How to validate DDoS defenses?
Validating DDoS defenses is essential for every organization. There are number of solutions that organizations can use to their DDoS defense and protection services they receive mitigation providers validate issued. Organizations must work closely with their DDoS mitigation providers to complete an organized provisioning and service validation. The only way to be sure that DDoS protection will be effectively assured by means of proactive validation against various kinds of attack scenarios.
Following best practices would help in defense:
The DDoS mitigation service is running, make sure that all applications to perform well.
Ensure that all routing and DNS works.
Tips to validate defense:
Work with your mitigation service provider, generating several gigabits of controlled traffic to the alarm, activation and mitigation features of the service.
Test small levels of traffic without scrubbing and validate that your on-premise monitoring systems function properly.
Without any DDoS protection This action will also help to identify. Stress points on your network
Perform baseline testing and calibration systems to remediate any network vulnerabilities.
Plan validation testing to validate that the service configuration is still working properly on a regular basis (monthly or quarterly) with your DDoS mitigation service provider – and eliminate the risk of network element failures due to DDoS.
If network problems during testing, may need to make changes based on recent changes in your network, as amended firewall rules, router firmware updates and reconfiguration. Changes your service.
How little fight between two rivals caused ‘Largest DDOS attack in the history’?
You must be exhausted by the fact that your browser is performing like a turtle? Well it is not so surprising, because the internet as we all know is being targeted by the largest Distributed Denial of Service in its documented history ever.
How & Why did this happen?
It all started with a little incident between organizations, one known as Cyber-Bunker a web hosting company and another called Spamhaus a content filtration company. Spamhaus is a non-profit organization provides a list of IPs for spam filters to most of the huge money makers and ISPs all around the world. Recently Spamhaus blacklisted Cyber-bunker for exceptional hosting of child pornography and terrorism related material. This incident sparkled a fire and Spamhaus started getting DDOS attacks at random rates on 15th March 2013 but the intensity of these attacks rapidly increased and reached at 50 to100 GBPS, in the beginning the bandwidth consumption reached to a staggering proportions of 300 GBPS which is basically like pushing an elephant through a water hose. Suppose you have a router which supports 100 MBPS data transfer if you transfer 101 MBPS at any instant your router will become a flowerpot for gardening. Similar events are occurring now days.
First these attacks were just up for Spamhaus but now the whole internet is at stake where it is affecting the infrastructure of the internet. Google is providing its services to help mitigate these attacks. Five large investigation agencies are currently investigating the origin of these attacks. Spamhaus claims that Cyber-bunker is in co-operation with criminal elements and is behind this attack. However, it is not proven yet. Spamhaus has hired Cloudflare, an Internet security provision to strengthen its defense. Spamhaus with over 80 branches all around the globe is making itself one of the largest giant on internet. These attacks are Layer 3 DDOS attacks, making it difficult to tolerate.
Gradually these attacks are being mitigated and investigated by experts desperately trying to identify the source of these attacks. Now the one thing is proved after this attack that security industry is not ready for such kind of large attacks and if it can get up to 300 Gbps it might even go to 1Tbps……
References:
Kaspersky Internet Security bug – Still susceptible
Kaspersky Internet Security 2013 (all Kaspersky products which include the firewall functionality) is still susceptible to a remote system freeze. As reported on the 3rd March 2013, the bug is still not fixed. This bug can be exploited by Potential attackers by sending specifically crafted IPv6 packets to the targeted systems.
If IPv6 connectivity to a victim is possible (which is always the case on local networks), a fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system. No log message or warning window is generated, nor the system is able to perform any task.
To Test:
1. Download the thc-ipv6 IPv6 protocol attack suite for Linux from www.thc.org/thc-ipv6
2. Compile the tools with “make”
3. Run the following tool on the target: firewall6 19
Where the interface is network interface (e.g. eth0) target is the IPv6 address of the victim (e.g. ff02::1) port is any TCP port, doesn’t matter which (e.g. 80) and 19 is the test case number. The test case numbers 18, 19, 20 and 21 lead to a remote system freeze.
Solution:
Remove the Kaspersky Antivirus NDIS 6 Filter from all network interfaces or uninstall the Kaspersky software until a fix is provided. The bug was reported to Kaspersky first on the 21st January 2013, and then reminded on the 14th Feburary 2013. No feedback was given by Kaspersky, and the remainder contained a warning that without feedback the bug would be disclosed on this day.
OAuth vulnerability – Facebook hacking accounts again
The last OAuth Error in Facebook, which allow an attacker to hijack an account without interacting victim with a Facebook application, was reported by White Hat Hacker “Nir Goldshlager”. After its happening Facebook security team identified the problem using some minor modifications.
