Mitigating DDoS

Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic (assuming perfect efficiency, of course—YMMV). Dispersing a DDoS in this way may impact performance—but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack.

But what if you cannot, for some reason, disperse the attack? Maybe you only have two edge connections, or if the size of the DDoS is larger than your total edge bandwidth combined? It is typically difficult to mitigate a DDoS attack, but there is an escalating chain of actions you can take that often prove useful. Let’s deal with local mitigation techniques first, and then consider some fancier methods.

  • TCP SYN filtering: A lot of DDoS attacks rely on exhausting TCP open resources. If all inbound TCP sessions can be terminated in a proxy (such as a load balancer), Continue reading

RSA Conference 2017: Security analytics and operations

So far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security, while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e. security operations and analytics platform architecture).To read this article in full or to leave a comment, please click here

RSA Conference 2017: Security analytics and operations

So far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security, while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e. security operations and analytics platform architecture).To read this article in full or to leave a comment, please click here

Security Analytics and Operations at RSA

So far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week.  The first blog was about my outlook for endpoint security while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e. security operations and analytics platform architecture).  Here’s another blog where I define the SOAPA architecture and all the consolidating piece parts.To read this article in full or to leave a comment, please click here

Hacker takes out dark web hosting service using well-known exploit

A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised.    On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users. The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the "dark web" is essentially the encrypted network comprising Tor servers and browsers. But on Friday, the service appeared to be down. Its main landing page was replaced with a message saying that it had been hacked. Allegedly, Freedom Hosting II had been hosting child pornography sites, though its anonymous operator claimed to have a zero-tolerance policy toward such content, according to the hacker behind the breach.To read this article in full or to leave a comment, please click here

Hacker takes out dark web hosting service using well-known exploit

A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised.    On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users. The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the "dark web" is essentially the encrypted network comprising Tor servers and browsers. But on Friday, the service appeared to be down. Its main landing page was replaced with a message saying that it had been hacked. Allegedly, Freedom Hosting II had been hosting child pornography sites, though its anonymous operator claimed to have a zero-tolerance policy toward such content, according to the hacker behind the breach.To read this article in full or to leave a comment, please click here

What’s keeping enterprises from using G Suite?

While Google has spent the past year trying to woo enterprises to its G Suite productivity apps, it’s still the underdog compared to Microsoft Office, at least among large businesses. So what’s keeping it from broader appeal?One of the biggest hurdles for Google achieving broader enterprise adoption is just the fact that the company’s products aren't identical to Word, Excel, PowerPoint, Outlook, and other Microsoft Office apps, Gartner Senior Research Analyst Joe Mariano said."Enterprises have been ingrained in the Microsoft stack for essentially the beginning of time, it feels like," Mariano said. "[Enterprises] have problems shifting away from that, because they have a lot of investments, either in customizations or how they're using the tools."To read this article in full or to leave a comment, please click here

A Windows Cloud build just leaked, and this is what we learned

Microsoft's mysterious Windows Cloud is supposedly a stripped-down version of Microsoft’s operating system that runs only Windows Store apps. Microsoft's not commenting, but an early build that leaked over the weekend appears to be authentic and gives further tantalizing hints of what the company may have in mind. Windows Cloud intrigues Microsoft watchers because of its uncanny resemblance to Windows RT, Microsoft’s failed ARM-based platform. It, too, could only run Windows Store apps, plus desktop versions of Internet Explorer and Microsoft Office. There are numerous reasons why RT never succeeded, but the gist is there weren’t enough apps and nobody wanted to run a hobbled PC.To read this article in full or to leave a comment, please click here

One-third of iPhones are the Plus model

It's no secret that the tablet market is in something of a freefall. It is being squeezed on the top end by high-end laptops that have detachable touch screens and on the bottom by large phones. Plus, the chief advocate for tablets was Steve Jobs, who is no longer with us, and no one has stepped forward to champion the tablet. NPD Group reports that tablet sales have dropped 15 percent from 2015 to 2016. It would have been worse if not for Amazon practically giving away the low-cost Amazon Fire Tablet. There is also some success to be had with the iPad Pro and Microsoft Surface Pro 4. + Also on Network World: iPhone 8 likely to feature 'wraparound' display design + But the real damage is being done by large phones, sometimes called phablets (a portmanteau for "phone-tablet"). In the fourth quarter of 2016, Apple sold just 13 million iPads, a 19 percent drop from the same period in 2015. However, Consumer Intelligence Research Partners says the iPhone Plus, with its 6.23-in. diagonal screen, made up 35 percent of the iPhone installed base as of the end of last year, up from 25 percent in Continue reading

