CERT- EE report: DDoS attacks, e- mail messages with forged sender address and defacements on 1-7 November 2013, aka #OpIndependence
|
|
- Derick Mathews
- 8 years ago
- Views:
Transcription
1 CERT- EE report: DDoS attacks, e- mail messages with forged sender address and defacements on 1-7 November 2013, aka #OpIndependence Introduction Chronology Scope and impact of incidents Attacks Recommendations Background information... 4 Conclusions... 4 Introduction At the beginning of November 2013 attackers hiding behind the mask of Anonymous Ukraine arranged a campaign called #OpIndependence at the same time as a NATO exercise. The attacks included DDoS attacks, defacements and the sending of forged messages in several European countries. The information systems of Estonian public institutions and businesses suffered no significant damage due to the attacks. The impact of the few hours of unavailability of the websites attacked was low. Recipients of the forged messages behaved responsively. The defacement case receiving wider attention once more stressed the importance of applying security patches to software. The conclusion drawn from the incidents is that implementing additional technical and organisational means must be considered, and not only by the institutions attacked. The lessons learned due to the incidents prove the need to renew agreements and collaboration procedures between public institutions and between recipients and providers of hosting services. 1. Chronology 0) Prologue: at an unspecified time a number of webpages were defaced in Ukraine, Russian compatriot portals and Poland, and a DoS attack against the European Investment Bank site was carried out. 1) A DoS attack against the kaitseministeerium.ee (Ministry of Defence) website was launched on at approximately The website of the Ministry of Defence failed to respond to the users requests during the attack. A message about the DoS attack was published on Twitter slightly before ten o clock. The posting referred to the information published on Pastebin, and the author of the posting used the name Anonymous Ukraine to hide his/her identity. Mass generation of TCP SYN sessions and HTTP GET requests were used during the attack, which lasted about 3 hours. 1
2 Activities The attack was detected by the Ministry of Defence, which implemented regular protection activities and contacted CERT-EE. CERT-EE started collecting additional information and monitoring information channels. A back-up plan was prepared. 2) A DoS attack against the mil.ee website was launched on at approximately The website of the Defence Forces failed to respond to the requests during the attack. Similarly to the previous attack the public was informed of it via Twitter twenty or thirty minutes after the attack started. Anonymous Ukraine was again the author of the posting. Mass generation of TCP SYN sessions and HTTP GET requests were used for the attack, similarly to the previous attack. The attack lasted about 3 hours. Activities The attack was detected by the Defence Forces, who contacted CERT-EE and their Internet service provider. Information was exchanged and a subsequent plan of action decided upon. 3) NATO CCD COE message campaign on at approximately Monday started with reports of strange messages seemingly sent from the NATO cyber security centre (NATO CCD COE). The messages informed the recipients that their information systems did not conform to the cyber security requirements of NATO. Misspelled English and obsolete NATO CCD COE logo were used in the messages. Several message header entries were forged in the messages, including the sender s address and sending server entries. The IP address (dvb35.srv.it.ge, ) of the server actually sending the messages refers to Georgia. Activities CERT-EE detected the sending of forged messages and collected information concerning circulation of these messages in Estonia and Europe. Reassuring messages about the event were distributed to Estonian institutions receiving the message. Distribution of around 150 messages was confirmed in Estonia; the actual number sent could be somewhat higher. Both Latvian and Lithuanian CERTs confirmed circulation of such messages in their countries. An attempt was made in co-operation with the Georgian CERT to access the server sending the messages. This attempt failed. Some time later it turned out reports about the attack had been sent to a foreign web publication from this IP address. The website of a Christian radio station was defaced in Latvia. The obsolete NATO CCD COE logo found in the forged messages was used on the site. The same logo was also used on a defaced Ukrainian site. 4) A DoS attack against ccdcoe.org was launched on at approximately The website of NATO CCD COE failed to respond to the requests during the attack. The NATO CCD COE website is hosted by Zone Meedia OÜ, the hosting service provider engaged in active attack protection, information collection and distribution activities throughout the attack. Activities The attack was carried out in several waves. The first wave involved congesting traffic with HTTP GET requests, followed by mass ICMP requests. After effective protection measures were taken the attackers changed their tactics and started using mass generation of TCP SYN sessions. These 2
