Archive for DoS attack

The Top 10, Top 10 Predictions for 2017

2017.jpgThe time of year when crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Rather than thinking up my own, I figured I’d regurgitate what many others are expecting to happen.

8 Predictions About How the Security Industry Will Fare in 2017 – An eWeek slideshow looking at areas like IoT, ransomware, automated attacks and the security skills shortage in the industry. Chris Preimesberger (@editingwhiz), who does a monthly #eweekchat on twitter, covers many of the worries facing organizations.

10 IoT Predictions for 2017 – IoT was my number 1 in The Top 10, Top 10 Predictions for 2016 and no doubt, IoT will continue to cause havoc. People focus so much on the ‘things’ themselves rather than the risk of an internet connection. This list discusses how IoT will grow up in 2017, how having a service component will be key, the complete mess of standards and simply, ‘just because you can connect something to the Internet doesn’t mean that you should.’

10 Cloud Computing Trends to Watch in 2017 - Talkin' Cloud posts Forrester’s list of cloud computing predictions for 2017 including how hyperconverged infrastructures will help private clouds get real, ways to make cloud migration easier, the importance (or not) of megaclouds, that hybrid cloud networking will remain the weakest link in the hybrid cloud and that, finally, cloud service providers will design security into their offerings. What a novel idea.

2017 Breach Predictions: The big one is inevitable – While not a list, per se, NetworkWorld talks about how we’ll see more intricate, complex and undetected data integrity attacks and for two main reasons: financial gain and/or political manipulation. Political manipulation? No, that’ll never happen. NW talks about how cyber attacks will get worse due to IoT and gives some ideas on how to protect your data in 2017.

Catastrophic botnet to smash social media networks in 2017 – At the halfway point the Mirai botnet rears its ugly head and ZDNet explains how Mirai is far from the end of social media disruption due to botnets. With botnets-for-hire now available, there will be a significant uptick in social media botnets which aim not only to disrupt but also to earn money for their operators in 2017. Splendid.

Torrid Networks’ Top 10 Cyber Security Predictions For 2017Dhruv Soi looks at the overall cyber security industry and shares that many security product companies will add machine learning twist to their products and at the same time, there will be next-gen malware with an ability to bypass machine learning algorithms. He also talks about the fast adoption of Blockchain, the shift towards mobile exploitation and the increase of cyber insurance in 2017.

Fortinet 2017 Cybersecurity Predictions: Accountability Takes the Stage - Derek Manky goes in depth with this detailed article covering things like how IoT manufacturers will be held accountable for security breaches, how attackers will begin to turn up the heat in smart cities and if technology can close the gap on the critical cyber skills shortage. Each of his 6 predictions include a detailed description along with risks and potential solutions.

2017 security predictions – CIO always has a year-end prediction list and this year doesn’t disappoint. Rather than reviewing the obvious, they focus on things like Dwell time, or the interval between a successful attack and its discovery by the victim. In some cases, dwell times can reach as high as two years! They also detail how passwords will eventually grow up, how the security blame game will heat up and how mobile payments, too, will become a liability. Little different take and a good read.

Predictions for DevOps in 2017 – I’d be remiss if I didn’t include some prognosis about DevOps - one of the most misunderstood terms and functions of late. For DevOps, they will start to include security as part of development instead of an afterthought, we’ll see an increase in the popularity of containerization solutions and DZone sees DevOps principals moving to mainstream enterprise rather than one-off projects.

10 top holiday phishing scams – While many of the lists are forward-looking into the New Year, this one dives into the risks of the year end. Holiday shopping. A good list of holiday threats to watch out for including fake purchase invoices, scam email deals, fake surveys and shipping status malware messages begging you to click the link. Some advice: Don’t!

Bonus Prediction!

Top 10 Most Popular Robots to Buy in 2017 – All kinds of robots are now entering our homes and appearing in society. From vacuums to automated cars to drones to digital assistants, robots are interacting with us more than ever. While many are for home use, some also help with the disabled or help those suffering from various ailments like autism, a stroke or even a missing limb. They go by many monikers like Asimo, Spot, Moley, Pepper, Jibo and Milo to name a few.

