April 7, 2005 -- (WEB HOST INDUSTRY REVIEW) -- Web hosting companies wage a daily battle against malicious attacks that threaten the integrity of their networks. But many lack the necessary information to fight these attacks. Arbor Networks (arbornetworks.com), in conjunction with a group of telco firms, announced last week that it had launched the Fingerprint Sharing Alliance, an initiative intended to help network operators share information about Internet attacks in real time.
The service providers participating in the alliance will work together to share attack profiles, or "fingerprints." With this information at their disposal, service providers will be better equipped to stop Internet attacks more quickly, more efficiently and closer to their source. The coalition of participating service providers includes such carriers and Web hosts as NTT, British Telecom, Verizon, XO Communiations, The Planet and Rackspace Managed Hosting. Currently, alliance members are all Arbor customers.
"Arbor's intent is to have global service providers join together to combat these cyber threats and protect the overall infrastructure of the Internet," Tom Schuster, president of Arbor Networks, said in a press release.
The fingerprint sharing capabilities have been added to Arbor Networks's Peakflow SP, a platform that collects data about network activity, analyzing it to detect anomalies, mitigate threats and bolster networks against future attacks. The fingerprints are generated by Peakflow when anomalies are deemed malicious attacks. This information is collected by the service provider, who sends the fingerprint automatically in real time to the upstream service providers who are affected by the attack. They use the fingerprints to trace back, analyze, and mitigate the attack.
One of the most important results of fingerprint sharing is that it takes attack detection and mitigation a step closer to the source or point of entry. Arbor believes network operators need to communicate faster and more efficiently with upstream providers and customers to effectively defend against today's attacks.
"Not only do you have to mitigate it going to the edge router or coming into your network … but you really need to mitigate it upstream with the upstream service providers - where the attack sources are coming from," says Danny McPherson, director of business development at Arbor Networks. "At the end of the day you really want to clean up the compromised host … so that they don't participate in this malicious attack activity … and to do that you have to communicate this information."
Web hosts and their customers both benefit. The sharing of fingerprints enables faster communication of information about attacks, cutting down the time required to attend to the attack detection and resolution process. It also can serve as an early warning system for customers, says Mark Sitko, vice president of security services product management at MCI (mci.com). Arbor says the strengthening of SLA obligations is an ancillary benefit.
"Should we receive a fingerprint of a particular attack from another provider, we can take action to help prevent that attack from affecting our customers and, of course, vice versa," says Mark Sitko. "If we are under attack, we can then send information about that attack to other selected providers."
One of the biggest concerns service providers have, says McPherson, is with the privacy and confidentiality issues intertwined with information sharing. And MCI is careful of its customers’ privacy when sharing information, says Sitko. The Fingerprint Sharing Alliance does have mechanisms built in to ensure confidentiality. When information is shared, the network administrator has control over who will receive the shared fingerprint, ensuring that service providers are viewing only information that is relevant to them.
Prior to the alliance's launch, sharing information was more informal, something that happened through the back channels, explains Sitko. It was largely relationship-driven, consisting of emails and phone calls between colleagues. The drawbacks are that it's less secure and definitely more tedious. "This is something that folks have been doing as a matter of necessity for a number of years," says McPherson, "this simply automates that."
In short, the alliance has come together out of necessity. According to some estimates, the revenue loss and repair costs from Internet attacks are expected to exceed $17.5 billion in 2005. And it made sense for Arbor to be the catalyst, says McPherson. Nearly 100 service providers deploy the Peakflow solution, making it a "pretty good launching platform."
In the future, Arbor hopes the alliance will evolve toward more open standards and include participation from both Arbor and non-Arbor customers, says McPherson. "We are working on some open standards stuff with a number of folks and there are a number of other vendors interested in participating as well," says McPherson. "At the end of the day we want everyone to share the data in an open manner."
Search the Knowledge Base to find a solution to your problem.
Browser
CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
Remote Address
38.103.63.17
Referrer
Date/Time
12-May-08 09:10 AM
Stack Trace
at cfart_whnews_Close2ecfm1364004782.runPage(D:\home\thewhir\html01\templates\art_whnews_Close.cfm:72) at cfphil2dfingerprint2ecfm1651997195.runPage(D:\home\thewhir\html01\features\phil-fingerprint.cfm:1)
coldfusion.xml.XmlProcessException: An error occured while Parsing an XML document.
at coldfusion.xml.XmlProcessor.parse(XmlProcessor.java:154)
at coldfusion.runtime.CFPage.XmlParse(CFPage.java:182)
at cfart_whnews_Close2ecfm1364004782.runPage(D:\home\thewhir\html01\templates\art_whnews_Close.cfm:72)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:152)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:343)
at coldfusion.runtime.CfJspPage._emptyTag(CfJspPage.java:1908)
at cfphil2dfingerprint2ecfm1651997195.runPage(D:\home\thewhir\html01\features\phil-fingerprint.cfm:1)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:152)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:343)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:210)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:51)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:50)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.CfmServlet.service(CfmServlet.java:105)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:78)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:91)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:257)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:527)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:204)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:349)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:457)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:295)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
