DDos Attack Protection

In today’s business economy, it is important to have a complete solution that not only compensates for your current operations, but supports the growth ofyour business into the future as well. If the internet is the core of your business, a conventional web hosting solution might not be able to provide the level of control and flexibility you require, at least from a long-term perspective.  Because of this, there just may come a time when you need to strongly consider dedicated hosting.

What is Dedicated Hosting?

To give you a better understanding of dedicated hosting, I’ll first give a quick brief on conventional web hosting, better known as shared hosting. This is the type of environment where you are literally sharing server space and critical resources with other website owners. This could be tens, hundreds or even thousands of people.Dedicated hosting you could say, is the exact option. As the name implies, this is a situation where the entire server is dedicated to your business. With an entire machine at your disposal, you have enough server capacity to host one or multiple websites. Aside from disk space, you also have an abundance of bandwidth along with enough RAM and CPU to make your website perform like a champ. Whereas shared hosting leaves you limited, a dedicated server opens up the floor, providing you with more than enough room to work with.

Benefits of Dedicated Hosting

A dedicated server only makes sense for the large corporation or emerging small to medium-sized business, delivering benefits that simply can’t be provided on other platforms. Below I’ll touch on some of the key benefits of dedicated hosting:

Enhanced Stability and Performance

With dedicated hosting, you are pretty much assured a better performance. In this environment, there are no other sites on the server to leach off your disk space, bandwidth and other essential resources. This means you can enjoy a maximum uptime with a high level of performance your visitors are sure to appreciate.

Extreme Flexibility

One of the biggest attractions of the dedicated server is flexibility. On a shared server you are restricted and typically limited to the resources and tools the web host provides. With dedicated hosting you call the shots, able to incorporate the software applications and technologies you desire. The options are endless, ranging from the control panel and operating system to programming languages and database systems.

Enhanced Security

A dedicated server offers unparalleled security, an attribute that is invaluable these days. This hosting solution gives you the option of implementing the security protocols and mechanisms able to provide your business with the best protection. You can install firewalls, anti-virus solutions, DDoS protection software – the possibilities are endless when it comes to network security. Simply put – adedicated server can be as secure as you make it.

Though more expensive than shared web hosting, dedicated hosting is worth every penny to the business that demands the utmost in control and flexibility. Throw in enhanced stability and security and it becomes a solution your flourishing business just might not be able to do without.

Time for a dedicated server?  Check out the dedicated hosting packages offered byHostGator.  The Gator has dedicated servers available in both Windows and Linux flavors, giving you the best in server hardware and guaranteed network resources.

Tags: DDoS, DDOS Protection, Firewall, Internet, Security
Posted in economy | No Comments »

About once a year, usually around Black Friday, and coinciding with the flu season, mobile security takes center stage. Maybe more so this year, given the ascendency of the smartphone coupled with browsers finally good enough to make the mobile Web a worthwhile experience.

A week or so ago, RIM’s security chief spoke about smartphone viruses and their potential usurpation of the phone as a platform for DDoS attacks. This coupled with a critical mass of open operating system devices now make the mobile phone a tempting target. We’ve been talking about mobile viruses for half a decade. This time, the threat is real.

In the same way, these virtual petri dishes are black holes into which corporate IT has no visibility. Sybase (News – Alert) recently commissioned a study of European IT executives to evaluate the magnitude of this potential exposure. The findings are downright scary, and make one wonder about the level of attention IT departments have devoted to addressing the security requirements of their mobile workers. 66 percent stated that they have no visibility into the sensitivity of data stored on mobile devices, 38 percent have no visibility into applications, and only 15 percent are confident in their ability to contain exposure if the phone is lost or stolen. In my book, considering the magnitude of exposure, this lack of security should have these IT managers camped out at the corner unemployment office (or in a more draconian mood, at the local lockup).

These metrics align with the percentage of employee-liable phones used in the enterprise, now approaching 50 percent as reported by Yankee Group (News – Alert). I won’t go into the not unexpected conclusion from the presentation about the iPhone’s readiness (or lack thereof) for enterprise use.

So what’s an operator, an enterprise, or a smartphone subscriber to do?