Are you ready for 2017?

If you want to see if any of the previous year’s prognoses came true, here ya go:

ps




The Roadblock for Malicious Traffic

Posted in security, f5, big-ip, silva, network, DoS attack, infrastructure, risk by psilva on March 8th, 2016

products-afm-architecture.png

I am sure you are aware, the business computing environment is evolving. From all of us and the multitude of devices we now carry and interact with, along with the various ways we access information…to all of the applications and the interdependency among those applications that we request information from…to the infrastructure needed to secure those applications and information being delivered to us. Maintaining security throughout is a challenge.

In a business environment, security is all about risk: Assessment, analysis, management and mitigation. The many IT security trends like IoT, cloud, device proliferation, disappearing perimeter, and so forth are all potential risks to the business. To reduce their risk, organizations need to ensure they can scale to meet the global workforce’s and customer’s data demand; they need to secure their data from targeted attacks, unauthorized access, inadvertent leakage or to comply with regulatory rules; and they need to keep their operational infrastructure simple and efficient.

The BIG-IP platform offers the scale and capacity to meet the deluge, the full proxy security to protect the applications and infrastructure and the operational efficiency to consolidate functions within an application centric security model. The BIG-IP platform is a full proxy architecture – establishing a TCP connection with the client to the BIG-IP and a separate TCP connection from the BIG-IP to the resources themselves. It is able to apply policies on both ends, anywhere along the stack. This allows organizations to inspect, manipulate or simply drop traffic – on the way in or on the way out - if it does not adhere to the policy. Plus, iRules extensibility gives you the power to do almost anything with the traffic.

BIG-IP Advanced Firewall Manager (AFM) is a stateful, full-proxy, ICSA-certified firewall and brings additional network firewall capabilities at a fine granular level allowing administrators to easily protect their infrastructure and understand what types of attacks are infiltrating the network. Logging and reporting are built-in. BIG-IP AFM can be added to any BIG-IP platform and can help reduce those business risks.

Bringing together security and deep application fluency, BIG-IP AFM delivers the most effective network-level security for enterprises and service providers alike. Whether on-premises or in the cloud, BIG-IP AFM tracks the state of network sessions, maintains application awareness, and mitigates threats based on attack details that most traditional network firewalls simply do not have. It helps you respond to threats quickly and with a full understanding of your security posture. In addition, AFM protects your organization from the most aggressive DDoS attacks before they ever reach your data center.

F5 DevCentral has a whole AFM series coming your way over the next few weeks! The schedule includes:

  • March 15th: Foundational / Provisioning – This will kick of the series, taking what John tackled in AFM Provisioning and Policy Building and fleshing out more of the finer details in provisioning and basic policy functionality.
  • March 17th: Architectural Context – We’ll dive deep into the architecture to define global and local contexts, work through precedence decision trees, and introduce the programmability entrance points.
  • March 22nd: Policy Building – Harder, stronger, balanced and more flexible policies to combat all those bad actors out there! Lessons learned and best practices will help you wield a more powerful weapon in the battle.
  • March 24th: DDoS Capabilities: AFM shines with DDoS mitigation. You’ll see the many attack vectors handled auto-magically for you, as well as walk through some demos of attack mitigations in action.
  • March 29th: Blacklisting Magic - As the title says...
  • March 31st: IP Intelligence - Blocking bad actors at the core.
  • April 5th: Attack Mitigation Approaches (zero-window / udp flood / Christmas tree / etc.) - We’ll take a look at some of these attacks and show you how to combat them.
  • April 7th: Full stack protection – Where does AFM end and ASM begin? You’ll see how these two modules complement each other and provide synergistic protection for all layers of your application and delivery infrastructure.
  • April 12th: iRules extensions - Programmability to help stop those tricky attacks.
  • April 14th: DNS firewall deployments - We'll show you how to make one mighty powerful firewall for your DNS infrastructure.