Yesterday Goldshlager again own Facebook OAuth mechanism by bypassing all those small changes made by Facebook Team. He explains the entire Saga Facebook bug hunting in a blog post.
As explained earlier in security news, OAuth URL contains two parameters, namely redirect_uri & next, and using Regex Protection (% 23xxx!,% 23/xxx, /) Facebook team tried to ensure that after the last patch.
In recent discovered technique hacker found that the following parameter facebook.facebook.com domain as a valid option and multiple hash signs is enough to protect Regex to circumvent.
He used facebook.com / l.php file (used by Facebook for users to redirect to external links) for victims to lead to his malicious Facebook application and then to his own server for storing token values, where tokens are alternative access to any Facebook account without a password.
But a warning while redirecting ruin the show! Do not worry, he found that 5 bytes of data in the redirection URL is able to bypass this warning.
Example: https://www.facebook.com/l/goldy;touch.facebook.com/apps/sdfsdsdsgs
(where ‘Goldy’ is the 5 bytes of data used).
Now the last step, he Redirected the victim to external websites located in files.nirgoldshlager.com (attacker server) via malicious Facebook app created by him and the victim’s access_token will be logged. So here we have the final POC that each can hack Facebook account using another Facebook OAuth bug.
This bug is already reported to Facebook Security Team last week by Nir Goldshlager and patched now, But Hacker are still expected to hack into it.
Logic bomb, Trojan horses & Trap doors – Programmer’s getaways
Many enterprise level companies always remain conscious about their data privacy and its movements around their employees and customers. To overcome on this insecurity they usually prefer to develop their own programs and applications instead of acquiring third party vendors’ applications. That’s where the Programming comes in.
It is very rare that 8 out of 10 programmers plant Logic bombs and Trap-doors in their applications. The first case of data leakage via logic bombs was recorded in September 1987. A programmer named Donald Burleson was working in Fort Worth based insurance Company; he was fired allegedly being quarrelsome and difficult to work with. After his termination, huge of confidential data was erased from the company’s backup storage and leaked all over.
Let’s assume that Bob is a programmer who has made data management software for XYZ Company and the company has not yet done software maintenance, now if Bob would plant a logic bomb in the code of software, he can easily steal data that is being transferred or he can even make the software self-destruct at some point.
Trap doors are similar to logic bombs only they are in the code and can perform limited functions. Let’s assume another example XYZ company has provided premium software to its clients if someone tries to crack the software or modify its code then software automatically gets deleted.
A Trojan horse is not a program or a coded file but instead it is a malicious code which can be attached with any program for different purposes. A Trojan can include a key logger within it. It is also malfunction programs and also the OS to do certain unintended functions but its basic function is to multiply and increase disk space usage thus slowing down the processor and ultimately crashing the computer. For making Trojans you are not supposed to be professional programmer you just need to have some basic knowledge about C language or Visual Basic and you can easily make one. Additionally, Trojan’s signatures can easily be altered that is why it is so hard for antivirus programs to detect.
The threat of Trojans has been ever-growing and at the most we can do is increase the efficiency of our Anti-Trojan software in order to reduce their effect.
PCI DSS & Cloud Computing
The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures to protect credit, debit and cash card transactions of cardholders against misuse of their personal credentials. Managing and maintaining compliance with the PCI DSS requirements when moving to a cloud computing service can be tricky, but organizations can continue to meet the PCI DSS requirements through careful analysis and strategic planning.
Cloud computing provides a model for enabling on-demand network access to a shared pool of computing resources such as servers, network, storage, applications, and services. Cloud computing can be used to provide clients with access to the latest technologies without a costly investment in hardware and software. Cloud computing therefore holds significant potential to help organizations reduce IT complexity and costs, while increasing agility.
PCI participating organizations selected cloud computing as an important area to address through the SIG process. More than 100 international organizations banks, traders, safety assessors and technology providers together with this guidance intended to identify the companies and addressing security issues for different cloud models, and understand their PCI DSS responsibilities in the implementation of this solution.
One of the major functions of this supplement is that it is clearly the responsibility for the safety of the cloud provider and cloud customer decides. With PCI DSS as the foundation, this guide provides an excellent roadmap to create a secure stance both private and public cloud.
The supplement provides guidance on the following primary areas and objectives:
Cloud Overview : provides an explanation of common commitment and service models for cloud environments, including how implementations may vary within the different types.
PCI DSS considerations: provides guidelines and examples to determine responsibilities for the individual PCI DSS requirements, and includes segmentation and scoping considerations.
