Realities of Today’s DDoS Security Risk

 Focusing on the lessons from the 2020 – 2021 DDoS Extortion Campaigns DDoS Extortion will not go away. It is a cyclical International crime that can only be stopped with the DDoS Extortionist are arrested. In 2020, organizations woke up to a new wave of DDoS Extortion activities. These attacks caught organizations with the DDoS

Securing Your Network Using Shadowserver’s Daily Network Reports

Securing your Network using Shadowserver Reports helps organizations learn about this unique public benefit tool.  What if there was a public benefit, free to use, security report that provided you a complete overview of your security risk? What if this tool allowed you to see what the bad guys are seeing on your network? What

Conference Talks, Workshops, and Webinars

Barry frequently presents at conference talks, workshops, and webinars. Barry enjoys working with peers to share, empower, and entertain with live interactive sessions. 40 years of public speaking experience is reflected in the list of talks below. Crafted conference talks tuned to the organizer’s audience. The general theme for all the talks is to help

DDoS Attack Preparation Workbook

Internet DDoS Attacks are a force of nature on the Internet. They are like earthquakes, hurricanes, floods, tornados, tsunamis, and all other disasters. Organizations need to prepare for a DDoS Attack the same way they prepare for severe weather and natural disasters. These guides have been crafted based on my personal experience (+25 years of

DDoS Extortionist’s Behaviors

Smart and prepared organizations use DDoS Extortionist’s Behaviors as a Defensive Tool. We have a long history of DDoS Extortionists. In the early 2000s, we had DDoS Extortionists who would threaten “gambling sites” with a DDoS Attack 30 minutes before a match. This crew was later tracked by law enforcement and arrested. DDoS Extortion has

Conficker Working Group – Archive of Materials

Conficker Still Survives! While public attention to Conficker has faded since the widely publicized April 1st, 2009 “attack date”, the fact is that a huge number of computer systems remain infected with Conficker. As recently as late October 2009, the number of systems infected with the A+B+C variants topped seven million. The Conficker Working Group

Expected DoS Attacks – 10 Steps to Prepare for the Pain

Version 1.0 It is time to prepare for Expected DoS Attacks. There is no perfect anti-DoS solution. But with forethought, planning, coordination, and practice any organization minimizes the impact of the DoS attacks. What follows ten essential steps that have proven to help organizations prepare for DoS attacks. The fundamental principles you will find in

FlowSpec – Using BGP for Rapid DOS Response

Using BGP FlowSpec to Push an ACL to the Edge of the Network, to Stop a DOS Attacks, and Build a DOS Response Architecture Version (0.7) FlowSpec provides large networks with an ability to push a layer 4 ACL rapidly to the edge of the network using the Network Layer Reachability Information (NRLI) expansion of

BGP Route Hijacks & Routing Mistakes – What can be done Today?

Protecting your Business, Customers, & the Internet from BGP Route Hijacking Chaos? (DRAFT – Version 0.11) The Internet is glued together with the Board Gateway Protocol (BGP). It may not be perceived as the “perfect” protocol, but it has delivered a transformative global network that spans the Internet and all telecommunications. It is stable, transparent,

Meaningful Security Conversations with your Vendors

How does any organization have productive and meaningful security conversations? This guide offers a simple and meaningful security conversation guide. These conversations would help the organization determine the real security risk from their vendors.  This is an updated version of a set of questions Operators (and vendors) can use to have these meaningful conversations.  With