traffic Archives - IT Security Guru

Netgear removes crypto keys hard-coded in routers

The Gurus — Tue, 14 Jun 2016 09:23:30 +0000

Qualys security researcher Mandar Jadhav has discovered two serious vulnerabilities in Netgear D6000 and D3600 modem routers, which can be exploited to gain access to the devices and to intercept traffic passing through them.
The vulnerabilities reside in the devices’ firmware, versions 1.0.0.47 and 1.0.0.49.
The first one (CVE-2015-8288) is due to the firmware containing a hard-coded RSA private key and a hard-coded X.509 certificate and key. An attacker that discovers this information can misuse it to gain administrator access to the device, implement man-in-the-middle attacks, or decrypt passively captured packets.

Original Source: Help Net Security
View the full story here.

The post Netgear removes crypto keys hard-coded in routers appeared first on IT Security Guru.

Has there been an increase in traffic this year?

The Gurus — Tue, 24 May 2016 09:13:00 +0000

The IT Security Guru has been lucky enough to be able to share a series of videos from the security specialists at AppRiver, award winning e-mail and web security solutions providers.
The videos will break down the findings from AppRiver’s Global Security Report, a quarterly study published by the company that explains the latest trends and threat actors they’ve seen as they carry out their work, securing millions of inboxes around the world.
This video explains what trends we can observe in traffic and what the security impacts are for netizens.
Tune in and join AppRiver as we share with you their expertise, gleaned from their unique position as heads of a global security operation. To find out more about their research and work, visit their website or give them a follow on twitter.

The post Has there been an increase in traffic this year? appeared first on IT Security Guru.

Customer Trust and Revenues are where DDoS hits hardest

The Gurus — Thu, 24 Mar 2016 11:45:16 +0000

Corero Network Security has unveiled research from this year’s RSA showing that the most damaging consequence of DDoS attacks is the loss of customer trust.
After polling tech decision makers at RSA, Corero also foud that 34% of respondents felt loss of revenue was the biggest threat.
Dave Larson, Coerero’s chief operating officer, informed us that ‘network or website service availability is crucial to ensure customer trust and satisfaction, and vital to acquire new customers in a highly competitive market. When an end user is denied access to Internet-facing applications or if latency issues obstruct the user experience, it immediately impacts the bottom line.’
DDoS attacks make the media regularly, but get much more attention when there’s actually a firewall failre or a service/website is fully derailed. However Corero’s recent research has found that that there’s been a huge increase in sub-saturation attacks – those which are part of alrge plan, designed to knock one particular aspect of a service or site down as other nefarious activities take place or intelligence is gathered on behalf of the attackers.
Larson noted that small DDoS attacks often escape the radar of traditional scrubbing solutions. Many organizations have no systems in place to monitor DDoS traffic, so they are not even aware that their networks are being attacked regularly.
‘Industry research, as well as our own detection technology, shows that cyber criminals are increasingly launching low-level, small DDoS attacks,’ said Larson. The problem with such attacks is two-fold: small, short-duration DDoS attacks still negatively impact network performance, and-more importantly, such attacks often act as a smokescreen for more malicious attacks. While the network security defenses are degraded, logging tools are overwhelmed and IT teams are distracted, the hackers may be exploiting other vulnerabilities and infecting the environment with various forms of malware.’
Corero also found that many companies rely on upstrea providers to eliminate the attacks, with 30% of respondents saying this was their technique for protection. 85% of those surveyed believe their upstream provider should offer this protection as a service to their subscribers – over half of respondents said they’d pay their provider for this as a premium service.
When looking at the current methods of handling the DDoS threat used by companies, nearly one third (30%) of respondents rely on traditional security infrastructure products (firewall, IPS, load balancers) to protect their businesses from DDoS attacks. ‘Those companies are very vulnerable to DDoS attacks because it’s well-documented that traditional security infrastructure products aren’t sufficient to mitigate DDoS attacks,’ said Larson.

The post Customer Trust and Revenues are where DDoS hits hardest appeared first on IT Security Guru.