Additional Security Anticipations: it also explores a number of business and technical security considerations for using cloud technologies.
Cloud Provider: it outlines the roles and responsibilities of the various cloud models and advice on how to determine and document the responsibilities.
PCI DSS compliance challenges: illustrates some of the challenges associated with validating PCI DSS compliance in a cloud environment.
The document also includes a number of attachments to specific PCI DSS requirements and deployment scenarios, including: additional considerations to determine PCI DSS responsibilities among different cloud service models, sample system inventory for cloud computing environments, sample matrix for documenting how PCI DSS responsibilities allocated between cloud provider and customer, and a starting set of questions that may help determine how PCI DSS requirements can be met in a particular cloud environment.
The information supplement can be found here.
Social Engineering – Defend your network against Social Engineers
Social Engineering means to scam someone into revealing confidential information about them which is then used by these ‘engineers’ for their advantage.At a fundamental level, social engineers have them same goals as a regular hacker, even though their modus operandi i.e. Mode of operation is very different. Unlike hackers who will usually rely on technical hacking techniques to steal information, social engineers do the same by exploiting human behavior. They will often pose as professionals and engage the targeted person in a scenario that will usually convince him to divulge sensitive information even without his knowledge.
Social engineers today are coming up increasingly innovative tricks and hacks to steal sensitive information from your computer without you even knowing. As a consequence, it’s become very important for you to know how to defend yourself against this new scam. The following tips should help you protect yourself and your network against them.
So, here goes:
Skepticism is Healthy: No information without verification! Do not provide any personal or confidential information over phone, text, or internet to anyone unless you can verify who that person is and that person actually has a legitimate need for the said information. Employees are often scammed into revealing sensitive information by social engineers who pretend to IT professionals from the same company. Dispose of any sensitive documents with shredders, keep your computer protected with anti-virus programs, and most importantly of all, don’t be gullible and thus get tricked into sharing confidential information. Remember that skepticism is a good thing.
Check your Status: There are plenty of security agencies that companies and individual contract just to protect them against the threat of social engineering. These agencies can gauge how vulnerable your network or organization is to social engineering attack. This can often be a wake-up call for many companies as well as individuals.
No ‘Phishy’ business: ‘Phishing’ is a very popular method of social engineering. E-mails requesting personal information is sent to people from seemingly legitimate sources (banks, financial organizations etc.) To inspire confidence and create a sense of false security. Sometimes these e-mails redirect people to fake websites that closely resemble the original and then proceed to extract personal data. ‘Pharming’ is another such method that redirects people to fake websites nearly identical to the legitimate one they are trying to access. There are several security software programs that combat Phishing and pharming. But make sure your network’s employees are security conscious and aware of such scams because there is no substitute for being plain vigilant.
Use the right software: Firewalls and anti-virus programs are very important for any net
work to use for obvious reasons. But these days content filtering systems and programs are becoming increasingly popular. They increase online security by blocking malicious websites and prevent users to becoming prey to phishing and pharming. In addition to this, you should never forget to keep your system software up to date. Patches and updates often fix security loopholes.
Security Awareness: A culture of security awareness can go a long way and it is of the utmost importance in any organization or company or network. Most people do not fall prey to such attacks intentionally. Both executives and employees should be imparted basic security training to enable them to protect confidential data. In fact, executives are more vulnerable because they have a relative lax attitude towards security protocols. Implement basic security measures to protect confidential data like classification of sensitive information and two-factor authentication for sensitive data. This can help make your network nearly impermeable.
Five steps to reduce Data Privacy Threats
Every day Google comes across more than 9,000 new malicious websites, Google then sends violation reports to the webmasters. However, these malicious websites are just one of the major destructive threatening data privacy. Here we would discuss five necessary steps to reduce data privacy threats:
Privacy Policy:
Creating and implementing a strong privacy policy in place, can best help in reducing these threats. An up to date policy clearly defines organization’s expectations and provide directions to employees. As new threats and best practices identified, the plan should be updated and training session should be organized to educate employees about data privacy risks and privacy maintenance of the organization and client data as well.
Real-time Protection:
Hackers always hit your personal property, information and devices without anyone knowing until it is too late. So place some detection controls to trap hacker before they attack web application essential.
User Device Management:
Organizational information used to access by many employees through multiple devices such as laptops, tablets, Smartphone and removable media every day. In case any device got shared or lost by any employee, the data privacy would definitely be compromised. So, it’s very necessary to manage not just all devices but password protection, data encryption and antivirus updating.
