Version 1.0 It is time to prepare for Expected DoS Attacks. There is no perfect anti-DoS solution. But with forethought, planning, coordination, and practice any organization minimizes the impact of the DoS attacks. What follows ten essential steps that have proven to help organizations prepare for DoS attacks. The fundamental principles you will find in
Using BGP FlowSpec to Push an ACL to the Edge of the Network, to Stop a DOS Attacks, and Build a DOS Response Architecture Version (0.7) FlowSpec provides large networks with an ability to push a layer 4 ACL rapidly to the edge of the network using the Network Layer Reachability Information (NRLI) expansion of
Protecting your Business, Customers, & the Internet from BGP Route Hijacking Chaos? (DRAFT – Version 0.11) The Internet is glued together with the Board Gateway Protocol (BGP). It may not be perceived as the “perfect” protocol, but it has delivered a transformative global network that spans the Internet and all telecommunications. It is stable, transparent,
How does any organization have a productive and meaningful security conversation? This guide offers a simple and meaningful security conversation guide. These conversations would help the organization determine the real security risk from their vendors. This is an updated version of a set of questions Operators (and vendors) can use to have these meaningful conversations.
RTBH Fundamentals You have three choices when you stand in front of an on rushing force. You can push back directly against that force. You can step aside and let the force push past you. Or, you can redirect the force to a location that you choose. Now think of that “force” in the
The community of open source threat intelligence feeds has grown over time. We have new sources being offered all the time. Many companies offer freemium services to entice the usage of their paid services. There are community projects which aggregate data from new sources of threat intelligence. We also have an emerging market of companies
Vendor Security – This document has been updated and maintained here: How to Demand Security from your Vendors Demand Security from your vendors! What security questions are you asking your vendors? The Bloomberg article, “How Russian Hackers Stole the Nasdaq,” is a sobering insight into today’s risk. It should be a wake-up call for all organizations in
It is time for a refresh of the SP Security materials used by many over the years. Back in 2002, several people in the emerging “Service Provider Security” field pulled together a list of top practices every Operator should deploy. These “NSP-SEC Top 10” techniques became the foundation of our toolkit that is used daily