3 were also fended off using effective protection measures, and the normal operation of the website was restored at approximately ) Defacement of Elron website on at The defaced website distributed misleading information starting from 13:07. At 13:24 web publications published reports on the website of the suburban rail services operator Elron being defaced. When investigating the case it turned out that modification of the information published on the website had started at 12:35 after the website was visited from a Chilean IP address (the defacer). The website was visited from this IP address for the first time in November. The offender obtained administrator rights to the website due to content management software missing security patches. He/she used the obtained rights to delete information and leave his/her own message in the newsfeed. The message used broken Estonian ( Rongide liikluses Eestis on peatatud ) and announced that rail traffic has been stopped in connection with the NATO Steadfast Jazz 2013 exercise proceeding at the same time. Activities Unauthorised modification of the website was detected by Elron. Elron modified their webpage at 14.01, leaving a message about the webpage being updated, and the timetables being available on the peatus.ee website. The website was restored from back-up on Elron will replace their website content engine with a new and more secure one. Elron has also agreed with their website administrator on a plan of action to be applied in similar situations in the future. In brief: 1) 2) 3) 4) 5) from 9.20 to DoS attack against kaitseministeerium.ee (MoD) website from to DoS attack against mil.ee website at forged NATO CCD COE messages from to DoS attack against ccdcoe.org website at defacement of elron.ee website 2. Scope and impact of incidents 1) The kaitseministeerium.ee, mil.ee and ccdcoe.org websites did not respond to visitors requests during the attacks. 2) Over 100 recipients in the public ins 3) titutions of Estonia received messages with forged headers and sender s addresses (NATO CCD COE). The total number of such messages received in Estonia may have exceeded 150. Latvian, Lithuanian and Polish recipients also received these messages. 4) The Elron webpage was broken into and its newsfeed entries modified to distribute misleading information about rail traffic being stopped due to a NATO exercise. This incident was uncovered quickly and the owner of the website was able to respond to the incident relatively rapidly. Latvian and Ukrainian websites were also broken into. None of the websites that were successfully attacked contained sensitive information, but successful exploitation of this method draws attention to certain shortcomings. 5) The employees of the institutions attacked were busy with attack protection and notification activities. 6) Information about the attack reached both the Estonian and international media. The information published was somewhat misleading as it did not distinguish between the attacks (DoS attacks vs break-ins to websites), while forging information (for example forged header rows in the messages) provided room for misinterpretation. 3
4 3. Attacks Distributed denial of service attacks was used in the case of all DoS attacks (kaitseministeerium.ee, mil.ee and ccdcoe.org). As the attacks originated from thousands of IP addresses, rented robot networks or botnets were likely used for the attack, whose period of use seems to be around 3 hours for all of the attacks. Attack methods and attackers ICMP DoS attack and SYN flood over TCP to port 80, combined with HTTP GET requests were mostly used. There is no sign of protracted HTTP session technologies having been used. The sender s IP address can be forged for ICMP DoS attacks and SYN floods, therefore only those having sent HTTP GET requests have been analysed. 312 IP addresses coincided for all three attacks. The robot network IP addresses mostly originated from Kazakhstan, Kenya and Thailand. In the case of defacement, websites using unsecured content management software were broken into in Estonia and elsewhere. 4. Recommendations For institutions 1) Review your information asset mapping and the technical platforms of nodes likely to be attacked and consider making changes to minimise the impact of attacks on essential services. 2) Specify and/or check procedures for DoS attack communication and applying back-up solutions between the owner of the website and the hosting and/or Internet service provider. 3) Implement an information security management framework suitable for your institution. In Estonia as a whole 1) Propagate implementing SPF (Sender Policy Framework framework for verifying the sender of ) in mail servers and our Internet domains. 2) Engage even more intensively in explaining the need to update software. Consider applying sanctions to owners of systems not updated for a long time. 3) Use the lessons learned from the attacks when arranging exercises. 4) Ensure the number of professionals responsible for institutions information systems and that their skills are in accordance with how much the work of the institution/business depends on these information systems. 