Social Media Threats:
Social Media is the biggest threat to organizations now days, employees often forget to be careful while surfing social media sites such as Twitter and Facebook. They shouldn’t let their guard down and to be very careful about the spam available on those sites. To reduce this threat employees should be warned from downloading third-party apps, advised to never to click on suspicious links, since these often contain malicious content capable of harming computers and stealing login credentials. Some organizations restrict their employees from using social networks in order to reduce risk to their network.
Look out of the box:
Few threats are obvious to be appearing and overlooked easily. It is necessary to assure employee devices conducting the automatic update, web browsers are latest, operating systems, and security software is installed. Also make sure to disable network access when a device compromised so that it doesn’t spread malicious content to other devices. Last but not least, monitor outbound traffic, since employees may intentionally or unintentionally send an email attachment containing sensitive information to an unauthorized person.
CPTE & CISSO Training event going to be held in Dubai
The world most demanded IT security certifications CPTE & CISSO training event going to be held in Dubai – UAE in next month. CPTE and CISSO are globally recognized IT security certifications governed by Mile2 (The world foremost name in IT security education). With raise in demand of both certifications, Mile2 is going to organize this biggest event to benefit Dubai – UAE individuals and professionals. Mile2 MDE Mr. Fadi J. Salsa will be leading this event.
Mile2 is a globally renowned IT Security Organization that focuses on security training for national and corporate entities who understand the value of “knowing your enemy.” By training businesses and organizations to think like an attacker, their intellectual property and data remains secure. To know more log on to http://www.mile2.com/
CPTE – Certified Penetration Testing Engineer
CISSO – Certified Information Systems Security Officer
Trainings Date:
CPTE on 17th Feb 2013
CISSO on 24th Feb 2013
CPTE Course Description:
Certified Penetration Testing Engineer provide you real world security knowledge that will enable you to recognize vulnerabilities, exploit system weaknesses, and help safeguard threats. Graduates will learn the art of Ethical Hacking with a professional edge (Penetration Testing). The CPTE presents information based on the 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. The latest vulnerabilities will be discovered using these tried and true techniques.
This course also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. You can find the complete course detail here: http://mile2.com/penetration-testing-ethical-hacking/cpte.html
CISSO Course Description:
The Certified Information Systems Security Officer training and certification program prepares and certifies individuals to analyze an organization’s information security threats and risks, and design a security program to mitigate these risks.
Although, The C)ISSO program is closely aligned with both the CISM** and Certified Information Systems Security Professional exam objectives, but it excels by providing 19 critical modules necessary to make an IS manager proficient in risk analysis, risk mitigation, IT governance, company security strategy, security management & architecture, application security, network security, operations security and business continuity. For further detail please visit: http://mile2.com/general-security-courses/cisso-mile2-cissp-training.html
Who should attend:
These courses will significantly benefit security officers, Penetration Testers, IT security professionals, network administrators, Ethical hackers, and anyone who is concerned about the integrity of their network infrastructure.
Training Objectives:
To prepare individuals/professionals to gain opportunity to be a part of information security world and attempt examination of both certifications. The successful achievement of these certifications will certified them and give them recognition in the whole IT security world.
Don’t miss your chance to gain advantage of this opportunity, reserve your seat now and get yourself certified.
For registration detail please contact :
Event Coordinator Miss Thikra Mustafa (tmustafa@bci.ps)
Or
Email at: consulting@groupbci.com
Keycard – The amazing Mac app that secure your computer automatically
No need to be worried, if you have left your Mac ‘ON’ in a hurry, it can be tedious to lock your PC so nobody can get advantage from it. To make locking system easier Appuous created Keycard application. Appuous (the software development company) introduces an innovative way to lock and unlock your Mac by using any iOS device.
Yesterday, Appuous released its first Mac application called ‘Keycard’ that enables you to pair your iPhone or any Bluetoeoth enabled device with your Mac to lock and unlock your PC. Keycard has magical detection system, it notifies you when you leave your desk or premises and automatically locks your PC to ensure its security, and when you come back it gets unlock for your access. With keycard you can have your own customized 4-digit code as fail-safe.
“In designing keycard, I was intended to create an app that would allow you to keep your computer secure without having to enter a password every time because it is very hard to remember dozen of passwords. That’s why I developed Keycard. It’s undoubtedly the easiest way to keep your Mac protected when you’re not around”, said by Austin Evers (Founder of Appuous).
You are not required to have any additional software for your iOS device, Keycard is all you need. It can be downloaded from the site https://itunes.apple.com/us/app/keycard/id578513438?ls=1&mt=12 just for $8.99.
Due to amazing auto locking and unlocking features, people calling it the best app of the year 2013 till now. However, we are looking forward to see more amazing apps in this year.