Kurt Geiger Optimises E-commerce Operations and Global Website Experience with Splunk

The Gurus — Wed, 09 Mar 2016 10:58:57 +0000

European Footwear Giant Kurt Geiger Gains Real-Time Insights Into Website and Cloud Infrastructure
Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced that fashion footwear retailer Kurt Geiger relies on Splunk® Enterprise to support its growing e-commerce operations and improve the customer experience across its global websites. Splunk Enterprise helps Kurt Geiger to improve website uptime and deliver valuable insights across the business — including into its Amazon Web Services (AWS) cloud deployment. Learn more by reading the Kurt Geiger case study.
“Splunk Enterprise helps maintain the performance of KurtGeiger.com, which means our key digital revenue source keeps sales flowing,” said Adam Bidwell, e-commerce systems architect, Kurt Geiger. “Since deploying Splunk Enterprise, we are making more informed, proactive decisions instead of reacting to customer complaints when things go wrong. We are also starting to pull data in from all over the business and connect it together to map the customer journey both online and in-store.”
Monitoring web traffic means that Kurt Geiger’s e-commerce team can consistently deliver an optimum shopping experience, even during peak sales seasons such as the annual Black Friday surge. Traffic insights also help the team investigate malicious behavior and identify suspicious bot crawling activity. The team can drill down and act on anything unusual, protecting site uptime and customer experience. Since moving its website infrastructure to the cloud on AWS, Kurt Geiger has relied on Splunk Enterprise and the Splunk App for AWS to gain holistic visibility into the cloud environment and manage costs and activity more efficiently.
“A real-time understanding of online performance is vital for any modern retailer to better serve the customer and stay competitive,” said Shay Mowlem, vice president of product management and product marketing, Splunk. “By transforming the massive volumes of machine data that already exist within their business into useful insights, retailers can capture more revenue, improve the customer experience and mitigate security risks.”
Go to the Splunk website to learn more about Splunk Enterprise.

The post Kurt Geiger Optimises E-commerce Operations and Global Website Experience with Splunk appeared first on IT Security Guru.

US government's $6bn super firewall doesn't even monitor web traffic

The Gurus — Tue, 02 Feb 2016 10:11:41 +0000

The US government’s firewall, named Einstein, is not as smart as its name would suggest.
A report [PDF] by the General Accounting Office (GAO) into the National Cybersecurity Protection System (NCPS) has concluded that it is only “partially meeting its stated system objectives.” Which is a polite way of saying it sucks.
Among the extraordinary pieces of information to emerge are the fact that the system – which has cost $5.7bn to develop – does not monitor web traffic for malicious content, just email. It can’t uncover malware on a system and it doesn’t monitor cloud services either.

Original Source: The Register
View the full story here

The post US government's $6bn super firewall doesn't even monitor web traffic appeared first on IT Security Guru.

BBC, Trump web attacks "just the start," says hacktivist group

The Gurus — Mon, 04 Jan 2016 09:49:02 +0000

The group that claimed responsibility for taking down the BBC’s global website last week has said the attack was “just the start.”
On Saturday, a group calling itself New World Hacking also claimed responsibility for an attack that downed Republican presidential candidate Donald Trump’s campaign website for about an hour.
The cause of the attack was a massive distributed denial-of-service (DDoS) attack, which relies on pummeling a web server with so much traffic that it crumbles under the weight and stops responding.
DDoS attacks are widely used, and simple to carry out, often by online groups with the aim of bringing down websites for extended periods.

Original source: ZDNet
View the full story here

The post BBC, Trump web attacks "just the start," says hacktivist group appeared first on IT Security Guru.

Juniper's VPN security hole is proof that govt backdoors are bonkers

The Gurus — Wed, 23 Dec 2015 09:30:11 +0000

Juniper’s security nightmare gets worse and worse as experts comb the ScreenOS firmware in its old NetScreen firewalls.
Just before the weekend, the networking biz admitted there had been “unauthorized” changes to its software, allowing hackers to commandeer equipment and decrypt VPN traffic.
In response, Rapid7 reverse engineered the code, and found a hardwired password that allows anyone to log into the boxes as an administrator via SSH or Telnet.

