How the NSA uses behavior analytics to detect threats

The National Security Agency has significantly enhanced its capabilities for detecting cyber-threats in the two-plus years since former NSA contractor Edward Snowden pilfered and disclosed classified information. The multi-layered capabilities, which include user behavior analytics, now protect a private cloud that provides storage, computing and operational analytics to the intelligence community, CIO Greg Smithberger tells CIO.com. Greg Smithberger, CIO of the National Security Agency.To read this article in full or to leave a comment, please click here

Attackers are building big data warehouses of stolen credentials and PII

According to McAfee Labs, attackers are linking stolen personally identifiable information (PII) sets together in Big Data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen PII and usernames and passwords, according to McAfee Labs.A new type of criminal is combining warehousing and selling stolen data including access credentials and PII that are targeted to specific markets, industries, companies, and purposes, according to the McAfee Labs 2016 Threat Predictions and McAfee Labs’ Director of Threat Intelligence, Christian Beek. McAfee has seen the hacker underground and dark markets moving in this direction over the past seven months, Beek asserts.To read this article in full or to leave a comment, please click here

Top security stories of 2015

More data breachesImage by Flickr: Chris MarquardtHacking Team, Comcast, Ashley Madison… the list goes on of companies who became just another notch in the belt of cybercriminals. Like in years past, data breaches were top of the list for our year in review story. Here are some stories that made headlines in 2015.To read this article in full or to leave a comment, please click here

CIO seeks ‘disruptive opportunities’

For nearly 150 years, Schindler Group has been moving people. The Lucerne, Switzerland-based company makes, supplies and services elevators, escalators and moving walkways. As it moves toward the future, Schindler is deploying smart equipment capable of sharing information with back-end systems and, among other things, sending alerts about maintenance needs to service personnel.To read this article in full or to leave a comment, please click here(Insider Story)

Akamai: DDoS attacks up thanks to criminal misuse of stress-test services

Criminals are tapping Web-based services that are advertised as tools to stress test customers’ networks but in actuality they are using them to launch DDoS attacks against victims, according to Akamai.The paid sites can make DDoS attacks a viable option for actors looking to shut down targeted servers, the company says in its “State of the Internet/Security Q3 2015” report. “Many of the sites are simply DDoS-for-hire tools in disguise, relying on the use of reflection attacks to generate their traffic,” the report says.+More on Network World: DARPA scheme would let high-tech systems “see” as never before+To read this article in full or to leave a comment, please click here

HSRP – VRRP – GLBP

HSRP, VRRP and GLBP are the three commonly used first hop redundancy protocols in local area networks and the data center.

In this post, I will briefly describe them and highlight the major differences. I will ask you a design question so we will discuss in the comment section below.

hsrp vrrp glbp

source: Orhan Ergun CCDE Study Guide – Workbook

HSRP and GLBP are the Cisco specific protocols but VRRP is an IETF standard. So if the business requirement states that more than one vendor will be used , then VRRP is the best choice to avoid any vendor interoperability issue.

For the default gateway functionality HSRP and VRRP uses one virtual IP corresponds one Virtual Mac address.

GLBP operates in a different way. Clients still use one virtual IP address but more than one virtual mac address is used. So each default gateway switch has its own virtual Mac address but same virtual IP address.

To illustrate this, lets look at the below picture.

 

hsrp virtual mac

source: Orhan Ergun CCDE Study Guide – Workbook

In the above picture, clients use same gateway mac address since the first hop redundancy protocol is HSRP.

If GLBP was in used, on the PC we would see different gateway Continue reading

Should We Use OpenFlow for Load Balancing?

Yesterday I described the theoretical limitations of using OpenFlow for load balancing purposes. Today let’s focus on the practical part and answer another question:

I wrote about the same topic years ago here and here. I know it’s hard to dig through old blog posts, so I collected them in a book.

Read more ...

Legislation requiring tech industry to report terrorist activity may be revived

Legislation requiring tech companies to report on terrorist activity on their platforms is likely to be revived in the U.S., following concerns about the widespread use of Internet communications by terrorists.A proposed rule that would require companies to report vaguely defined "terrorist activity" on their platforms had been included as section 603 in the Intelligence Authorization Act for Fiscal Year 2016.But Senator Ron Wyden, a Democrat from Oregon, removed a hold on the bill only after the controversial provision was deleted from it.To read this article in full or to leave a comment, please click here

