Botnets are clouds that are controlled by cyber-criminals. They can silently infect your network and borrow your resources with malice.

To understand botnets, you need to understand the cloud. The cloud is a network of connected devices. If these resources form a public cloud, they are available to all the customers who connect to that server for their operational needs. When customers connect to the private or hybrid cloud, they can infect the network with the botnets that reside on their computers. Botnets can connect to the server and infect computers on the network or spread malware called bots. The undetected bots can then steal enough computing power to bring down the network and paralyze the entire system. They can orchestrate the shut down of the businesses connecting to that network!

How do these botnets work? The botnets seek out and control security vulnerabilities in the system. They may silently attack a computer system on the network without immediately and noticeably damaging the system. Over a period of time (as programmed) they can infect and copy themselves to other machines on the network using the IP addresses or dynamically scanning the network resources. Thereafter, they initiate the theft of resources. When they control a sufficient number of computers on the network, they use scale and brute force to overwhelm the network and destroy it. Botnets multiply at an alarming rate and do not seem to be affected by failures.

So, what are the action points? How does one protect the enterprise network against botnets?

If a network receives a Denial of Service (DoS) attack form a botnet—there are very few remedies. First, it is difficult to identify the patterns or the offending machines on the network. The sheer volume of IP addresses involved makes filtering cumbersome.  Network administrators will have to attempt passive OS fingerprinting. They can configure new firewall equipment and use the information received from the fingerprinting to identify and isolate infected machines on the network. A more robust method of preventing botnet attacks on the network is to use rate based Network Intrusion Prevention Systems (NIDS) that are implemented with specialized hardware. The NIDS will detect approaching botnets and protect the external interfaces to the network. Null routing is another method that is used to redirect the botnet away from the network. A number of anti virus software companies also provide software botnet prevention solutions.