Original Source: The Register
View the full story here

The post Juniper's VPN security hole is proof that govt backdoors are bonkers appeared first on IT Security Guru.

You’re the Weakest Link, Goodbye!

The Gurus — Thu, 26 Nov 2015 10:23:42 +0000

The use of third parties is unavoidable in today’s global economy. The growing use of third party suppliers and business partners, whilst bringing significant business advantages, also exposes organisations to substantial risk, such as financial loss, reputational damage, regulatory prosecution and fines from major breaches of security. In the last few years we’ve witnessed many of these risks being realised; examples have included major breaches of security and costs to recover escalating into millions of dollars, as a result of the third party supplier being comprised. Changes in regulation, the evolving threat landscape and policy changes globally further complicate matters, generating further risk and expense for business.
Despite considerable efforts from many industries to address these issues, it remains difficult to manage. As well as the risks described, companies perceived as the ‘weakest link’ in the supply chain could end up not having third party contracts renewed. These challenges are discussed in more detail, and some suggestions put forward to help tackle the increasing burden on teams and risk mitigation strategies.

VIEW IT HERE: https://www.brighttalk.com/webcast/11399/179581

The post You’re the Weakest Link, Goodbye! appeared first on IT Security Guru.

The Evolution of DDoS

The Gurus — Wed, 04 Nov 2015 17:11:48 +0000

By Dave Larson, Chief Technical Officer of Corero Network Security

The World Wide Web is only 25 years old, but it has overseen countless advances in the way it is written and manipulated. Look at DDoS attacks – once simple volumetric attacks have now become deceptive and capable of carrying out several functions at once. Yet responses to this threat have not enjoyed the same rapid developments. This article examines what ISPs and carriers can do to mitigate the threat, as well as analysing what approaches are on offer to technical staff fighting the cyber-criminals.
The evolution of DDoS
In the early days of DDoS attacks (c. 2000), DDoS mitigation technology utilized in the Service Provider industry focused on the ability to determine that a DDoS attack was occurring, simply by sampling edge routers and interrogating NetFlow records from those routers. As a result, an operator could see the increase in DDoS traffic but they had few if any defenses at their disposal to block the attacks. Without any true solutions available or in place, a network operator would first interpret that an attack was in progress, then manually inject a null-route – sometimes referred to as a black-hole route – into the routers at the edge of the service provider’s network, and block the attack. This null-route effectively blocked all attack traffic headed toward the intended victim.
However, this approach had negative connotations as well. Null-route injections also blocked all good traffic along with the bad. The target victim was taken completely offline by the null route and this actually perfected the attack by dropping all packets destined to the victim’s IP addresses. This approach provided a way of at least blunting the flow of the attack and served as a tool to eliminate the collateral damage to other customers or infrastructure as a result of the DDoS attack.
Fast forward several years and we find improvements to DDoS mitigation, and an evolution in protection techniques available to operators. It became clear that a null-route was not an approach that operators preferred to use. Instead of injecting a null-route when an operator observes a large spike, they were now able to inject a new route instead. By implementing a new route, operators could now gain the ability to redirect all traffic through an appliance or bank of appliances that inspected traffic and attempted to remove the DDoS attack traffic from the good user flows. This approach spawned the existence of DDoS scrubbing-centers and DDoS scrubbing-lanes that are commonly deployed today.
This DDoS scrubbing approach, while a significant improvement, still required a considerable amount of human intervention. A DDoS attack would have to be detected (again by analyzing NetFlow records) then an operator would have to determine the victim’s destination IP address(s). Once the victim was identified, a BGP route update would take place to inject a new route to redirect or “swing” the victim’s incoming traffic to a scrubbing lane. The appliances in the scrubbing lane would attempt to remove the DDoS traffic from the good traffic and forward it to the downstream customer. In order to forward the good traffic back to the original destination, in most cases an operator would also have to create a GRE tunnel from the scrubbing lane back to the customer’s border router. This approach represents a significant improvement over null-route solutions but it also introduces significant complexity to the carrier network topology and requires dedicated and costly security personnel in order to ensure proper execution.