Stay tuned for more insight on how to protect your critical infrastructure.

ps




MWC 2015 – Threats to Mobile Carrier Networks (feat George)

Posted in security, f5, silva, video, DoS attack, mobile, malware, infrastructure, dns by psilva on March 2nd, 2015

Jonathan George, Sr. Product Marketing Manager, talks about the various threats that can occur on a carrier network. Mobile devices are becoming a hot target for malicious attacks and users may not be aware that they have potentially become part of a botnet. And it is not just mobile devices, as IoT grows, your refrigerator could potentially participate in a DDoS attack. Jonathan focuses on some of the DNS solutions available that can help mitigate DNS DDoS attacks and malicious communications on a service provider network.

ps

Related

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Watch Now:



Uncle DDoS’d, Talking TVs and a Hug

Posted in security, f5, application security, silva, privacy, DoS attack, cybercrime, identity theft, RFID, iot by psilva on May 14th, 2014

Information security is one of those areas where a lot is always happening. From breaches to vulnerabilities to scams to anything else that's designed to store, protect or even attack and pilfer our sensitive information, information security encompasses a lot of things. A Three Ring Circus, Three Little Pigs, The Three Stooges and when three different stories grab my attention, well I just gotta share.

SCMagazine.com had an interesting story yesterday talking about how two servers designed to prevent DDoS attacks were, themselves, used in a DDoS attack. Incapsula reported that it had to fend off a sizable DDoS attack that was launched using high-capacity servers hijacked from a DDoS protection services provider. The attack itself was against an online gaming site and the attackers actually hijacked and commandeered two high capacity servers from a DDoS protection service provider to spearhead the attack. The service provider was so focused on incoming traffic, they had to be notified to take a look at the massive outgoing traffic being sent. While the DDoS protection market has grown with many outsourcing solutions, it is still a shared service. Remember the old tiered-hosting-separated-by-a-partition days? Even if you are not the target, you still might be caught up in it if your neighbor is.

Next up is security experts at NCC Group said SmartTVs with built-in microphones and storage can be turned into bugging devices by malware and used to record conversations. Not to mention remotely turning on the TV camera at will. They did need physical access to the TV to install the malware but as more TV apps get developed, it is conceivable that a malicious app could be downloaded to the TV for the same purpose. They demonstrated how they could capture 30 seconds of buffered mic audio but could have also manipulated more to use internal storage and send the audio files to an awaiting server. NCC engineers wanted to highlight the security shortcomings on the home front of the Internet of Things. Start to get used to no privacy in the privacy of your home.

And last but certainly not least, Thieves steal ID and credit card data with a hug. OK, I'm Hawaiian and we are a bunch of huggers so this is interesting. Apparently a Georgia woman was approached at a gas station by another woman begging for some money so she could put gas in her car. The kind, generous woman gave the crooked lady $20. With a full Oscar nominated performance, the crooked lady wept with joy and wanted to thank the generous one with a hug. Embrace ensued. So touched by the gesture, the man with the crooked lady got out of the car and also wanted to physically thank the Samaritan. The next morning she realized why they wanted to hug her when she discovered that $3000 was gone from her bank account. $2400 from a grocery store and another $200 plus from ATMs. The thieves got close so they could scan her for RFID enabled cards. She had her credit cards in her front pocket and was scanned during the not so loving embrace. Well that sucks. The cool thing is that the woman is not jaded and will continue to help others. Nice.

And to those I know: If we typically hug when we see each other, I promise won't be scanning your pockets.

ps

Related

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



A Decade of Breaches

Posted in , security, f5, application security, silva, DoS attack, banking, cybercrime, hackers, breach, data loss, family by psilva on April 24th, 2014

Whales Not Included

Megaptera_novaeanglia_jumping.jpgBeing from the Hawaiian Islands, the annual gathering of the Kohola (humpback whales) is always a spectacular view. They can get over half their body out of the water and administer a cannonball body slam splash like you've never seen before. Most of the internet thinks they breach to either see what's up (so to speak), let other whales know they are around (if the haunting squeal isn't doing it) and most common, to relieve the body of lice, parasites and barnacles.