Needless to say, once the phone is lost or infected, it is too late. An effective over-the-air security solution, deployed as part of an overall care architecture by the operator, for employee liable devices, or by the enterprise for corporate liable devices, is the foundation. This solution will be responsible for pushing firmware or software updates to the phone, ensuring that discovered vulnerabilities are quickly patched. Extensions to widely deployed FOTA architectures meet this requirement. In some cases, the operator may mandate anti-virus software, pushed to the device (or pre-loaded at time of manufacture) by the same update conduit. If the phone is lost or stolen, the management client of the device should be capable of locking the phone and/or wiping all data.

In parallel to the operator’s care platform, user education is essential. Password protection is a given, as well as the need for backup. However, it is almost criminal that employees using their smartphone for work purposes ignore this first line of defense. And, if the user wants that which happened in Vegas to stay in Vegas, he or she can’t wait a week to report a lost phone, hoping that it will miraculously re-appear. A phone locked after compromising photos or a corporate roadmap have made it to the Internet is not nearly as good as a phone locked before. Unlocking is as easy as making a call, nothing is lost if/when the “lost” device is once again found, as an over-the-air unlock is just as fast and easy as a lock.

The real area for improvement is in the area of IT control over employee liable devices. At Interop (News – Alert) in NYC, I participated in a panel addressing just this concern. We exchanged best practices, painting a picture of what should be, though not what necessarily currently exists. Our joint observation was that IT departments need to understand that mobile devices fall into a continuum. On one extreme, there are corporate liable Blackberries or mission-specific platforms upon which you can enforce restrictive, but safe, policies (on device encryption, strong passwords etc.). There will always be a place for this. On the other are the unwashed masses with a variety of personal devices with no policy or control enforced or deployed.

But the middle? Devices with reasonable VPN or ActiveSync support with on device encryption like Windows Mobile or the iPhone (News – Alert) 3GS? Good call, it is reasonable to expect encryption on the device, something that is supported by ActiveSync policies. However, some handsets, like earlier iPhones, will report back to the server that they support on-device encryption, when they don’t.

Convenient, but dangerous because you think that you are more secure than you are. Then there are devices which will fetch your mail off the Exchange server (if the server is configured to allow low security devices), but make no claim of any sort of ActiveSync on device encryption, such as recent Android devices like the Motorola (News – Alert) Droid or the Palm Pre. Even this is not cut and dried. For example, Touchdown, an ActiveSync corporate email app, runs on Android devices but reports support of on device encryption (at least as of late November 2009) even if that capability does not yet exist. The situation is complex.

The level of visibility into these devices, and IT’s willingness (and/or ability) to lock down an employee owned device , will inform what corporate resources are made available. This in effect addresses the concerns raised by the Sybase study. No visibility. No access to ERP or Exchange.

And if the enterprise does deploy security along the lines of Credant or Good, they’ve got to make doubly sure that there is no leakage of content (i.e., contacts or photos) from the ‘public’ to the ‘enterprise’ side of the device, certifying conformance on each and every OS platform and hardware family introduced. Here, the onus is on the IT department.

As I got onto the plane in JFK, I looked around at a rather unhealthy cross-section of the traveling population (compared to SFO), wondering if it was just my phone that I needed to protect…

Tags: attacks, DDoS, DDOS attack, DDoS Attacks, Internet, Security, vulnerabilities
Posted in Mobile Security | No Comments »