5. Background information Collective exercise Steadfast Jazz 2013 was conducted in Europe by NATO from 2 to 9 November 2013, with 6000 servicemen from 18 Member States participating. Ukrainian servicemen were also taking part. Ukraine and the European Union were getting ready to sign an association agreement at the same time. During the #OpIndependence campaign incidents also occurred in other European countries participating in the NATO exercise and supporting closer relations between Ukraine and the European Union. Attacks on the websites of the Estonian Ministry of Defence and Defence Forces were preceded by the defacement of Polish websites and the Russian compatriot portal in Ukraine, as well a DoS attack on the website of the European Investment Bank. Forged messages from NATO CCD COE were also received in Latvia, Lithuania and Poland, while the website of a Latvian Christian radio station and several websites of the Ukrainian government were broken into on the same day and a similar forged message announcing a NATO audit was posted. Conclusions 4
5 The attacks performed during the #op event of 2013 were not complex and their impact was low. The attacks were, however, performed in a planned manner, probably using rented robot networks. The basic objective of the attackers was to gain public attention. This objective was achieved. Although no serious damage was caused during the incidents, #opindependence proves the utmost importance of having updated software and proper recovery plans in place for all kinds of information systems, including websites. To ensure the smooth application of recovery plans, implementation of the plans must be practised from time to time. 5
Estonia 2007 Cyberattakcs
Estonia 2007 Cyberattakcs 2010 Agenda Background April 2007 What is cyberattack Estonia as an information society Cyberattacks Protection measures used Lessons learned What are we doing - measures Background
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan April 23, 2015 1 / 24 Secure networks Before the advent of modern telecommunication network,
More informationQuality Certificate for Kaspersky DDoS Prevention Software
Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Table of Contents Definitions 3 1. Conditions of software operability 4 2. General
More informationHow To Perform A Large Scale Attack On A Large Network
95 95 9. Exercise: Large Scale Incident Handling Main Objective Targeted Audience Total Duration Time Schedule The main objective of the exercise is to teach incident handlers the key information and actions
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationCERT-GOV-GE Activities & Services
CERT-GOV-GE Activities & Services Tbilisi, Georgia 2014 CERT-GOV-GE Manager David Kvatadze www.dea.gov.ge CERT-GOV-GE - Structural unit was formed within the Information Security and Policy division of
More informationTLP WHITE. Denial of service attacks: what you need to know
Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationCERT-GOV-GE Activities & International Partnerships
CERT-GOV-GE Activities & International Partnerships Zurich, Switzerland 2014 CERT-GOV-GE Manager David Kvatadze www.dea.gov.ge CERT-GOV-GE - Structural unit was formed within the Information Security and
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationHow To Perform A Large Scale Attack On A Large Computer System
CERT Exercises Toolset 91 9. Exercise: Large Scale Incident Handling Main Objective Targeted Audience Total Duration Time Schedule Frequency The main objective of the exercise is to teach incident handlers
More informationFour Steps to Defeat a DDoS Attack
hite Paper Four Steps to Defeat a DDoS Attack Millions of computers around the world are controlled by cybercriminals. These computers have been infected with software robots, or bots, that automatically
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationAbstract. Introduction. Section I. What is Denial of Service Attack?
Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss
More informationComprehensive Anti-Spam Service
Comprehensive Anti-Spam Service Chapter 1: Document Scope This document describes how to implement and manage the Comprehensive Anti-Spam Service. This document contains the following sections: Comprehensive
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationOVERVIEW BY THE US-CCU OF THE CYBER CAMPAIGN AGAINST GEORGIA
A US-CCU Special Report August 2009 OVERVIEW BY THE US-CCU OF THE CYBER CAMPAIGN AGAINST GEORGIA IN AUGUST OF 2008 The ramifications of the August 2008 cyber campaign against Georgia are still being felt
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More informationSUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012
SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012 Cyberspace is both an ecosystem consisting of an infrastructure and services, and an environment where and through
More informationLocked Shields 2013. Kaur Kasak 24 Sept 2013
Locked Shields 2013 Kaur Kasak 24 Sept 2013 Disclaimer: This briefing is a product of the CCD COE. It does not represent the opinions or policies of NATO and is designed to provide an independent position.