While nature's breaches are unmatched, many internet security breaches are run of the mill leakages.

The Verizon 2014 Data Breach Investigation Report (DBIR) found that over the last 10 years, 92% of the 100,000 security incidents analyzed can be traced to nine basic attack patterns. The patterns identified are:

  • Miscellaneous errors like sending an email to the wrong person
  • Crimeware (malware aimed at gaining control of systems)
  • Insider/privilege misuse
  • Physical theft or loss
  • Web app attacks
  • Denial of service attacks
  • Cyberespionage
  • Point-of-sale intrusions
  • Payment card skimmers

The really cool thing about the 9 attack patterns is that Verizon has also charted the frequency of incident classification patterns per industry vertical. For instance, in financial services 75% of the incidents come from web application attacks, DDoS and card skimming while retail, restaurants and hotels need to worry about point-of-sale intrusions. Utilities and manufacturing on the other hand get hit with cyber-espionage. Overall across all industries, only three threat patterns cover 72 percent of the security incidents in any industry.

figure19_DBIR.jpg

Once again, no one is immune from a breach and while media coverage often focuses on the big whales, the bad guys are not targeting organizations because of who they are but because a vulnerability was found and the crooks decided to see if they could get more. This means that companies are not doing some of the basics to stay protected. For the 2014 analysis, there were 1,367 confirmed data breaches and 63,437 security incidents from 50 global companies.

For the most part, the fixes are fairly basic: Use strong authentication, patch vulnerabilities quickly and encrypt devices that contain sensitive information. I've barely scratched the surface of the report and highly suggest a through reading.

ps

Related

Photo: Protected Resources Division, Southwest Fisheries Science Center, La Jolla, California.

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



RSA 2014: DDoS Protection (feat Bocchino)

Posted in security, f5, big-ip, application security, silva, video, DoS attack, cybercrime, hackers, rsa, infrastructure, 0day, access by psilva on February 25th, 2014

F5 Sr. Systems Architect Ken Bocchino shows me a live demonstration of how F5’s protects the fundamental elements of an application (network, DNS, SSL and HTTP) against aggressively evolving DDoS attacks. Ken is always a fun and interesting guest.

ps

Related

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



GartnerDC 2013: DDoS Reference Architecture

I meet with Sr. TMM David Holmes to get the scoop on F5’s DDoS Reference Architecture. David has circled the globe talking to customers about their security concerns and shares some of that insight along with explaining how F5 can mitigate those attacks.

 

ps

Related:

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]





The Top 10, Top 10 Predictions for 2014

This time of year the crystal balls get a viewing and many pundits put out their annual predictions for the coming year.  Rather than thinking up my own, I figured I’d regurgitate what many others are expecting to happen.


Cybersecurity in 2014: A roundup of predictions: ZDNet might have picked up that I have done this for the past two years and Charles McLellan put together his own collection.  This is a good place to start with lists from Symantec, Websense, FireEye, Fortinet and others.  Mobile malware, zero-days, encryption, 'Internet of Things,' and a personal favorite, The Importance of DNS are amongst many predictions.

Eyes on the cloud: Six predictions for 2014: Kent Landry - Senior Consultant at Windstream focuses on Cloud futures in this Help Net Security piece.  Hybrid cloud, mobility and that pesky Internet of Everything make the list.

5 key information security predictions for 2014: InformationWeek has Tarun Kaura, Director, Technology Sales, Symantec discuss the coming enterprise threats for 2014.  Social Networking, targeted attacks, cloud and yet again, The Internet of Things finds a spot.

Top 10 Security Threat Predictions for 2014: This is essentially a slide show of Fortinet's predictions on Channel Partners Telecom but good to review.  Android malware, increased encryption, and a couple botnet predictions are included.