Network brings us a convenient, but also brings a series of problems. Viruses and malware attacks is very troublesome. Unless you pull string, otherwise will suffer from the aspects of the network, especially the threat of distributed denial of service attack, people can retreat DDos refund. We cannot prevent the attack, we can do is how to reduce losses, utmost ground protects the interests of individual and enterprise network.
A DDoS attack typically divided into three stages. First is the target confirmed: hackers will lock an IP address on the Internet. The IP address of the enterprise may represent a Web server, DNS server, Internet gateway, etc. Select the target of the attack, or for money purposes is pure pastime. Then is preparation: in this stage, the hacker intrusion Internet will have good protection system of the computer. In these computers after implantation target the necessary tools. Finally is launched actual attack stages: hackers will be sent to all orders against invasion by the computer, using the computer and ordered in advance of the implant to attack tool sends a packet that attack target unable to handle large amounts of data or bandwidth occupied. Serious word will affect the DNS, cause the whole network have paralyzed.
Of course not, facing DDoS unchecked. We can take corresponding measures to minimize the effects of such attacks.
Intrusion filter is a simple network should be implemented and all the security strategy. In your network, should establish a routing statement, all data to source IP address for this marked the packet. Although this way doesn’t prevent DDoS attack, but it can prevent DDoS attack reflex.
But many large ISP seem because all sorts of reasons refused to realize invasion of filter, so we need other ways to reduce the impact of DDoS. At present the most effective method is one of the track. By this way, the first should be determined by current is external DDoS attack, not from the connection or routing problem. Then all the edge router as soon as possible in the external interface configuration, reject all the data flow DDoS attack target. In addition, even in these edge router port configuration, will all invalid or unable to locate data source IP packets.
Such doing can decrease the impact DDos, early recovery network operation. DDoS attack, but we can prevent hard by the corresponding measures to reduce the attack in the network. We can’t predict how fierce flooding, all we can do is to build high dam, We couldn’t psych out hackers mood, so we must make full preparations.

Tags: DDoS, DDOS attack, DDoS Attacks, DNS, Internet, Security
Posted in DDoS Attacks | No Comments »

CYBERJAYA: The International Multilateral Partnership Against Cyber Threats (Impact) believes that what the world needs now is more cybersecurity experts.

Although it may sound less whimsical than the famous song, in reality, Impact said cyberspace is ever changing and the number of threats is growing everyday.

Threats are also getting more sophisticated and targeted compared to 10 years ago, said Philip Victor, Impact centre for policy and international cooperation, head of communications and outreach.

Aside from attackers being driven by financial gains from attacking global systems, Philip said that terrorists are also turning to the Internet to launch their attacks or execute their plans.

One of the more popular example of the realities of a cyberattack is the 2007 cyberwar in Estonia where attackers launched distributed denial of service (DDoS) attacks on Estonian websites including the Estonian parliament, banks, ministries and newspapers, he said.

Although the attacks may seem low-tech, a DDoS attack can disrupt everyday activities that require Internet connectivity.

“Unfortunately, there’s a lack of global cooperation to fight this due to the shortage of information security professionals,” Philip said.

In Malaysia, he said the information security professional to population ratio is 1:20,000.

“We believe the number of security professionals is growing but as the Internet population increases, we will need more,” he said.

Working towards this effort, Impact has alligned with information security certification company ISC2 to provide information security training to Impact partner countries.

“This is in line with our mandate of operationalising the Global Cybersecurity Agenda (GCA)in escalating cybersecurity capabilities to better defend againts cyberthreats,” said Datuk Mohd Noor Amin, chairman of the Impact management board.

The GCA is the United Nation’s International Telecommunication Union’s framework to enhance confidence and cybersecurity in the information society.

Through this agreement, ISC2’s certification courses such as the Certified Information Systems Security Professional, Systems Security Certified Practitioner and the Certified Secure Software Lifecycle professional will be offered in Impact’s partner countries to enhance the organisation’s position in providing a holistic approach to public sector cybersecurity.

Impact will kick off the first course, the Systems Security Certified course, in Africa in the first quarter of next year.

“Africa is a continent with growing Internet users so its logical to train security profesionals there to ensure its cyberspace is safe,” Philip said.

Impact and ISC2 are expecting 100,000 security professionals to be trained through this partnership.

“We will be working with governments to realise this goal in order to provide enough security professionals for the world,” Philip said.

W. Hord Tipton, executive director for ISC2 said the organisation is happy to work with Impact.

“We jointly believe that only by professional development can we enable the community to protect against cyberthreats and we look forward to educating more individuals,” he said.

Tags: attacks, DDoS, DDOS attack, Internet, NAT, Security
Posted in security experts | No Comments »

Park Dong-hoon, the president of the Korea Information Security Industry Association, made a keynote speech at the 2009 Korea Information Telecommunication Facilities Engineering fall seminar on Nov 19. The presentation covered the current status and problems of knowledge information security regarding to recent DDoS crisis.