Recently, the complexity of the DDoS challenge has been evolving and attacks have been increasing in size, sophistication and frequency. Additionally, as large network operators have succeeded and grown, the sheer size and scale of their infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for damaging and disruptive DDoS attacks. The combination of these trends is now driving the need for an even more sophisticated approach to DDoS mitigation that utilizes purpose-built technology to enable a better economic model for defeating these attacks and creating new revenue streams around clean-pipe services.
As we approach the modern day DDoS threat, with advanced mitigation techniques that have evolved over the last decade, innovative protection, sophisticated visibility and scalable deployment options are emerging. In-line deployments of mitigation technology at the Internet or transit and peering points offer much needed relief from the frequent and damaging attacks that providers are dealing with on a regular basis. Alternatively, many providers prefer a scrubbing-lane approach, but require enhanced visibility into the traffic patterns as well as the need to scale the scrubbing operation for increased bandwidth.
DDoS mitigation approaches and real-time threat responses
The weaknesses of old methods – being slow to react, expensive to maintain and unable to keep up with shifting and progressive threats – tell us that solutions appropriate for today need to be always-on and instantly reactive. It’s clear they also need to be adaptable and scalable so that defences can be quickly and affordably updated to respond to the future face of DDoS threats – whatever those may be.
The increasingly popular method of fulfilling these aims is dynamic, in-line DDoS mitigation bandwidth licensing. With this technique, an in-line DDoS mitigation engine is employed but the operator pays for only the bandwidth of attacks actually mitigated. The benefit of this approach is that it delivers full edge protection for locations in the network that are most affected by DDoS, at a fraction of the cost of traditional scrubbing centre solutions. The desirability of these tools is due to the fact that they can be constantly on, with no need for human intervention, and they provide non-stop threat visibility and network forensics.
Another aspect of effective DDoS mitigation is security event reporting. One of the Achilles heels of traditional DDoS scrubbing centre solutions is that they rely on coarse sampling of flows at the edge of the network to determine an attack is taking place. DDoS attackers are well aware of the shortcomings of this approach and have modified many of their techniques to ride under the radar, below the detection threshold, in order to evade ever being redirected to a scrubbing centre. Your security posture will only be as good as your ability visualize the security events in your environment, and a solution that relies on coarse sampling will be unable to even detect, let alone act on, the vast majority of the modern DDoS attack landscape. A robust modern DDoS solution will provide both instantaneous visibility into DDoS events as well as long-term trend analysis to identify adaptations in the DDoS landscape and deliver corresponding proactive detection and mitigation techniques.
New software and hardware makes real-time responses possible, mainly because the traffic from DDoS attacks generally forms a bell curve. The reason they behave this way is to elude the sample-based anomaly detectors that are supposed to spot and kill DDoS attacks. However the modern data analytics in newer solutions enables DDoS detection far before the system’s critical threshold is reached.
As a result, companies don’t have to accept DDoS as one of those risks that you just can’t avoid – either by paying for it themselves or asking for it from their service providers, they can now acquire the technology that will stop these attacks and prevent the costly downtime that they incur.

Visit Corero’s website for more information: www.corero.com

The post The Evolution of DDoS appeared first on IT Security Guru.

Anonymous Attacks Websites of Two Japanese Airports

The Gurus — Tue, 20 Oct 2015 09:21:40 +0000

Anonymous has launched DDoS attacks on two Japanese airport services’ websites as a protest against the dolphin hunting industry. Narita and Chubu, two airports in the east of Japan, found both their websites targeted.
No flights were affected, however the sites themselves were out of action for around 8 hours. The attack was part of a campaign known as #OpKillingBay, a campaign by Anonymous against the hunting of dolphins – an issue that also attracts dissent from animal rights groups, who cite the methods used as inhumane.

view full story here
SOURCE: Max Metzger, writing for SC Magazine

The post Anonymous Attacks Websites of Two Japanese Airports appeared first on IT Security Guru.