Former Secret Service agent sentenced for corruption in Silk Road investigation

A former Secret Service agent was sentenced Monday to 71 months in prison for stealing bitcoins from vendors on the Silk Road, the now-shuttered underground marketplace he was investigating. Shaun W. Bridges, 33, of Laurel, Maryland, must also forfeit US$650,000, the U.S. Justice Department said.Bridges pleaded guilty on Oct. 31 in the U.S. District Court for the Northern District of California to money laundering and obstruction of justice.He was one of two federal investigators charged with crimes committed during the probe of the Silk Road, which was shut down in October 2013.To read this article in full or to leave a comment, please click here

Iran-based hackers may be tracking dissidents and activists, Symantec says

Hackers based in Iran have been using malware to spy on individuals, including potentially dissidents and activists in the country, according to new research from Symantec.The attacks aren't particularly sophisticated, but the hackers have had access to their targets' computers for more than a year, Symantec said, which means they may have gained access to "an enormous amount of sensitive information."Two groups of hackers, named Cadelle and Chafer, distributed malware that steals information from PCs and servers, including from airlines and telcos in the region, Symantec said.To read this article in full or to leave a comment, please click here

Joking aside: Trump is Unreasonable

Orin Kerr writes an excellent post repudiating Donald Trump. As a right-of-center troll, sometimes it looks like I support Trump. I don't -- I repudiate everything about Trump.

I often defend Trump, but only because I defend fairness. Sometimes people attack Trump for identical policies supported by their own favorite politicians. Sometimes they take Trump's bad policies and make them even worse by creating "strawman" versions of them. Because I believe in fairness, I'll defend even Trump from unfair attacks.

But Trump is an evil politician. Trump is "fascism-lite". You'll quickly cite Godwin's Law, but fascism is indeed the proper comparison. He's nationalistic, racist, populist, and promotes the idea of a "strongman" -- all the distinctive hallmarks of Nazism and Italian Fascism.

Scoundrels, like Trump, make it appear that opposition is unreasonable, that they are somehow sabotaging progress, and that all it takes is a strongman with the "will" to overcome them. But the truth is that in politics, reasonable people disagree. I'll vigorously defend my politics and call yours wrong, but at the end of the day, we can go out and have a beer together without hating each other. Trump-style politicians, on the other hand, do everything in Continue reading

Broadcom BroadView Instrumentation

The diagram above, from the BroadView™ 2.0 Instrumentation Ecosystem presentation, illustrates how instrumentation built into the network Data Plane (the Broadcom Trident/Tomahawk ASICs used in most data center switches) provides visibility to Software Defined Networking (SDN) controllers so that they can optimize network performance.
The sFlow measurement standard provides open, scaleable, multi-vendor, streaming telemetry that supports SDN applications. Broadcom has been augmenting the rich set of counter and flow measurements in the base sFlow standard with additional metrics. For example, Broadcom ASIC table utilization metrics, DevOps, and SDN describes metrics that were added to track ASIC table resource consumption.

The highlighted Buffer congestion state / statistics capability in the slide refers to the BroadView Buffer Statistics Tracking (BST) instrumentation. The Memory Management Unit (MMU) is on-chip logic that manages how the on-chip packet buffers are organized.  BST is a feature that enables tracking the usage of these buffers. It includes snapshot views of peak utilization of the on-chip buffer memory across queues, ports, priority group, service pools and the entire chip.
The above chart from the Broadcom technical brief, Building an Open Source Data Center Monitoring Tool Using Broadcom BroadView™ Instrumentation Software, shows buffer utilization trended over an Continue reading

Measuring DNS Performance with Open Recursive Name Servers

dns-provider-pairwise-grid-anonymized-large

Dyn prides itself on being fast, but how do we measure ourselves? How do we compare to everyone else? With all the vagaries of DNS measurement due to caching effects, congestion, and routing irregularity, is it even possible to devise a useful, believable metric, one that anyone could validate for themselves? Dyn Research decided to tackle this challenge and this blog explains our approach. We encourage our readers to suggest improvement and try this methodology out for themselves.

Over the years Dyn has built a high-performing authoritative DNS network using strategic placement of sites and carefully engineered anycast to provide low-latency performance to recursive name servers all over the world. We use our Internet performance monitoring network of over 200 global “vantage points” to monitor DNS performance and our comprehensive view of Internet routing from over 700 BGP peering sessions to make necessary routing adjustments. This synthetic DNS monitoring and routing analysis are important tools to understand performance. But since the ultimate goal is delivering a good user experience, it’s important to measure performance from the user’s perspective. (We have written about the importance of user-centric DNS performance testing in the past.)

User perception of DNS performance depends on Continue reading

1 3,077 3,078 3,079 3,080 3,081 3,695