Posted: 12th Nov, 2008 By: MarkJ
Arbor Networks has just released its latest annual worldwide
Infrastructure Security Report. The study reveals that almost half of ISPs now consider their DNS services vulnerable, while others have expressed concern about "
emerging threats" from IPv6 and
VoIP.
Meanwhile 32% of ISPs believe that SPAM consumes the most operational resources, followed by 27% for security events (worms etc.). DDoS attacks (overloading a network with data requests) came in at 21% and just 5% indicated P2P (File Sharing) as the biggest hog. ISPs also listed the following as their biggest threat concerns:
Interestingly 36% of providers employ a 'walled-garden' style system to quarantine infected (viruses etc.) or malicious subscribers, though 42% would not offer assistance in resolving or cleaning compromised customer systems.
Over 61% of respondents said they believe that Anti-Virus and host security protection applications are not keeping up with Internet security threats:
As this years survey makes clear, the ISP security landscape continues to change rapidly. ISP optimism about security issues that was reported in last years survey has been replaced by growing concern over a range of new threats, including DNS poisoning, route hijacking and service-level attacks.
ISPs describe a double-edged struggle as they face increased cost and revenue pressure, along with attacks that are growing in size, frequency and sophistication.
The surveyed ISPs also said their vendor infrastructure equipment continues to lack key security features and suffers from poor configuration management and a near complete absence of IPv6 security features.
When respondents were asked whether they see the scale and frequency of security threats increasing or decreasing as IPv6 becomes more widely deployed, 55% percent believe threats will increase, while only 8% believe threats will decrease.
For those not in the know, an IPv4 address is assigned to your computer each time you go online (e.g. 123.23.56.98). It is a unique online identifier that allows you to communicate with other computers around the world; not unlike a phone number.
Sadly IPv4's are nearly exhausted and as a result IPv6 has been designed. These addresses are more secure, 128bits long, written in hexadecimal and separated by colons; for example: 2ffe:1800:3525:3:200:f8ff:fe21:67cf .