TV maker Vizio pays $2.2M to settle complaint that it spied on users

Popular smart TV maker Vizio will pay US $2.2 million to settle complaints that it violated customers' privacy by continuously monitoring their viewing habits without their knowledge. Beginning in February 2014, the California TV maker tracked what TV shows customers were watching on 11 million TV sets sold in the U.S., the U.S. Federal Trade Commission and the Office of the New Jersey Attorney General said in a complaint, released Monday. Vizio smart TVs captured "second-by-second" information about video displayed, including video from consumer cable service, broadband, set-top boxes, DVDs, over-the-air broadcasts, and streaming devices, according to the complaint.To read this article in full or to leave a comment, please click here

TV maker Vizio pays $2.2M to settle complaint that it spied on users

Popular smart TV maker Vizio will pay US $2.2 million to settle complaints that it violated customers' privacy by continuously monitoring their viewing habits without their knowledge.Beginning in February 2014, the California TV maker tracked what TV shows customers were watching on 11 million TV sets sold in the U.S., the U.S. Federal Trade Commission and the Office of the New Jersey Attorney General said in a complaint, released Monday.Vizio smart TVs captured "second-by-second" information about video displayed, including video from consumer cable service, broadband, set-top boxes, DVDs, over-the-air broadcasts, and streaming devices, according to the complaint.To read this article in full or to leave a comment, please click here

How to catch a 400lb drone traveling at full speed

Catching a full-sized military drone traveling at full speed without destroying it midflight is no easy task. But DARPA this week said a research project it has been working – known as SideArm -- is doing just that and more. DARPA said that SideArm developer Aurora Flight Sciences has successfully tested a full-scale system that repeatedly captured a 400-pound Lockheed Martin Fury unmanned aircraft accelerated to flight speed via an external catapult. A Fury can hit over 130MPH.+More on Network World: Hot stuff: The coolest drones+To read this article in full or to leave a comment, please click here

How to catch a 400lb drone traveling at full speed

Catching a full-sized military drone traveling at full speed without destroying it midflight is no easy task. But DARPA this week said a research project it has been working – known as SideArm -- is doing just that and more. DARPA said that SideArm developer Aurora Flight Sciences has successfully tested a full-scale system that repeatedly captured a 400-pound Lockheed Martin Fury unmanned aircraft accelerated to flight speed via an external catapult. A Fury can hit over 130MPH.+More on Network World: Hot stuff: The coolest drones+To read this article in full or to leave a comment, please click here

FreeDOS 1.2: Why DOS is amazing in 2017

Right now, as I sit here typing these words, it is February of the year 2017.The words of which I speak? They are entirely about DOS. Yes—that DOS. The one that powered so many computers throughout the 1980s and a chunk of the 1990s. The one with a big, low-resolution “C:>”. The one you installed with floppy disks often onto a hard drive measured in megabytes. DOS. You see, back on December 25, something miraculous happened. Something that changed the world forever: FreeDOS 1.2 was released. To read this article in full or to leave a comment, please click here

Malware distributors are switching to less suspicious file types

After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.To read this article in full or to leave a comment, please click here

Malware distributors are switching to less suspicious file types

After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How ZeroStack plans to deliver ‘self-driving’ clouds

ZeroStack is an IT management vendor. More specifically, it provides tooling that lets organizations turn bare-metal (i.e., physical) servers into cloud infrastructure. Basically ZeroStack -- like cloud platforms from OpenStack, Microsoft and others -- wants to make physical infrastructure work like the public cloud. ZeroStack offers the operating tools and the self-service platform that helps customers make decisions about capacity planning, troubleshooting and optimized placement of applications. On top of that, ZeroStack offers a Bitnami-like integrated app store that allows organizations to offer their end users a "one-click" installation of popular applications onto their cloud platform. Finally, ZeroStack is integrated with public clouds to offer migration between on-premises and public cloud infrastructure.To read this article in full or to leave a comment, please click here

1 2,330 2,331 2,332 2,333 2,334 3,841