2014 Cyber Security Forecast: Significant healthcare trends: HealthITSecurity drops some security trends for healthcare IT security professionals in 2014.  Interesting take on areas like standards, audit committees, malicious insiders and supply chain are detailed.

14 IT security predictions for 2014: RealBusiness covers 10 major security threats along with four ways in which defenses will evolve.  Botnets, BYOD, infrastructure attacks and of course, the Internet of Things.

4 Predictions for 2014 Networks: From EETimes, this short list looks at the carrier network concerns.   Mobile AAA, NFV, 5G and once again, the Internet of Things gets exposure.

8 cyber security predictions for 2014: InformationAge goes full cybercriminal with exploits, data destruction, weakest links along with some 'offensive' or retaliatory attack information.

Verizon's 2014 tech predictions for the enterprise: Another ZDNet article covering the key trends Verizon believes will brand technology.  Interest includes the customer experience, IT decentralization, cloud and machine-to-machine solutions. 

Research: 41 percent increasing IT security budget in 2014: While not a list of predictions, this article covers a recent Tech Pro Research survey findings focused on IT security.  The report, IT Security: Concerns, budgets, trends and plans, noted that 41 percent of survey respondents said they will increase their IT security budget next year.  Probably to counter all the dire predictions.

A lot to consider as you toast the new year with the Internet of Things making many lists.  The key is to examine your own business and determine your own risks for 2014 and tackle those first.

ps

Related:

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



DNS Does the Job

Imagine how much you'd use the internet if you had to remember dozens of number combinations to do anything.  DNS is arguably the primary technology enabling the Internet – translating the domain names people type into a browser into an IP address so the requested service can be found on the internet.  We always expect DNS to work and no one thinks about it until it breaks.

Every icon, URL, and all embedded content on a web page requires a DNS look up. Loading complex sites may require hundreds of DNS queries and even simple smart phone apps can require numerous DNS queries just to load. In the last five years, the volume of DNS queries on for .com and .net addresses has more than doubled, increasing to an average daily query load of 77 billion in the fourth quarter of 2012.   More than six million domain names were added to the Internet in the fourth quarter of 2012.  Future growth is expected to occur at an even faster pace as more cloud implementations are deployed and practically everything connected to the internet, including your future fridge, coffee machine and toilet will need a DNS entry

Over the last 5 years, there has been a 180% growth of active websites, 230% growth in active users, a 22% growth in software applications and 100% growth in DNS queries. Add to that, nearly 60% of web users say they expect a website to load on their mobile phone in 3 seconds or less. Organizations are experiencing rapid growth in terms of applications and the volume of traffic accessing those applications.

When a user requests a web page, the requests access local DNS services and these in turn communicate with the main DNS servers. This is not a problem until a traffic surge or a hacker floods the server with DNS query requests since it might be more than what the DNS servers can handle which in turn, can disable the main DNS server. The DNS server then stops responding and sites are unavailable, unreachable or even offline. Generally organizations have a set of DNS servers, each one capable of handling up to 150,000 DNS queries per second. High performance DNS servers are capable of handling around 200,000 queries per second. The bad guys can easily exceed that as exemplified by the recent DNS outages affecting NY Times, LinkedIn, Network Solutions and Twitter. DNS failures account for 41% of web infrastructure downtime so organizations must keep their DNS available. According to a survey by the Aberdeen Group, organizations lose an average of $138,000 for every hour their data centers are down.  Downtime has an impact on visiting customers, can lead to loss of revenue and can also impact employees trying to access their corporate resources.  To address DNS surges, companies add more DNS servers which are not really needed during normal business operations.

Instead of worrying about DNS outages and purchasing additional DNS infrastructure to combat surges, simply place BIG-IP in front of your primary DNS server. It’s a full DNS server and handles requests on behalf of your main DNS server.  BIG-IP can respond much faster to a DNS query request up to millions of queries per second. Whether it is a legitimate request or an attack, BIG-IP responds. The BIG-IP engine handles application requests at very high levels and it is that same engine that responds to DNS queries. So high, in fact, that even large surges of DNS requests (including the malicious ones) will not cripple your critical content. DNS is always available which is important to having good services for your users. Administrators enjoy the peace of mind that their site will respond to all DNS queries, keeping the site available.