More informationCountry Case Study on Incident Management Capabilities CERT-TCC, Tunisia
Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework
More informationProtect your network: planning for (DDoS), Distributed Denial of Service attacks
Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product
More informationERT Attack Report. Attacks on Large US Bank During Operation Ababil. March 2013
Attacks on Large US Bank During Operation Ababil March 2013 Table of Contents Executive Summary... 3 Background: Operation Ababil... 3 Servers Enlisted to Launch the Attack... 3 Attack Vectors... 4 Variations
More informationProtection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd michaels@radware.com
Protection against DDoS and WEB attacks Michael Soukonnik Radware Ltd michaels@radware.com Landscape Ponemon Research 2012: Cyber security threats Cyber security threats according to risk mitigation priority
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More informationDistributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment
Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationDistributed Denial of Service Attacks
Distributed Denial of Service Attacks Steve Crocker Chair, SSAC June 25, 2007 San Juan, Puerto Rico 1 Agenda Types of Attacks DDoS attacks Amplified DDoS attacks - 2006 Estonia - May 2007 What do Do 2
More informationCERT's role in national Cyber Security: policy suggestions
CERT's role in national Cyber Security: policy suggestions Subject: Legal Aspect of Cyber Security. Author: Vladimir Chitashvili Lecture: Anna-Maria Osula What is national Cyber Security is? In another
More informationMitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy
Mitigating Denial of Service Attacks Why Crossing Fingers is Not a Strategy Introduction Mark Baldwin - Owner of Tectonic Security MSSP and Security Consulting Primarily Work With SMBs DDoS Mitigation
More informationComparing Two Models of Distributed Denial of Service (DDoS) Defences
Comparing Two Models of Distributed Denial of Service (DDoS) Defences Siriwat Karndacharuk Computer Science Department The University of Auckland Email: skar018@ec.auckland.ac.nz Abstract A Controller-Agent
More information2010 Carnegie Mellon University. Malware and Malicious Traffic
Malware and Malicious Traffic What We Will Cover Introduction Your Network Fundamentals of networks, flow, and protocols Malicious traffic External Events & Trends Malware Networks in the Broad Working
More informationAcceptable Use Policy. This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name.
This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name. This Acceptable Use Policy forms part of the Registry Policies that apply to and
More informationDoS/DDoS Attacks and Protection on VoIP/UC
DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements
More informationUnderstanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business
& Preventing (Distributed Denial of Service) A Report For Small Business According to a study by Verizon and the FBI published in 2011, 60% of data breaches are inflicted upon small organizations! Copyright
More information10. Exercise: Automation in Incident Handling
107 10. Exercise: Automation in Incident Handling Main Objective Targeted Audience Total Duration Time Schedule Frequency The purpose of this exercise is to develop students abilities to create custom
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More informationFour Steps to Defeat a DDoS Attack
WHITE PAPER Four Steps to Defeat a DDoS Attack Millions of computers around the world are controlled by cybercriminals. These computers, infected with bot malware, automatically connect to command and
More informationNetwork Bandwidth Denial of Service (DoS)
Network Bandwidth Denial of Service (DoS) Angelos D. Keromytis Department of Computer Science Columbia University Synonyms Network flooding attack, packet flooding attack, network DoS Related Concepts
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationSHARED WEB AND MAIL HOSTING SERVICE LEVEL AGREEMENT (SLA) 2010
SHARED WEB AND MAIL HOSTING SERVICE LEVEL AGREEMENT (SLA) 2010 This Service Level Agreement (SLA) ( Service Level Agreement or Agreement or SLA ) is by and between Bizcom Web Services, Inc. (the "Company")
More informationAdditional services are also available according to your specific plan configuration.
