The Internet infrastructure remains susceptible to a variety of threats, including routing attacks, DNS spoofing and poisoning attacks and distributed denial-of-service disruptions. But a number of best practices can help prevent related exploits, a new EU government study says.

See Also: Payments Security & EMV: Join CEO Bob Carr of Heartland Payment Systems

The report, "Threat Landscape and Good Practice Guide for Internet Infrastructure," is from the European Union Agency for Network and Information Security. ENISA focuses on improving cybersecurity practices for the 28 EU member states.

Most of the threats detailed in the report are continuing to grow more prevalent not just in Europe, but across the world, warns ENISA Executive Director Udo Helmbrecht. "It is important to apply good practices and promote the exchange of information, in order to mitigate threats and secure Internet infrastructure," he says. ENISA's guide provides an up-to-date overview of emerging threats and lays the foundation for a more secure Internet infrastructure through proper risk assessment, training and evaluation, he adds.

ENISA's new report isn't designed just to define some of the biggest threats facing Europe's Internet infrastructure. It also represents a call to action, in particular for Internet service providers to get better at sharing threat information, spotting and disrupting botnet-related communications, arresting DDoS attacks in progress, as well as prioritizing correct system configuration, which can block a vast number of potential exploits.

ENISA says its document is also aimed at policymakers, who might want to review the potential difficulties that Internet infrastructure players face should they attempt to share threat information with each other. "Currently there are several possibilities available when it comes to sharing threat information," according to a statement from some of the report's authors provided to Information Security Media Group. "The report underlines the need for such a collaboration to [anyone] not already involved in the process."

But in the EU, threat-related information sharing can be challenging, legal experts say, in part because of the region's strong privacy laws.

The ENISA report recommends that Internet service providers participate in Information Sharing and Analysis Centers, or ISACs. It also notes that despite Europe's strong privacy protections, the EU Electronic Communications Directive allows for some types of confidential and regulated information to be exchanged on several grounds, including helping organizations prevent the loss of reputation that might occur due to their having been exploited or breached.

Mitigating DDoS Attacks

To better mitigate DDoS attacks, the ENISA report offers multiple suggestions. In addition to much greater threat information sharing between Internet infrastructure providers, the reports says that DNS and NTP servers must be correctly configured so they cannot be used by an attacker to amplify their DDoS disruptions.

The report also recommends a number of defenses that are designed to safeguard data and avoid account or site hijackings. Related recommendations include much greater validation of IP addresses to avoid address space hijacking; configuring the Border Gateway Protocol to ensure that only legitimate traffic is flowing over networks; and ensuring that DNS registrars lock down account credentials and lists of authorized users, to prevent attackers from seizing control of sites by tricking DNS registrars.