[IS&T Security-FYI] SFYI Newsletter, January 6, 2014

Mon Jan 6 13:28:50 EST 2014

In this issue:

1. NTP, SNMP and CHARGEN Rate-limiting

2. Removing Personal Data from Old Devices

3. Security Predictions for 2014

-----------------------------------------------------------

1. NTP, SNMP and CHARGEN Rate-limiting

-----------------------------------------------------------

Late last week, Information Systems & Technology (IS&T) installed a rate-limiting policy on the MIT border routers to limit certain types of traffic.

Over the past year, several User Datagram Protocols (UDP) — including NTP (123/udp), SNMP (161/udp), and CHARGEN (19/udp) — have been used to perform distributed denial of service (DDoS) attacks. These attacks exploit the underlying behavior of UDP and asymmetric behavior in the NTP, SNMP, and CHARGEN protocols. In short, an attacker spoofs a small query from his/her target and the vulnerable service responds with a far larger response, amplifying the query volume by up to 200-fold.

While these protocols are extremely useful in network management, this behavior allows attackers to leverage MIT resources to attack third-parties. In extreme cases, as was experienced early last Friday morning, the volume can be large enough to disrupt MITnet connectivity.

As a result of the outage, a rate-limiting policy has been installed on the MIT border routers to limit traffic using the above-mentioned protocols from external addresses.

The PDF linked below provides more detail on UDP amplification/reflection attacks:

  *   An Analysis of DrDoS SNMP/NTP/CHARGEN Reflection Attacks<http://www.prolexic.com/kcresources/white-paper/white-paper-snmp-ntp-chargen-reflection-attacks-drdos/An_Analysis_of_DrDoS_SNMP-NTP-CHARGEN_Reflection_Attacks_White_Paper_A4_042913.pdf>

-------------------------------------------------------------

2. Removing Personal Data from Old Devices

-------------------------------------------------------------

This holiday season you may have received a new PC, laptop, tablet phone or other device. Before recycling, donating, or disposing of an old device, help protect your privacy by removing your personal information first.

Removing the data by simply “erasing” or “clearing” the information may not permanently remove the information from the device. While the data may not be visible to the average user, anyone with the right tools and know-how could retrieve data stored in memory.

To make sure you don’t leave behind anything that might be used against you, take the right steps. Learn how to remove sensitive data<http://kb.mit.edu/confluence/x/VgCPBg> from a mobile device or computer and learn about some (free) tools that can help.

------------------------------------------

3. Security Predictions for 2014

------------------------------------------

Every year around this time, security professionals look at the year ahead and the changing threat landscape to predict what might be the biggest threats emerging on the Internet.

Trend Micro offers this interactive and easy to follow online pamphlet<http://about-threats.trendmicro.com/us/security-predictions/2014/blurring-boundaries/>, with predictions for 2014 and beyond.

Their predictions include:

  1.  Basic two-step verification will no longer work against mobile Man in the Middle (MitM) attacks.
  2.  More cyber criminals will use targeted attack methods to compromise machines and networks, using the weakest link in the chain: humans. They will also leverage proven vulnerabilities from the past.
  3.  Malware infection count is likely to surge due to the end of support for various software and operating systems.
  4.  Bad actors will increasingly use click jacking and watering hole tactics and new exploits.
  5.  Attackers will target mobile device users even more, veering away from using email attachments for attacks.
  6.  One major data breach will occur each month.
  7.  Public distrust of privacy for individuals will continue.

Read the details online<http://about-threats.trendmicro.com/us/security-predictions/2014/blurring-boundaries/>.

=======================================================================================

Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

=======================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Systems & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20140106/49bdb014/attachment.htm