DNS Cookies and DDoS Attacks

DDoS attacks, particularly for ransom—essentially, “give me some bitcoin, or we’ll attack your server(s) and bring you down,” seem to be on the rise. While ransom attacks rarely actually materialize, the threat of DDoS overall is very large, and very large scale. Financial institutions, content providers, and others regularly consume tens of gigabits of attack traffic in the normal course of operation. What can be done about stopping, or at least slowing down, these attacks?

To answer, this question, we need to start with some better idea of some of the common mechanisms used to build a DDoS attack. It’s often not effective to simply take over a bunch of computers and send traffic from them at full speed; the users, and the user’s providers, will often notice machine sending large amounts of traffic in this way. Instead, what the attacker needs is some sort of public server that can (and will) act as an amplifier. Sending this intermediate server should cause the server to send an order of a magnitude more traffic towards the attack target. Ideally, the server, or set of servers, will have almost unlimited bandwidth, and bandwidth utilization characteristics that will make the attack appear Continue reading

Why help desk jobs are going unfilled

Help desk jobs have long been seen as a stepping stone to other roles, but that perception is out of date. Today’s help desk professionals are taking on more complex work and they’re in high demand.To read this article in full or to leave a comment, please click here(Insider Story)

Microsoft starts clock ticking on Office 2016’s first upgrade

Microsoft this week released the second upgrade for Office 365 commercial subscribers on the slow train, and warned those still running the original Office 2016 applications that they have four more months before they will be required to update.Alongside a large number of Windows security updates issued Tuesday, Microsoft also released build 1602 of the Office apps to corporate Office 365 subscribers who hew to the "Deferred Channel" track.Deferred Channel is the slower of the two main release tracks Microsoft established for Office 365. (Until February, it was called "Current Branch for Business" to match the name of a slow release track for Windows 10.) Unlike the faster "Current Channel" (CC), which boasts monthly updates to the Office 2016 applications -- Word, Outlook, Excel and the like -- Deferred Channel (DC) only provides updates every four months.To read this article in full or to leave a comment, please click here

Ad hoc operations in the SOC can lead to pain

At CircleCityCon, CSO's Steve Ragan chats with Paul Jorgensen, host of the PVC Security Podcast, about ad hoc processes within many security operations centers (SOCs) and how organizations can prevent these types of mistakes.

PQ Show 82: Aruba Certifications Overview

Today's Priority Queue climbs the Aruba certification ladder for wireless networking. Exam developer Kimberly Graves talks about what you'll learn, and offers training and testing insights.

The post PQ Show 82: Aruba Certifications Overview appeared first on Packet Pushers.

EVPN – Single-active redundancy

In the previous 2 posts I looked at the basics of EVPN including the new BGP based control-plane, later I looked at the integration between the layer-2 and layer-3 worlds within EVPN. However – all the previous examples were shown with basic single site networks with no link or device redundancy, this this post I’m going to look at the first and simplest EVPN redundancy mode.

First – consider the new lab topology:

The topology and configuration remains pretty much the same, except that MX-1 and MX-2 each connect back to EX4200-1, for VLAN 100 and VLAN 101, with the same IRB interfaces present on each MX router, essentially a very basic site with 2 PEs for redundancy.

Let’s recap the EVPN configuration on each MX1, I’ve got the exact same configuration loaded on MX-2 and MX-3, the only differences being the interface numbers and a unique RD for each site.

MX-1: 

IDG Contributor Network: Smartphones not productive, managers say

Despite the hype of business chat messaging and a perception of smartphones introducing a connected work-everywhere lifestyle, a surprisingly large number of bosses are not at all happy with the proliferation of the devices.The honchos say mobile devices are killing productivity, according to employment firm CareerBuilder research. The problem appears to stem from the fact that employees are indeed using smartphones at work—just not for work.That the majority of workers with smartphones (65 percent) don’t have work email setup on the devices is one issue, the CareerBuilder study found.To read this article in full or to leave a comment, please click here

ContainerX Ships Its ‘vSphere for Containers’

That includes Windows containers, as ContainerX likes to tell enterprises.

Why your password policy still sucks

Password policies don't prevent problems, they cause them. Humans are predictable, and generic password policies help attackers crack (or guess) passwords faster.

