Revised, Updated, and Enhance DDoS Resiliency Workshops for Today’s Internet In the late 1990s, several people started teaching ISPs how to protect their networks from attack. These early “DDoS Resiliency Workshops” evolved in a consistent theme and method that eventually curated best common practices for DDoS resiliency. Unfortunately, the threats from attacks to Communications Services
Category: Operator’s Security Toolkit
Bad Guys are Scanning Your Network!
Bad guys are scanning your network. They are finding all the vulnerabilities exposed to the Internet. The vulnerable systems, critical devices, and other ways to break into your network. When ransomware, malware, botnets, and other break-ins happen, people wonder, “how did the threat actors find that service?” People thought that “if we don’t publish it, Read More
How do Security Experts surf the tidal wave of security news?
Have you ever wondered what security professionals review each day? How do they keep up with the security news? What sources do they use? If you are new to security, what sources shall you track? We are overwhelmed with a deluge of cybersecurity news. In essence, we’re surfing cybersecurity news trying to keep up and Read More
1 Yottabyte DDoS Attack – The Biggest DDoS Attack in History!
No, a yottabyte DDoS attack has not happened. Someday we will have a yottabyte DDoS, just not today. Tomorrow we will have another press release on “the largest DDoS attack ever.” Will that be important? No, bragging about the size of DDoS Attacks is a distraction to the realities of the Internet and the real Read More
“Backups” will not save you from a Ransomware Incident
“What do you mean the backups don’t work? I thought you said backups would save us from a Ransomware incident?” Good backups are the #1 recommendation you will see in all “Ransomware Defence” guides. We have a problem in the industry. These “ransomware guides” are written by people who have never lived through a major Read More
US Warns Ransomware Threats during Holidays – Whoops! Too Late
If you are reading about potential ransomware threats during the holidays, just know it is too late. By the time you get a call waking you up on a labor day holiday break, it would be too late to stop the ransomware threat. People forget that ransomware is the monetization network break-in. The THREAT is Read More
“Security” is always an afterthought in the C-suite
Get around “security is an afterthought” by rethinking security as part of the business resiliency architecture. Read More
Open SMTP (Email) Servers on Your Network
Do you know if you have open SMTP servers on your network? In May, Qualys released 21 vulnerabilities to Exim (see Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim). Exim is a popular Mail Transfer Agent (MTA) available on Unix operating systems and comes pre-installed on Linux distributions. The easy access and wide SMTP/Exim MTAs use Read More
Meaningful Security Conversations with your Vendors: Can vendors ever provide secure solutions?
It is critical to have meaningful security conversations with your vendors. Operators depend on their vendors to supply products and solutions that are secure. As all operators have experienced, “secure products” is almost always a vendor afterthought. This leads to an operational risk that in some cases turns deadly. In this session, we will explore
Protecting your Domain Names: Taking the First Steps
Protecting your domain names is often overlooked, ignored, and neglected. Everyone and everything on the Internet depends on the Domain Name System (DNS) being functional. The DNS has been a common vector for attacks in recent years. Attacking DNS will continue in the future. The 2019 DNSpionage Campaign and Sea Turtle attacks were wake calls