THIS SERVICE LEVEL AGREEMENT (SLA) DEFINES GUARANTEED SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY. I. Service Definition SMS (Company) will provide You with Hosted Exchange and other Application Services
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview
More informationLith Networking and Network Marketing Safety
DIRECTION TO SUCCESS. PUBLIC AND PRIVATE SECTORS PARTNERSHIP WSIS Action Line Facilitation Meeting: Building confidence and security in the use of ICTs (C5) Partnerships for Global Cybersecurity ITU Geneva,
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More informationSTATISTICS ON BOTNET-ASSISTED DDOS ATTACKS IN Q1 2015
STATISTICS ON BOTNET-ASSISTED DDOS ATTACKS IN Q1 2015 www.kaspersky.com 2 CONTENTS Methodology 3 Main findings 4 Geography of attacks 5 Time variations in the number of DDoS attacks 7 Types and duration
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationCurrent Threat Scenario and Recent Attack Trends
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
More informationCyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in
Cyber Security & Role of CERT-In Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in Web Evolution Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos.
More informationNetwork attack and defense
Network attack and defense CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan 1 Outline 1. Overview
More informationRL Solutions Hosting Service Level Agreement
RL Solutions Hosting Service Level Agreement April 2012 Table of Contents I. Context and Scope... 1 II. Defined Terms... 1 III. RL Solutions Responsibilities... 2 IV. Client Responsibilities... 4 V. The
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationUNCLASSIFIED. http://www.govcertuk.gov.uk. General Enquiries. Incidents incidents@govcertuk.gov.uk Incidents incidents@govcertuk.gsi.gov.uk.
Version 1.2 19-June-2013 GUIDELINES Incident Response Guidelines Executive Summary Government Departments have a responsibility to report computer incidents under the terms laid out in the SPF, issued
More informationAcceptable Use Policy
Acceptable Use Policy Acceptable Use Policy (AUP) ionfish Group, LLC s network and services have been designed to serve its clients, partners, and employees (each individually a User ), and to enhance
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA
ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY
More informationDATA SECURITY POLICY. Data Security Policy
Data Security Policy Contents 1. Introduction 3 2. Purpose 4 3. Data Protection 4 4. Customer Authentication 4 5. Physical Security 5 6. Access Control 6 7. Network Security 6 8. Software Security 7 9.
More informationHOSTEDMIDEX.CO.UK. Additional services are also available according to Client specific plan configuration.
HOSTEDMIDEX.CO.UK THIS SERVICE LEVEL AGREEMENT (SLA) DEFINES GUARANTEED SERVICE LEVELS PROVIDED TO CLIENT BY THE SUPPLIER. I. Service Definition Lanmark Technical Services Ltd trading as mailhosted.co.uk
More informationHow To Mitigate A Ddos Attack
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5
More informationdfence: Transparent Network-based Denial of Service Mitigation
dfence: Transparent Network-based Denial of Service Mitigation Ajay Mahimkar, Jasraj Dange, Vitaly Shmatikov, Harrick Vin, Yin Zhang Department of Computer Sciences, The University of Texas USENIX NSDI
More informationMONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN
MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN Kanika 1, Renuka Goyal 2, Gurmeet Kaur 3 1 M.Tech Scholar, Computer Science and Technology, Central University of Punjab, Punjab, India
More informationD m i t r y S l i n k o v, C I S M SWISS C Y B E R S TO R M 2015. Black market of cybercrime in Russia
D m i t r y S l i n k o v, C I S M SWISS C Y B E R S TO R M 2015 Black market of cybercrime in Russia WHOAMI Information Security Manager (Russia and CIS) Information Security Officer Information Security
More informationFour Steps to Defeat a DDoS Attack
hite Paper Four Steps to Defeat a DDoS Attack Millions of computers around the world are controlled by cybercriminals. These computers, infected with bot malware, automatically connect to command and control
More informationAdditional Security Considerations and Controls for Virtual Private Networks
CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES
More informationDDoS Protection on the Security Gateway
DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by
More informationUNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)
Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationConfiguring Security for SMTP Traffic
4 Configuring Security for SMTP Traffic Securing SMTP traffic Creating a security profile for SMTP traffic Configuring a local traffic SMTP profile Assigning an SMTP security profile to a local traffic
