SSDP has been used to amplify the effects of and increase the number of DDoS attacks. Is this a risky protocol...
to use in the enterprise? What are the best ways to secure it?
The latest DDoS attack numbers are pretty sobering. It's as if everyone is getting hit at some point and no one has a good resolution to the problem. Such is the case with the Simple Service Discovery Protocol (SSDP).
Most people aren't aware of the SSDP protocol or the fact that it's running on their networks. The more systems and protocols present in any given environment, the more complexity.
UDP-based SSDP is the underlying mechanism for the widely-used Universal Plug and Play protocol. If you look on your network you will likely see it running everywhere -- on devices from webcams to routers.
If you don't believe you need the SSDP protocol and are willing to live without Windows HomeGroups (its largest dependency), you can disable the protocol. For example, on your Windows workstations, you can do this via Group Policy or by running services.msc, selecting the SSDP Discovery service and disabling it on the local system.
I'm not aware of any potential side effects; however, there could be some, so make sure you test this thoroughly in your own unique environment.
Whether it's emerging attacks against SSDP or the proven UDP amplification attacks via NTP or DNS, the risk for DDoS attacks may exist on your network, so anything you can do to help minimize the chances is a good thing.
Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)
Learn more about the shifting tactics of DDoS attackers
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading