to gain access to systems, you would come up with a large attack surface and lots of opportunity to disguise attacks as genuine network access. Imagine a network with thousands of potentially unauthenticated devices converging in a short period of time, producing extreme spikes in traffic. Sound like the crowd at a sporting event?

Going for gold – the motivation of elite hackers

In many ways, the attacks facing the sports industry point to the same vulnerabilities which all organizations face. It is merely the motivation and the ability to exploit the specific network demands of the sports industry which differ. While banks are attacked because they deal directly with money, sports events offer potential fame, if perhaps less fortune, for less mercenary hacktivists.

The attendance at tournaments such as the Olympics, the Super Bowl, the World Cup or Grand Slam golf and tennis events give hackers a rare opportunity to attack a vast number of people with a known common interest – ideal for spoofing with phishing attacks online and offline, at the event itself.

Having thousands of smartphones, tablets, fitness watches, CCTV cameras, routers and vehicles trying to connect to a network made available by the event organizers makes sporting events attractive for hackers to install malware or viruses. The high volume of DNS queries during a short period of time can also lead to a decrease in performance of the external DNS and DHCP Core Network Services.

A DNS fitness regime

Knowing that you are likely to be attacked is the first useful line of defense. The very uniqueness of sporting occasions and the media attention they attract guarantees they will be targeted. Wimbledon, the most watched global tennis event, for instance, registered a 302% year on year rise in attacks this year.

Such events have to offer the best possible service levels to the public, the press, and VIPs and players. The organizer’s internal IT department should go through a four stage process to get its DNS fit-for-purpose:

1.    Internalize the external DNS service.

2.    Conduct a site security audit and secure the DNS infrastructure by implementing a scalable DNS system which can provide advanced security mechanisms designed to handle DoS, DDoS and zero-day attacks.

3.    Upgrade the network’s capacity in order to serve billions of DNS requests and provide their users with both the capacity and availability required by their devices.

4.    Deploy DNS Guardian to monitor and analyze real-time traffic and detect “suspicious” behaviors such as volumetric attacks- also known as Distributed Denial of Service, (DDoS) attacks, data exfiltration, phantom or random subdomain attacks, NXDomain attacks, syntax protection (cache poisoning) and water torture attacks.

Taking the prize at Roland Garros

Our experience with the French Tennis Federation’s premier event, the Roland Garros tournament (also known as the French Open), was proof of the challenges to secure DNS infrastructure. The SOLIDserver product’s ability to handle 17 million queries per second and still reduce the DNS resolution time by up to a factor of six helped the tournament organizers to handle the billions of requests over a fortnight- more than many organizations experience in a year.

Generating big money and big data, the sports industry is the ideal ‘trophy exploit’ for hackers. Event organizers need to protect themselves from those who seek to disrupt the exciting moments which generate their revenue. IT teams must up their game by making sure their DNS and DHCP have strong, champion-level protection mechanisms that can be monitored from both inside and outside by world-class solutions.

Want to learn more about how the FFT prepared their network for the IoT explosion? Click here to read the full case study, and understand how to protect your own DNS and DHCP infrastructure.