5G Mobile Security Challenge

September 29, 2016 — by David Bachar0


A few months ago, I attended the 5G World Congress and listened to discussions around the many challenges and technical requirements facing 5G technology.

The questions everyone wants solved are:

  • Which services actually require 5G access technology? What types of content demand the fastest service? According to lectures delivered by leading mobile service providers such as DoCoMo and KT, 5G networks need to deliver higher date rates to support applications such as 3D hologram video, VR and live broadcast.
  • How will the networks support the exponential growth of end-devices requiring service brought about by IoT? As IoT end devices are carrying different ARPU models, 5G should address this challenge in improved cost per bit technology.
  • What is the best way to support critical services such as voice, and how to build private networks (e.g. for connected antonyms driving cars) with zero latency and improved QoS, avoiding outages?

As 5G will be commercially launched only during the 2020 Tokyo Olympic games, it was agreed that the road to 5G will be via GIGA LTE that delivers 1Gbps data rates already.


Public Education Around Cyber Security

September 28, 2016 — by Paul Coates1


Australia’s Prime Minister Malcolm Turnbull recently raised the issue of cyber security education during a Washington D.C. speech. The intention behind such a sentiment is a good one. Teaching cyber security to the public, and making it a part of the education curriculum is essentially a public safety lesson akin to ‘Don’t Do Drugs,’ ‘Don’t Talk To Strangers’, and ‘Be Alert And Aware Of Your Surroundings.’

However, as a society we are at a crossroads where our children have vastly more knowledge of the cyber landscape than adults. Teachers still struggle with computer basics while students are hacking the schools’ computer systems to change their grades, create DDoS attacks on the day of critical testing, and worse.


5 Recipes For How to Design a Resilient Cyber-Attack Environment

September 27, 2016 — by Carl Herberger0


1. Focus on availability-security

Latency is a high focus for these folks.  Most just focus on confidentiality and integrity-based security models. All three aspects need to be focused on to ensure comprehensive security.

2. Understand the value & meaning of architecture as it relates to attacks

  • Placement of technology devices in the environment is key
  • Types of technologies leveraged (e.g. leveraging UDP, CDN, stateful devices, etc.)
  • Know the limitations of business-logic decisions — RFC and ISO compliancy may be, ironically, in the end a known vulnerability (e.g. leveraging RFC compliant web applications)
  • Deployment of 80% of known technical and operational controls is no longer adequate. A process must be in place to be able to technically and operationally lock down your environment during a cyber-attack 100%.
  • Not relying on a single point of security technology to do the entire job (e.g. security in-depth)
  • Use of encrypted technologies (e.g. SSL / TLS)


Thoughts on Modern Day Password Management

September 23, 2016 — by Carl Herberger0


Will we always be talking about Proper Password Management?

In light of the recent compromises to Yahoo, I thought I would change gears a little from my normal blog focus and spend a moment on the topic of “what enterprises could be doing to better protect passwords from hackers.”

Today, the password problem has changed a bit to take on a new slant for a security professional, while the business problem remains constant.

Cloud SecuritySecurity

9 Ways to Ensure Cloud Security

September 22, 2016 — by Radware0


Whether you’ve migrated some or all of your infrastructure to the cloud, or are still considering the move, you should be thinking about security. Too often, organizations assume a certain level of protection from a cloud service provider and don’t take steps to ensure applications and data are just as safe as those housed in the data center.

The sheer range of cloud technology has generated an array of new security challenges. From reconciling security policies across hybrid environments to keeping a wary eye on cloud co-tenants, there is no shortage of concerns. An increasingly complex attack landscape only complicates matters and requires security systems that are vigilant and able to adapt. Here are nine tips to consider before, during, and after a cloud migration to stay ahead of the curve when evaluating security solutions for your cloud service.


Ask Yourself: Do I Need an Emergency Response Plan? WHY?

September 21, 2016 — by Ben Zilberman0


Like the old words of wisdom “______ happens” (or simply, incidents occur), this is a fact of life. There are troubles you know you’re going to get into and others which you can’t anticipate. However, you can be prepared for each of them. And it is worth doing so, because when incidents occur we go through several psychological phases that affect our decision-making and ability to cope.

Let’s discuss a few angles that will help you get a notion of whether you need a cyber-security Emergency Response (ER) plan or not, or evaluate the one you already have in place. We will cover the Incident, the Response and the Team.

Attack Types & VectorsDDoSSecuritySSL

What are the implications of the crackdown on popular DDoSaaS site VDoS?

September 16, 2016 — by Carl Herberger0


The alleged creators of the popular VDoS website were arrested by Israeli authorities at the behest of the FBI on Thursday (September 8th). The 4-year-old site provided attack-for-hire services that helped its customers orchestrate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to take websites offline, and earned approximately $300,000 per year.

It is simply frightening that a 14-year-old child can build, maintain and earn hundreds of thousands of dollars a year and amass an estimated $1M after four years of operating a DDoS service before being stopped at the age of 18.

Application DeliverySecurity

Security Threats Are Like a Box of Chocolates

September 14, 2016 — by Frank Yue2


You never know what you are going to get when you take something from a box of chocolates. I can guarantee you that sometimes you will get one that you like, and other times, well, you know. When I was younger, my mom used to pick up a chocolate and poke through the bottom of it to see what was inside. If she didn’t like it, she would put it back in the box for someone else (read: the kids) to eat.

Managing security on the network is very similar. There are many different types of attacks and it is important to have security solutions that can manage as many as possible. Some of the attacks are easy to identify and mitigate, while others are less appetizing to deal with. Different attack types need to be detected and mitigated. Like my mom, some attacks are better suited to be identified in one location and mitigated (eaten) in another.

Attack Types & VectorsDDoSSecurity

As Cyber Security Programs Lose Their Moorings to Ransom-DoS: Radware Introduces the Ultimate Guide to Cyber Ransom

September 14, 2016 — by Carl Herberger0


The Growing Threat of Ransomware and RDoS—and What to Do About It

Welcome to the world of cyber ransom—one of the fastest-growing security concerns around the globe. Other types of attacks, such as Advanced Persistent Threats or Multi-Layer Attacks, take a long time to defend against or even to detect. By contrast, ransomware and RDoS threats shout, “I’m an attack and I’m right here!” You then have 24 to 48 hours to pay the ransom or suffer the loss. At its root, the concept is hardly novel; blackmail has been around for ages. Today it has morphed into some decidedly modern and malicious varieties:


From Underestimating to Unplugging: Government Attitudes and Strategies on Cyber Security

September 8, 2016 — by Ben Desjardins0


Many years ago when Distributed Denial of Service (DDoS) attacks were becoming a more common problem, I had a meeting with a government agency (not to be named here). The discussion was broad in terms of challenges they faced around cyber security, but it was their response to how they handled DDoS attacks that stuck out more than any part of the meeting. “Oh, we just shut down the servers that are being attacked until the attack subsides,” was their input on DDoS defense strategy. Now, to be fair, this was in the early days of advanced thinking on DDoS defense, and also in the context of a broader climate where the view was if there’s a DDoS attack going on, it might signal an attempt to breach data from the server so best to lose availability than lose data confidentiality.

Times have changed since then and most any government agency now has to more evenly balance the availability threats with those targeting data confidentiality or integrity. Indeed, a few recent situations have highlighted the impacts of a loss of availability and the constituent reaction to security strategies that don’t effectively balance staying connected with staying secure.