Month: May 2010

“As a victim, you have to identify the IP address that is attacking you. For Tarpitting (a defence against HTTP-based DDOS attacks), set your TCP/IP window size to zero [which] means the attacker will keep resending un-acknowledged packets and will be stuck in a loop. The overall effect is that traffic reduces more using tarpits than if you drop it and don’t respond. “When we drop packets, the CPU load of the bot is constant and the bot can handle it.

He poured cold water on hype surrounding the use of peer-to-peer networks to control botnets, and said they are too difficult to control and fully decentralise. He said the infamous Storm botnet used peer-to-peer networks to connect nodes, as an “overlay”, but the coommand and control servers connected normally and were taken down. He said Google Groups and Twitter are often used to obfuscate botnets.

http://www.networkworld.com/news/2010/051810-auscert-2010-australia-protected-by.html?source=nww_rss

The report — by the University of Toronto’s Citizen Lab, the Ottawa-based think-tank SecDev Group and U.S. researchers from the Shadowserver Foundation — stressed that the federal government needs to take urgent action or risk being targeted by hackers who use social media, such as Twitter, to steal secret government or corporate information.

“In addition to being virtually unattributable, these remotely operated attacks offer a productive, secure and low-risk means to conduct espionage,” the CSIS briefing says.

Government officials have said they are working to develop a framework to deal with cyber-attacks — the federal government’s throne speech in March promised a cyber-security strategy. However, Canada still has no official plan for responding to a co-ordinated cyber-attack. “Canada is without a plan and we have a government that has given us little more than words.

Canada dependent Ron Deibert, director of the Citizen Lab at the University of Toronto’s Munk Centre, said Canada needs a “coherent, comprehensive strategy” on cyberspace, given how dependent Canadians are on telecommunications. “We’re a large landmass with a population spread across the country,” he said.

http://www.cbc.ca/canada/story/2010/05/17/cyber-security-hack-csis.html

Other foundational members of the Cloud Commons initiative include: Carnegie Mellon University, TM Forum, Red Hat and Insight Investments, which is hosting the site.

“Demand for cloud services holds significant potential for the technology and communications industries, but many barriers still exist to widespread adoption at an enterprise level,” said Martin Creaner, president, TM Forum.

This marketplace is expected to include vendor service ratings to enable participants to compare service options.

“Today, there is no comprehensive, unbiased source that solicits and aggregates the most current and relevant knowledge about cloud computing and the accumulated, actual experiences that organizations are having with the cloud,” said David Hodgson, senior vice president of the Cloud Products & Solutions business line at CA Technologies.

New products:

* CA Cloud Insight, which gives customers a way of assessing their cloud for what applications are in use, as well as any rogue applications that are in use.

* CA Cloud Optimize, which will help customers make use of the SMI and information from the Cloud Commons Web site.

* CA Cloud Orchestrate, which will provide workflow control based on information from Cloud Insight, Cloud Compose, Cloud Optimize and Cloud Commons.

Both CA Cloud Insight and CA Cloud Compose will go on sale at the end of the year; CA Cloud Optimize and CA Cloud Orchestrate will go on sale next year.

http://it.tmcnet.com/topics/it/articles/85530-new-cloud-commons-community-helps-it-pros-learn.htm
http://news.google.com/news/url?sa=t&ct2=us%2F0_0_s_0_3_aa&ct3=MAA4AEgAUANqAnVz&usg=AFQjCNEuRD_GU4miOEtyqGCNhvIc3H7QMg&cid=8797540854095&ei=8RrzS_jSAc6clQfAt6_nAQ&rt=SEARCH&vm=STANDARD&url=http%3A%2F%2Fgcn.com%2Farticles%2F2010%2F05%2F18%2Fca-unveils-new-name-and-cloud-products.aspx

“Over the years, you can spend millions of dollars protecting your network, but [many organizations] are leaving the front door wide open. They are missing huge gaping holes” in their physical security of the data center, says Jones, who will discuss his findings at the conference today in Sao Paulo, Brazil.

“These are the top ways we get in.”

One of the flaws in the physical design of most data centers is their drop ceilings and raised floors, Jones says. “The walls don’t go all the way up [to the ceiling] or down [to the floor],” he says. The drop ceiling leaves a void for an intruder to remove a ceiling tile from a nearby area and then crawl to the data center from above it. “You can crawl down carefully to where you need to drop down,” Jones says.

And raised floors — built for cabling and cooling purposes — can also be physically exploited, he says. “With a raised floor, there’s a gap between the installed floor and the concrete bottom of the building,” he says. Jones says crawling in via ceiling tiles or through raised floor gaps are easy ways to get inside without getting noticed or doing any damage to the structure. “I’ve seen employees take advantages of these weaknesses” for things like going back to get keys they left in the office, he says.

The best fix is to fill those gaps with sheet rock, he says. Some organizations opt to lay metal fencing or chicken wire there as well, but Jones acknowledges that a determined intruder could merely cut the wire and gain entry into the data center.

Social engineering expert and penetration tester Steve Stasiukonis, founder and vice president of Secure Network Inc., says these gaps are “brilliant” ways to get inside the data center. If there’s sheetrock in the way, he says, it’s easy to cut a hole in it and squeeze inside. “A lot of government facilities have a ‘code of silence room’ [where] they have to make sure the sheetrock goes to the roof and there’s a barrier so no one can climb over the ceiling tiles,” says Stasiukonis, who doesn’t perform any carpentry-type breaches on behalf of his clients because it’s too destructive to the data center environment.

Another common physical weakness in the data center is the door lock: Jones says he sees many weak locks and unprotected door latches at the data center threshold. “Most data centers have cheap, regular key locks on their doors,” he says. He says his team sometimes installs small wireless cameras you can purchase from a spy shop that snoops on keyed-entry doors to learn the code when someone enters the data center. Proximity access keys are best, according to Stasiukonis, because they also authenticate the user who enters the data center and provides an audit trail of the person’s comings and goings.

Jones and Stasiukonis both swear by “tailgating” as a foolproof way to get into the building — or even the data center — via legitimate employees. The only ways to mitigate this type of unauthorized entry is to have either turnstile-based badge entry, where only one person can get in at a time and with a badge, or with some sort of rotating door, he says.

If the company loses a lot of money [due to an intrusion], they might not have a job anymore,” Jones says.

Then there’s the classic social engineering ploy of posing as a technician, salesperson, cleaning crew, or contractor as a way to gain entry into the building without raising suspicion or being questioned. “It shouldn’t cost any extra money for the contractor to fix it.

http://www.darkreading.com/database_security/security/management/showArticle.jhtml?articleID=224900081&cid=RSSfeed