31 posts categorized "Cyber Attacks & Defenses" Feed

LMTV Live | Modern Attack Vectors – A Compounded Headache (with Andrew Vladimirov)

EVENT START TIME: 9:30 AM PST - Wednesday, September 5th, 2018

This week we will be talking with Andrew Vladimirov of Arhont Information Security, about the new tricks hackers are using to get their hands on your data and do other nasty things.

Before you implement counter information security measures, do you know what you are protecting against? Do you understand the actual risks your business faces and the attacker strategies that are used?

Determined and skilled hackers employ a combination of social engineering and technical (client/server/application/database/all 7 OSI layers network) attack means which interchange subject to how events unfold and where the next available gap can be found. Until you fully understand how an attacker approaches work in combination of these methods and how these create compounded risks, you will continue building virtual Maginot lines and gasping at being outflanked yet another time. 

In this LMTV session we will discuss the how hackers combining social engineering and technical attacks, make the most devastating and difficult to protect against today.  We will suggest ways you should start planning against these.

Mapping Network Security Resilience To The NIST Cybersecurity Framework (by Keith Bromley)

Mapping Network Security Resilience To The NIST Cybersecurity Framework!

On May 11, 2017 President Trump issued his Presidential Executive Order 13800. As part of this executive order, all government agency heads will be held accountable for implementing solutions and managing the risks associated with threats to our nation’s cybersecurity and thus must take immediate action to review cybersecurity protocols in order to upgrade each department’s IT infrastructure. Furthermore, the executive order mandates the use of the NIST Framework for Improving Critical Infrastructure Cybersecurity within government agencies.

The NIST Framework for Improving Critical Infrastructure Cybersecurity provides a common language for understanding, managing, and expressing cybersecurity risk. This framework is built upon concepts to organize information, enable risk management decisions, address threats, and improve through lessons learned.

The foundation to these concepts are aligned within five core functions:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

A new whitepaper from Ixia (a Keysight Business) called Deploying a Layered Visibility and Cybersecurity Architecture provides an overview of how to combine a visibility architecture with a security architecture to address the NIST architecture. The following excerpt provides a short of overview of how to accomplish this. A full discussion on the subject is contained within the whitepaper.

Review the foundation concepts - Framework-01

Continue reading "Mapping Network Security Resilience To The NIST Cybersecurity Framework (by Keith Bromley)" »

Detecting SYN Flood Attacks with Colasoft Capsa (by Jack Wei)

Detecting SYN Flood Attacks with Colasoft Capsa!

 Denial-of-service attack (DoS attack) is a malicious attack to make a machine or network resource unavailable to users, usually by temporarily or indefinitely disrupting services of a host connected to the Internet. (US-CERT 2013)

Today, DoS attack is a common cyber-attack on the network. According to the statistics, every three seconds, there is a DoS attack happening on the Internet. The low cost of launching a DoS attack is one of the major causes of frequent DoS attacks.

Some of the most commonly used DoS attack types include:

Ping of Death, Teardrop, WinNuk, UDP flood, TCP SYN flood, IP Spoofing, Land Attack, Smurf, ICMP flood, etc.

In this article, we will show you how to detect SYN flood attacks using a network analyzer named Colasoft Capsa.

You can download some awesome tools here - Including the Freeware Capsa - 

Free Tool Download, including Capsa free - Click Here!

In order to analyze DoS attacks (and Others) , I suggest you follow the three steps below:

  1. Observation

Most hosts which are under DoS attack will show high CPU and memory usage or the network bandwidth is occupied by garbage traffic.

  1. Analysis

We can analyze and locate the attacks by decoding the raw packets. In this way, we will get protocols and behaviors of packets. Compare these information with attack signature, then we can locate the actual attack type.

  1. Locate issues

With TCP/UDP session and chart function, we can more accurately and quickly locate DOS attacks.

Now, I will give you an example to show you the detailed steps using the visual capabilities of Capsa!.


Continue reading "Detecting SYN Flood Attacks with Colasoft Capsa (by Jack Wei)" »

Searching for a Protocol Solution to Phishing (by Nalini Elkins)

Searching for a Protocol Solution to Phishing


Phishing and other social engineering attacks are a large problem for enterprises.   You may wish to look at WikiPedia for the data breach at the Office of Personnel Management (OPM) at https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach.  This breach released personal information including the names, addresses, and social security numbers of millions of  federal employees and contractors.   The breach was most likely a result of a successful social engineering attack.

Yet, we are at the very beginning of what might happen.  We may look back on these days as the days of innocence.   Today, when you get a phishing email from someone telling you that you have won millions of dollars in a lottery that you never entered or a request from someone in a distant country to help them with their inheritance, you laugh (or grimace) and wonder why the spam blocker is not working.

Things are changing - 

Continue reading "Searching for a Protocol Solution to Phishing (by Nalini Elkins)" »

Is your Network Security Slowing you Down? (by Jason Nutt)

Is Network Security Slowing you Down?

Measuring the Latency impact Created by Next Gen Security Solutions

As an IT professional, you are well aware of the challenges posed by network latency. Applications like audio and video delivery, bandwidth sensitive mobile applications, cloud computing and storage services are extremely sensitive to network latency.

What you may not realize, however, is the amount of latency created by your Next Generation Intrusion Prevention Systems (NG-IPS) and Next Generation Firewalls (NG-FW). While they are critical to protecting your network, these security tools and others that perform deep packet inspection can increase latency, significantly impacting your overall application performance.

Recently we worked with a large health care services provider trying to figure out why it was taking so long to send MRI data between locations. This was causing significant frustration for patients, doctors and medical staff. Having been aware of Aukua’s nanosecond precision capture and analysis tools, they asked for our help. The company suspected one of more of their NG-IPS devices was causing the delays, but they did not have a way to confirm this. Since these security tools do not treat all packets the same, they were unable to detect or measure the application latency issue with artificial traffic such as ICMP. And since some applications were being adversely delayed and others were not, they could not rely on the NG-IPS vendor’s generic latency specs for various packet sizes. In addition, compliance rules prohibited them from introducing new traffic into their live network.


Continue reading "Is your Network Security Slowing you Down? (by Jason Nutt)" »