We all know that information security relays on a layered approach. It´s about people, process/programs and technology. And we all know about Advanced Persistent Threats. How they work, attack vectors, etc. And even so, more and more companies are attacked by each day. I just want to highlight two incidents that are critical on my opinion and will act as the basis of my argumentation. One of the incidents happened to Coca-Cola. They were attacked by hackers on 2009 and the effect of this was the collapse of one giant company acquisition that Coca-Cola was negotiating in China. What is... Continue reading

It's widely known by now, that the Internet group called "Anonymous" is targeting an amplification attack against the DNS Root Servers. Much has been said about it and different people have different opinions. Here's mine. To get to my point of view, I would like to present some background information. DNS Architecture The DNS name structure is shaped somewhat like a pyramid; The DNS architecture is based on a top down implementation,where the following can be considered members This concept of a hierarchical authority is easier to understand if we examine a sample DNS name space and discuss the issues... Continue reading

I had the opportunity to visit several companies over the years and in many cases I could verify that their network and security teams suffered of a lack of network visibility, which let them unable to answer some important questions, per example: What's the average traffic in the network? What's the most used applications? Who are the top talkers? There are unknown applications running in the network? Why there are non HTTP traffic on TCP port 80 going out of the network? Many teams don't know the answers from the questions above and certainly, this make them blind to what's... Continue reading

Well, IPV4 addresses are almost depleted, right? Sort of, it´s clear that we will be out of IPv4 addresses in 2011, some actual almost "live" info I received mentioned that we had left only 12/8’s and 11/256’s by the end of 2010. Due to the fact that we´re out of IPV4 addresses (unless ARIN decides to make Microsoft and others to return the larger unused IPV4 pools they have), IPV6 deployment is on its way, although this is a process that may take several years to complete. For a example of a joint task force for a massive IPV6 field... Continue reading

In the after-crisis of the Stuxnet worm, Governments around the world are mobilizing to be better prepared against CyberThreats and CyberWar. It's becoming clear, more and more that groups pf individuals with a lot of knowledge, time and motivation can do harm against economies, healthcare, utilities and other systems, being responsible (who knows?) for the collapse of a country. We already had, in the past, cases of well succeeded CyberAttacks that collapsed a country information structure and paralyzed it for a while. We can remember of: 2007 CyberAttakcs on Estonia 2007 CyberAttacks against Syria Radar Infrastructure 2008 CyberAttacks on Georgia... Continue reading

Wellcome to Shodan. If you're thinking "What on Earth is it?", please read the lines below. If you're already familiar with, move to the next Section. So here’s the basic: SHODAN (Sentient Hyper-Optimized Data Access Network) is a search engine, but instead of indexing web page content, it indexes banners information. It indexes data on HTTP, SSH, FTP, TELNET and SNMP services for almost the whole Internet. You can find it at http://www.shodanhq.com. You can do basic searching for free. An account and credit are required for some features. What can I do with it? A lot of things. For... Continue reading

I received some emails lately asking me some advice on how to prove a SIEM Tool ROI to higher management (justify acquisition, prove that the solution helps, etc). If you focus only in the technical aspects, I admit thatlife becomes more difficult (world crisis, lack of technical knowledge from higher management, etc) and gets hard to prove the ROI. When I work with SIEM projects one of my major rules is to understand my customer business and not only the network/system security aspects. What they do? How they do? What facts can impact their revenue? What systems/devices are running their... Continue reading

I'm scared!!! With one subject! Why people are not concerned about exposing their lives on the Internet? On a way that can put in danger not only themselves but their family and friends. I'm writing below some info I collected just looking ramdomly for profiles on some social network websites. Phones, credit card numbers, full address, if they have children, how many are they and their names, where they study, where they work, etc. You can just find everything about everyone. They're really not concerned with someone they don't know looking their profile searching for something (possible with bad intentions).... Continue reading

I was reading a interesting discussion on Linked-In days ago about security technologies tendencies and I became happy to read about some very interesting solutions/technologies that I never heard about it and some others I'm more familiar but with a new approach. I will spend some time in the near future to study more some of them and blog the results here but my objective now is to promote a health discussion. On the opinion of the ISC2 folks, what will be the next generation of security solutions? And by "next generation" I mean a technology that will evolve or... Continue reading

A while ago the company I work for was hired for a Telecom company to secure their data centers. During the initial gap analysis phase, the backbone was hit by a DDos attack and of course we were assigned to try to help. The interesting about this case is that we act on a "happening now" scenario instead of the regular "post mortem" case. The Evidence: This is a botnet!!! Just to baseline everyone Whats is a botnet? From Wikipedia: Botnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. The term... Continue reading

After a long absence due to long and stressful project "46 hours working straight was common" I'm back Sure, I missed to blog here!!! I'm reading a lot about Cloud Computing and how fantastic it is, but I have to wonder... What about the security aspects???? Well, no rush...Let's start from the basics What's Cloud Computing? Cloud computing is a paradigm of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the "cloud" that supports them. The... Continue reading