Google revs its AI engines with a new European research group

Google has made no secret of its AI ambitions, and on Thursday it announced the next step in its bold plans to realize them: a brand-new research group in Europe focused squarely on machine learning.Based in Google Research offices in Zurich, Switzerland, the new group will focus on three key areas of artificial intelligence: machine intelligence, machine perception, and natural language processing and understanding, according to a blog post by Emmanuel Mogenet, head of Google Research for Europe.To read this article in full or to leave a comment, please click here

Flaws expose Cisco small-business routers, firewalls to hacking

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices. The vulnerability is located in the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router. It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.To read this article in full or to leave a comment, please click here

Flaws expose Cisco small-business routers, firewalls to hacking

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices. The vulnerability is located in the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router. It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.To read this article in full or to leave a comment, please click here

Flaws expose Cisco small-business routers, firewalls to hacking

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices. The vulnerability is located in the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router. It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.To read this article in full or to leave a comment, please click here

Virtualized Networks Invite Cyber Espionage

The cybersecurity and security solutions landscape is in constant flux.

Asus challenges the iPad Mini with the less-pricey ZenPad Z8

At $249.99, Asus' new Android-based ZenPad Z8 tablet could make you ponder why you should buy Apple's iPad Mini 4, which starts at $399.The Asus tablet will be available exclusively through Verizon Wireless, and will ship starting on June 23. It is ready for Verizon's LTE network in the U.S, and can be ordered online.The cellular-ready ZenPad Z8 will come with the latest Android version, Android M OS. A cellular-ready version of the iPad Mini 4 starts at $529.From a pure hardware standpoint, the Android tablet is comparable, and in some respects, offers more than than the iPad Mini 4. It ultimately comes down to whether you want Android or iOS on this sort of device.To read this article in full or to leave a comment, please click here

Federal Cybersecurity Boondoggle: The Software Assurance Marketplace (SWAMP)

Way back in February, I wrote a blog about President Obama’s proposed Cybersecurity National Action Plan (CNAP).  As part of this plan, the President called for $19 billion for cybersecurity as part of the 2017 fiscal year federal budget, a 35% increase over 2016 spending. While CNAP has a lot of thoughtful and positive proposals, I’m troubled by the fact that federal cybersecurity programs seem to have a life of their own with little oversight or ROI benefits.  I often cite DHS’s Einstein project as an example of this type of government cybersecurity waste.  In my humble opinion, the feds are spending hundreds of millions of dollars on custom research and development for Einstein when commercial off-the-shelf (COTS) network security products could do the same job at a fraction of the cost.To read this article in full or to leave a comment, please click here

Federal Cybersecurity Boondoggle: The Software Assurance Marketplace (SWAMP)

Way back in February, I wrote a blog about President Obama’s proposed Cybersecurity National Action Plan (CNAP).  As part of this plan, the President called for $19 billion for cybersecurity as part of the 2017 fiscal year federal budget, a 35% increase over 2016 spending. While CNAP has a lot of thoughtful and positive proposals, I’m troubled by the fact that federal cybersecurity programs seem to have a life of their own with little oversight or ROI benefits.  I often cite DHS’s Einstein project as an example of this type of government cybersecurity waste.  In my humble opinion, the feds are spending hundreds of millions of dollars on custom research and development for Einstein when commercial off-the-shelf (COTS) network security products could do the same job at a fraction of the cost.To read this article in full or to leave a comment, please click here

Security Sessions: How CSOs can reduce alert fatigue

In the latest episode of Security Sessions, Hexadite CEO Eran Barak joins CSO Editor-in-Chief Joan Goodchild to discuss the problem of security alert fatigue, in which a company receives so many alerts from their systems that they end up potentially ignoring or missing critical alerts.

Cavium Snaps Up QLogic in $1.36B Deal

$45 million in synergies is expected from the deal.

Samsung enters the cloud market

For years those who track the cloud computing market have predicted consolidation. The market is young enough, promising enough, and the barriers to entry for companies that want a slice of this market are high enough that mergers and acquisitions are to be expected. Stephen Lawson At its 2016 developer conference in San Francisco this week, the company worked to get developers excited about its software and services as well as its hardware platforms.To read this article in full or to leave a comment, please click here