A recent Distributed Denial of Service (DDoS) attack using Network Time Protocol (NTP) amplification has provided a reminder of the growing need for a hardened web environment. This attack highlights the necessity of secure NTP servers, as well as the enhanced security of the operating system and other integral elements. The NTP amplification type of attack functions by attacking servers on networks that do not follow Best Current Practice (BCP) 38. These networks allow the spoofing of source Internet Protocol (IP) addresses. User Datagram Packets (UDP) are made by the attacker using the spoofed IP address, and then sent to Network Time Protocol (NTP) servers which support the command MONLIST. These DDoS attacks are designed to disable a network by permeating it with pointless traffic.
It is very important, therefore to check if your NTP server is hardened and its' support of the unhelpful MONLIST command. Additionally, ascertain that your network is following BCP38. There are multiple internet sources that can provide information on checking these issues. A good starting point is guidance from BCP38 see http://tools.ietf.org/html/bcp38.
If you’d like some more direct, hands-on guidance on how to secure your web server, IIT will be offering a 3-day course devoted to the subject. We will spend the course focusing on protecting your server in a risk-laden web environment, and aid you in making these changes to harden your web security. This course will take place in Canberra, from the 6th to the 9th of May, 2014.