Get Started in the Security Industry

  Get started in the Security Industry, What are my first steps? If you are reading this, you are doing the right type of security digging. You are looking for ways to get started in the security industry. You have a desire to dive deep in the security world. Welcome to the world of chaos,

What can Enterprises do to protect against BGP Hijacks?

Yes, you can minimize the risk to BGP Hijacks. All enterprises around the world need to have a conversation around BGP Hijacks. We see security news around malware, phishing ransomware, DOS attacks, breaches, and range of other attacks. What we do not see is conversations around BGP Hijacks. A BGP Hijack can happen on one

Three questions every CxO should ask their ISP

Here is a question for all the CxOs. Why, as an accountable CxO, are you not asking your ISPs for the security basics? This week, the industry has yet another reflection amplification Denial of Service Attack vulnerability. memcached on port 11211 UDP & TCP being exploited walks through the details of this week’s attack vector. As seen in Akamai

memcached on port 11211 UDP & TCP being exploited

  TLP:WHITE UPDATE: As of 2018-03-17 ( Morning Update), more attack using the memcached reflection vector have been unleashed on the Internet. As shared by  Akamai Technologies “memcached-fueled 1.3 Tbps Attacks,” the application factors are “Internet Impacting.” Mitigation and Remediation Efforts are reducing the number of potential memcached reflectors. Please keep up the good work. Operators are asked

Preparing for DOS Attacks – the Essentials

Are you Prepared for your Next DoS Attack? Reporting DoS Attacks are the Key to Fighting Back!   A PDF copy of this paper can be downloaded here: [Download Reporting DoS Attacks] Don’t sit and be the victim of a DoS attack. Reporting DoS Attacks & Fighting Back against DoS attack require work before the

Remote Triggered Black Hole (RTBH) Filtering

  RTBH Fundamentals You have three choices when you stand in front of an on rushing force. You can push back directly against that force. You can step aside and let the force push past you. Or, you can redirect the force to a location that you choose. Now think of that “force” in the

CLDAP Reflection Attacks are Increasing! Why? Preventable!!!

Yes, CLDAP Reflection Attacks are increasingly used in DOS attacks! Everyone was warned! We have lots of data which illustrated how CLDAP is being used for reflection DOS attacks. Now we have the news from Netlab 360 that CLDAP is now the #3 protocol used for DOS reflection attacks – CLDAP is Now the No.3

Is it time to build an “SP Anti-DOS Alliance?”

Is it time to build an “SP Anti-DOS Alliance” is the first of several blogs. It will be a brain dump of what collaborative actions have and has not been working within the industry. Last week, I posted a Linkedin update on the Operator’s Security Toolkit. A long term colleague, Eddie Chan,  pointed out the

The Practical Security Checklist – Part 2.1

This is part “2.1” of a multipart post to help organizations take security action. Stay tuned for next week’s practical security checklist item. Board members, CxOs, and professionals are saturated with security advice. This security advice is often confusing, contradictory, and always biased toward “buying something.” “Good security advice saturation” results in paralysis of action.

Understanding “DDOS”

In the operational security community, Distributed Denial of Service (DDOS) is the “gun” used in extortion. Extortion is a human crime – where one group (or individual) preys on another. We mitigate extortion through civic society’s rules (laws) and enforcement (justice system). This dual system of laws and enforcement is further reinforced with education –