Verisign Q2 2016 DDoS Trends: Layer 7 DDoS Attacks a Growing Trend

August 29, 2016 • By Verisign • DDoS Protection, Security

Verisign just released its Q2 2016 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

Every industry is at risk as DDoS attacks continue to increase in frequency, consistency and complexity. Comparing year-over-year attack activity, Verisign mitigated 75 percent more attacks in Q2 2016 than in Q2 2015. The largest attack mitigated by Verisign in Q2 2016 peaked at 250+ Gbps before settling in at 200+ Gbps for almost two hours.

Verisign also observed a growing trend of low-volume application layer, or Layer 7, attacks that probe for vulnerabilities in application code and exploit HTTP/S field headers within request packets to disable applications. These attacks were frequently coupled with high-volume UDP flood attacks to distract the victim from the Layer 7 attack component, often requiring multiple and advanced filtering techniques.

(more…)

Verisign Named to the Online Trust Alliance’s 2016 Honor Roll

June 20, 2016 • By Verisign • Security

Verisign is pleased to announce that we qualified for the Online Trust Alliance’s (OTA) 2016 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. This is the fourth consecutive year that Verisign has received this honor.

(more…)

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

May 25, 2016 • By Verisign • DDoS Protection, Security

Verisign just released its Q1 2016 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

Every industry is at risk as DDoS attacks continue to increase in size, frequency and sophistication. The most notable observation last quarter is the increase in DDoS attack activity, which was at its highest since the inception of Verisign’s DDoS Trends Report in Q1 2014. Comparing year-over-year attack activity, Verisign mitigated 111 percent more attacks in Q1 2016 than in Q1 2015.

(more…)

Blue Folder With Keyhole on digital background

Increasing the Strength of the Zone Signing Key for the Root Zone

May 6, 2016 • By Duane Wessels • Security

One of the most interesting and important changes to the internet’s domain name system (DNS) has been the introduction of the DNS Security Extensions (DNSSEC). These protocol extensions are designed to provide origin authentication for DNS data. In other words, when DNS data is digitally signed using DNSSEC, authenticity can be validated and any modifications detected.

A major milestone was achieved in mid-2010 when Verisign and the Internet Corporation for Assigned Names and Numbers (ICANN), in cooperation with the U.S. Department of Commerce, successfully deployed DNSSEC for the root zone. Following that point in time, it became possible for DNS resolvers and applications to validate signed DNS records using a single root zone trust anchor.

DNSSEC works by forming a chain-of-trust between the root (i.e., the aforementioned trust anchor) and a leaf node. If every node between the root and the leaf is properly signed, the leaf data is validated. However, as is generally the case with digital (and even physical) security, the chain is only as strong as its weakest link.

To strengthen the chain at the top of the DNS, Verisign is working to increase the strength of the root zone’s Zone Signing Key (ZSK), which is currently 1024-bit RSA, and will sign the root zone with 2048-bit RSA keys beginning Oct. 1, 2016.

(more…)

Verisign Q4 2015 DDoS Trends: Attack Activity Increases 85 Percent Year Over Year

March 10, 2016 • By Verisign • 3 comments • DDoS Protection, Security

Verisign just released its Q4 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services.

Every industry is at risk as DDoS attacks continue to increase in size, sophistication and frequency. The most notable observation last quarter is the increase in DDoS attack activity, which was at its highest since the inception of Verisign’s DDoS Trends Report in Q1 2014. Comparing year-over-year attack activity, Verisign mitigated 85 percent more attacks in Q4 2015 than in Q4 2014. Some customers were hit with persistent, repeated attacks over the quarter.

(more…)

Verisign’s Perspective on Recent Root Server Attacks

December 15, 2015 • By Duane Wessels • Security

On Nov. 30 and Dec. 1, 2015, some of the Internet’s Domain Name System (DNS) root name servers received large amounts of anomalous traffic. Last week the root server operators published a report on the incident. In the interest of further transparency, I’d like to take this opportunity to share Verisign’s perspective, including how we identify, handle and react, as necessary, to events such as this.

(more…)

In Network Security Design, It’s About the Users

November 24, 2015 • By Burt Kaliski • Security

One of the longstanding goals of network security design is to be able to prove that a system – any system – is secure.

Designers would like to be able to show that a system, properly implemented and operated, meets its objectives for confidentiality, integrity, availability and other attributes against the variety of threats the system may encounter.

A half century into the computing revolution, this goal remains elusive.

One reason for the shortcoming is theoretical: Computer scientists have made limited progress in proving lower bounds for the difficulty of solving the specific mathematical problems underlying most of today’s cryptography. Although those problems are widely believed to be hard, there’s no assurance that they must be so – and indeed it turns out that some of them may be quite easy to solve given the availability of a full-scale quantum computer.

Another reason is a quite practical one: Even given building blocks that offer a high level of security, designers, as well as implementers, may well put them together in unexpected ways that ultimately undermine the very goals they were supposed to achieve.

(more…)

How DANE Strengthens Security for TLS, S/MIME and Other Applications

November 19, 2015 • By Verisign • Security

The Domain Name System (DNS) offers ways to significantly strengthen the security of Internet applications via a new protocol called the DNS-based Authentication of Named Entities (DANE). One problem it helps to solve is how to easily find keys for end users and systems in a secure and scalable manner. It can also help to address well-known vulnerabilities in the public Certification Authority (CA) model. Applications today need to trust a large number of global CAs. There are no scoping or naming constraints for these CAs – each one can issue certificates for any server or client on the Internet, so the weakest CA can compromise the security of the whole system. As described later in this article, DANE can address this vulnerability.

(more…)

3 Tips for Improving Your Website DNS Performance During the Holidays

November 12, 2015 • By Verisign • Managed DNS, Security

With the biggest shopping season just around the corner, it is more important than ever that your website is available and consumers can find it. As companies add eye-catching images, social share buttons and attractive promotions to grab consumers’ attention, they may also inadvertently be slowing down their website.

47% of customers expect a page to load in 2 seconds

For consumers who are increasingly impatient and expect a website to load within two seconds or less, the majority will quickly abandon a slow-loading page along with their shopping cart, resulting in lost revenue. With so many potential problems to slow down your site, the domain name system (DNS) doesn’t have to be one of them.

What is DNS?

DNS is the Internet’s equivalent to a phone book. It maintains a directory of domain names and translates them to their respective Internet Protocol (IP) addresses, enabling the end user to access a desired Web page. Any disruption to the DNS during the holiday season can be disastrous for retailers.

“DNS is the Achilles’ heel of the Web, often forgotten, and its impact on website performance is ignored until it breaks down,” explains Mehdi Daoudi, CEO of Web performance monitoring firm Catchpoint. However, it doesn’t have to be.

(more…)

Verisign DDoS Trends Report: Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

October 29, 2015 • By Verisign • DDoS Protection, Security

As part of our efforts to support National Cyber Security Awareness Month by sharing the latest cybersecurity research, Verisign just released our Q3 2015 DDoS Trends Report, which represents a unique view into attack trends unfolding online for the previous quarter, including attack statistics and behavioral trends, derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and the security research of Verisign iDefense Security Intelligence Services.

The most notable observation is DDoS attack activity increased in Q3 to the highest it has been in any quarter over the last two years. Quarter over quarter, Verisign mitigated 53 percent more attacks in the third quarter this year than in the preceding quarter.

(more…)

Browsing Category

Security

What is DNS?