DIAG-SOL-AVAIL-10819-DNS

If you have high volume DNS coming into your data center, it is more advantageous to respond to those queries from the DMZ rather than from deep within the infrastructure, potentially affecting the back end primary DNS servers along with other critical servers. Instead of responding from deep within the infrastructure, respond using BIG-IP from the DMZ so that no request touches the back end which greatly increases the primary server’s ability can scale. Offload DNS to BIG-IP. With these large scale capabilities, even if a site is flooded due to some unexpected event, DNS can respond to all queries, good or bad. This keeps all your critical web, application and database services available. Organizations can secure DNS while achieving high scale. There is less equipment to purchase, manage and support. Plus, BIG-IP offers easy DNS management that integrates with your existing infrastructure. Error checking, auto population of protocols and importation of zones help eliminate any downtime from DNS errors. Organizations can make their applications fast, available and secure but if DNS is not responding, it doesn’t really matter since no one can get to it anyway.

ps

Related:

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



DNS Doldrums

Posted in security, f5, availability, silva, dnssec, management, DoS attack, malware, dns, cache poisoning by psilva on August 20th, 2013

DNS is one of the primary technologies enabling the Internet – translating the names people type into a browser into an IP address so the requested service can be found on the internet. It is one of the key elements in the network that delivers content and applications to the user.  If DNS goes down, most web applications will fail to function properly so it is critical to have a strong, secure and scalable DNS infrastructure.

A bunch of recent DNS outages show that while protecting the application from the typical SQLi, XSS and other OWASP Top 10 related risks is important, if DNS is not answering, those application hacks do not really matter since no one can get to the site anyway.

This month, 3 Dutch web hosting companies had their name servers altered by attackers.  They, according to articles, changed the various company's name servers to malicious servers hosted by the crooks.  They apparently managed to break into the national domain registrar, SIDN, to make the malicious change along with setting the Time to Live value to 24 hours.  This meant that any ISP that cached the bad information would continue to deliver the wrong address for the next day.  Among others, a large Dutch electronic retailer had to take down a bunch of servers that were delivering malware due to the breach but thousands of domains were affected.

This past June, the popular business social network LinkedIn was offline for at least a half a day due to a DNS issue.  The company claims that this was not due to criminal behavior but internal human error.  Somehow the main home page was redirected to a domain parking page which indicated the name was up for sale.

Also in June, DNSimple detected a DNS Amplification Attack on their network.  This is where an attacker attempts to use additional servers to 'amplify' the attack - small queries that turn into huge responses.  Instead of allowing the bounce, DNSimple tried to absorb the attack by blocking some IP addresses but ultimately at some point, all the name servers were no longer responding.  All hands to respond.  In their incident report, they noted that their current DNS server implementation allowed ANY queries on UDP to pass through and attempted to respond to them, albeit with the TC (truncation) bit set. In addition, the overhead created by their ALIAS resolution system was also a factor, especially with ALIAS records pointing to other records within DNSimple.  With some adjustments they hope to mitigate this from happening again.

There were a few others of note, In June, Network Solutions had its DNS servers hijacked and reconfigured to a malicious website after it botched efforts to thwart a DDoS attack.  The Spamhaus Project was nailed by a DNS DDoS attack.  And last week, a reported vulnerability in the BIND DNS software could give an attacker the ability to easily and reliably control queried name servers.

We rely on DNS for almost every interaction we have with web applications.  It helps us find our favorite e-tailer, social network, travel, news, gaming or entertainment site along with potentially finding our work related resources when we are mobile.  For organizations, it helps direct and bring people to your content.  Without it, our letter managed mind would have to start remembering a bunch of numbers.  Imagine how much you'd use the internet if you had to remember dozens of number combinations to do anything.  I bet the growth, the internet of everything, would come to a screeching halt.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]




« Older episodes ·