“SQL Injection – TEN years old, but today we still have more than one million websites with this vulnerability”
BIG Data is the real 2013 buzzword. G-zuz.
The Tenable View. Free Webinar
Subject of the last week, still echoing around, could not be other than the internet war between spam fighters Spamhaus and spam criminals, mainly hosted at CyberBunker. Huge loads of data being created and sent with one single objective: disrupt a company’s service.
They really made all the efforts to explain how they are able to defend clients using cloud-multi-routing-anycast concepts and how our connected lives have been in danger during all these days.
The Attack – according to CloudFlare
One thing is: they really managed to protect Spamhaus.
But, in the other hand, the “biggest attack of all internet history” only truly affected their client, not the Internet, not the Matrix, nor the City of Machines or all existence, as their blog announces.
Gizmodo published one of the first “hold your horses” statements with other side of the story, on Thursday.
We also had Bill Brenner saying pretty much the same thing, one day later.
Being able to browse internet using South and North American internet networks during all those days, and not feeling a single problem, I couldn’t agree more with them.
The Attack – according to the rest of internet
In the end, what I really enjoyed was the amount of thoughts, tips, documents, and incident response discussions at forums that took place.
I’ve been trying to get together all valuable stuff derived from these debates to post here as future reference.
My intention is to concentrate good information and guides I saw around, new or old, but relevant to this kind of attack, from monitoring to response, prevention, preparation and so on.
Details about DDoS attacks, if you never read anything about it.
The definition of IXP, where secondary waves took place.
CloudFlare explains DNS Amplification attacks.
Real-time info about problems:
- Akamai real-time monitoring center – http://www.akamai.com/html/technology/dataviz1.html
- Internet Health Reports – http://www.internethealthreport.com/Main.aspx?Period=RH24
Protection tools and configurations:
BCP38 against some DDoS attacks using Spoofing techniques
- IETF’s Preventing Use of Recursive Nameservers in Reflector Attacks
- Protecting DNS Servers from dangerous BINDs
- Cloudshield quick tips to limit DNS exposure
Incident Response preparation guides:
- Societe Generale’s CSIRT Cheat Sheet
- D/DoS Incident Response Plan/Runbook (docx format)
- Radware ‘survival’ ‘handbook’ – Ok, you can’t use that to survive, but it has good historical information and a sample of an IT admin diary during his first experience with a similar problem. Too bad he ends that experience suddenly.
This is a work in progress! If you have good reading on this subject to suggest, send me a comment!
“Cisco TechWise TV – Data Center Security” highlights
- IPv6 – is the future
- Cloud – is happening
- Security must be enabled in every Cisco SW, HW and ASIC component (architecture)
- Cisco Security budget for research – more than CheckPoint + Juniper + HP
- Cloud Security integration
- TrustSec embedded – when you ‘enter’ you are tagged and this tag will be with you once you reach inner layers
- ASA multiscale, multiplied in clusters.
- A single appliance is already reaching 40Gbps on FIREWALL and 10Gbps on IPS inspection.
- High Availability is now session-based. Not chassi-based anymore.
IPS 4510 / 4520
- Signatures updated 2x a week + reputation every 15 minutes from SIO
- Cisco still view IPS as a bastion host
Multiple Form Factors for ASA
- Blades (up to four blades per 6500 catalyst chassis)
- Virtuals (ASA 1000V supports vMotions)
- 70% of Internet infra is Cisco-based
- Same base code for all ASAs
Cloud Web Security
- Must follow employee whatever he/she is.
- Security must be invisible. If users realize it’s there, that’s not good for security teams.
Business class email security
- Encrypts the message once it has a confidential label after passing the border.
- Even if it was sent from an android phone.