David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger.
DDoS attacks have become commonplace these days. The offending attackers may be hacktivists, cyber-criminals, and nation states or just about anyone else with an Internet grudge and a PayPal or Bitcoin account. These attacks themselves often require no technical skill. Someone with a bone to pick can simply purchase the use of any number of nodes on one or more botnets for an hourly fee (long term rate discounts available); use a Graphical User Interface (GUI) to organize the attack and then launch it.read more
As companies accelerate their adoption of cloud technologies – like infrastructure as a service (IaaS) or software as a service (SaaS) – the need for solutions that provide secure access and reliable operations in the cloud increase in importance. Since your data will now reside in several different facilities, with different providers or partners, you now have a new “security perimeter” to monitor and defend. As such, the need to closely evaluate how cloud-based data is protected should be part of the overall security strategy. A top area of concern is defending applications from distributed-denial-of-service (DDoS) attacks.read more
Recently, I wrote an article for Help Net Security to discuss the modus operandi of cybercriminals and how this can lead to different types of cyber attacks. While we have previously encountered huge distributed denial of service (DDoS) attacks that appear to come from nowhere and flood the victim’s network security, we have begun to see much more stealth and more sophisticated attacks causing just as much, if not more, damage.read more
Does mobile mean a handheld device in today’s world? Not necessarily. The term ‘mobile’ often applies to a phone or even a laptop computer, but in my opinion the definition is changing. Mobile is no longer something you carry, but rather somewhere. The place that you access your systems and the Internet (which is not from an internally managed LAN and doesn’t include a PC on the other end), this is mobile. And this broader category can extend to devices such as Internet accessible cars and the ‘things’ of the Internet-of-Things (IoT) – TVs, gaming consoles, fancy refrigerators.read more
The effectiveness of DNS Reflective attacks over the past two years has raised the popularity of other reflective attacks, such as CHARGEN and Network Time Protocol (NTP) attacks. In the case of CHARGEN attacks, service is spoofed into sending data from one service on one computer to another service on another computer creating an infinite loop that results in a denial of service attack. Similarly with NTP attacks, an attacker sends a specially crafted query that ultimately redirects large volumes of traffic. The traffic is sent with a spoofed source address with the intention of having the NTP servers return responses to the spoofed address.read more