More informationKaspersky Lab. Contents
KASPERSKY DDOS INTELLIGENCE REPORT Q3 2015 Contents Contents... 1 Q3 events... 2 Attacks on financial organizations... 2 Unusual attack scenario... 2 XOR DDoS bot activity... 2 DDoS availability... 3 Statistics
More informationWHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
More informationHow To Protect Your Network From Attack From A Hacker On A University Server
Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com
More informationLimiting the Damage from a Denial of Service Attack
April 25, 2014 Limiting the Damage from a Denial of Service Attack From the Experts Andrew M. Hinkes, Corporate Counsel In early 2013, a wave of denial of service (DoS) attacks reportedly caused U.S. banks
More informationSecure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions
Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi Joseph, Computer Division,BARC. Gigi@barc.gov.in Intranet Security Components Network Admission Control (NAC)
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationDDoS Attack and Its Defense
DDoS Attack and Its Defense 1 DDoS attacks are weapons of mass disruption. The DDoS attack has long been a big main threat to security of the Internet. It is not expensive and easy to be used for achieving
More informationLegal Issues / Estonia Cyber Incident
Control System Cyber Security Conference 22 October 2009 Legal Issues / Estonia Cyber Incident Maeve Dion Center for Infrastructure Protection George Mason University School of Law Legal Issues / Estonia
More informationExecutive Suite Series An Akamai White Paper
An Akamai White Paper Plan vs. Panic: Making a DDoS Mitigation Playbook Part of Your Incident Response Plan Introduction When a huge Distributed Denial-of-Service (DDoS) attack took down the Website of
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive
More informationManaged VPSv3 Firewall Supplement
Managed VPSv3 Firewall Supplement Copyright 2006 VERIO Europe page 1 1 INTRODUCTION 3 1.1 Overview of the Documentation Library 3 1.2 Overview of this Document 3 2 TWO OPTIONS FOR BUILDING A FIREWALL 4
More informationHybrid Warfare & Cyber Defence
Hybrid Warfare & Cyber Defence Maj Gen Thomas FRANZ, DEU AF SHAPE DCOS CIS & CD Characteristics of Hybrid Warfare Alternate means to achieve goals Lines blurred between: state-onstate wars, counterinsurgency
More informationNetwork security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece
Network security policy issues Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece 1 Sample Agenda Slide 1 The current threat landscape 2 IT security and policy leadership 3 The EU
More informationCSIRT Introduction to Security Incident Handling
CSIRT Introduction to Security Incident Handling P. Jacques Houngbo AIS 2013Technical Workshops Lusaka, Zambia, June 2013 If you think technology can solve your security problems, then you don t understand
More informationWharf T&T Limited DDoS Mitigation Service Customer Portal User Guide
Table of Content I. Note... 1 II. Login... 1 III. Real-time, Daily and Monthly Report... 3 Part A: Real-time Report... 3 Part 1: Traffic Details... 4 Part 2: Protocol Details... 5 Part B: Daily Report...
More informationBroadband Acceptable Use Policy
Broadband Acceptable Use Policy Contents General... 3 Your Responsibilities... 3 Use of Email with particular regards to SPAM... 4 Bulk Email... 5 Denial of Service... 5 Administration of Policy... 6 2
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationDenial of Service (DoS) Technical Primer
Denial of Service (DoS) Technical Primer Chris McNab Principal Consultant, Matta Security Limited chris.mcnab@trustmatta.com Topics Covered What is Denial of Service? Categories and types of Denial of
More informationSPECIFIC TERMS AND CONDITIONS ON THE RENTAL OF A DEDICATED SERVER
SPECIFIC TERMS AND CONDITIONS ON THE RENTAL OF A DEDICATED SERVER Latest Version on May 22nd 2014 SECTION 1: PURPOSE The purpose of these Specific Terms and Conditions, which are complementary to OVH s
More informationUMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE
UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE Originator Patch Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director
More informationCHAPTER 2: CASE STUDY SPEAR-PHISHING CAMPAIGN GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: CASE STUDY SPEAR-PHISHING CAMPAIGN 1 SPEAR-PHISHING CAMPAIGN CASE STUDY MORAL Attacks do not have to be technically advanced to succeed. OVERVIEW In August of 2014, Aerobanet (named changed to protect
More informationCERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency
CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency I. Alarming call for cooperation with ISPs Slammer Worm Spread most of vulnerable SQL servers
More information1. Firewall Configuration
1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets
More information