With the development of IT technology, people are now living in a ubiquitous environment where everything is connected such as cellphones, computers, and mobile devices. However, more information through various networks created more demand for security. As the network became bigger and more complex, the trend in security is also changing from technical network protection to service security. Most people have some type of information stored in more than one network and many businesses have crucial information to protect. Due to the increase of cyber crimes, the knowledge information security industry has risen and it will continue to grow to be a convergence security industry. The information security industry is defined as the industry providing services to prevent crimes and disasters through security technology like passwords, encoding, surveillance, and recognition. The industry consists of information security, physical security and convergence security.

The potential for knowledge information security is tremendous. The estimated global market for 2013 is expected to be US$368 billion. Currently, the market is dominated by the US and EU at 88%. Korea has only 1.7% of global market share. The Korean knowledge information security market is estimated at W3.1 trillion in 2007, but it is expected to reach W18.4 trillion by 2013. For information security, most high-end security hardware is imported, but Korean software is exported to Japan, the US and other countries. For physical security, the market has expanded with 32% of annual growth. The 2009 market analysis showed that law enforcement has been strengthened due to several major information theft cases. Also, the public and finance sectors plan to establish the convergence security business against DDoS attacks and the industry will get bigger through M&A.

There have been several major security breaches since 2008 – the Blue House hacking, auction.com with over 10 million id thefts, Hanaro Telecom with 6 million id thefts, GS Caltex with 1.1 mil id thefts, and the 7/7 DDoS attack crisis. These types of cases show how vulnerable sites are with low security levels. The government does not have enough human resources in the security department. Many companies do not recognize security as investment but an expense. Also, most computer users do not use anti-virus programs, and their computers are exposed to hackers and are sometimes used as zombie PCs. The level of security systems does not meet the demand for increased internet use. The R&D investment is about 1,000 times less compared to the US, based on a 2007 survey. The solution for increasing cyber attacks is to establish a cyber crisis management system and produce more security professionals with more investment. The collaboration efforts between public and private sectors will help the security industry to grow.

Tags: attacks, DDOS attack, DDoS Attacks, Hackers, Internet, Security
Posted in DDoS Attacks | No Comments »

RioRey has appointed leading IT security specialist Network Defence as its UK partner to help deliver its security solutions to the UK. RioRey will use Network Defence’s strong position in the IT security and vertical markets to deliver a new level of Internet protection to customers.

Network Defence will distribute the complete range of RioRey products, offering SMEs through to major enterprises protection against Distributed Denial of Service (DDoS) attacks. The Internet security solutions detect attacks and nullify their effects on the network; ensuring e-commerce and web hosting services remain uninterrupted in order to maintain smooth business operations.

Director of sales and education (EMEA) for RioRey, Duncan Hume, said: “As sophisticated security technology requires focus RioRey looks for top quality partners across Europe. We have worked with Network Defence for several years and the team has always impressed me, and with their combination of technical ability plus sales and marketing skills they show clear focus in a rapidly growing market sector.

“Network Defence has a strong client base in a number of vertical sectors and are clearly trusted advisors to their customers. RioRey provides DDoS protection that no other supplier can offer, by working with a dedicated partner who fully understands our needs and the needs of their customers we can ensure the clear messaging required around DDoS mitigation is delivered; they are the perfect partner for our technology.”

Dave Beesley, managing director for Network Defence, said: “DDoS threats are very real and impact the market sectors we work in everyday. RioRey’s easy-to-install and intelligent range of products complement the solutions and services Network Defence has to offer, adding great value to our portfolio. Working together we can benefit our customers by providing an additional layer of protection to those who rely on their website.”

RioRey are currently developing new products around DDoS mitigation and plan to use Network Defence as a key partner in their UK market strategy.

Tags: attacks, Dave Beesley, DDOS Protection, Duncan Hume, Internet, Security
Posted in DDoS protection solution | No Comments »

On previous post we shared the way to prepare our system to DDoS attack and the way to mitigate the risk. Now it is important to react in the good moment and make an effective action during the attack. Monitoring routers connection can help victim to detect the beginning of the attack.

First we should monitor the open Syn connections:

# Netstat-na | grep “: 80 \” | grep SYN_RCVD

At the normal situation the number should not pass the three connections. If there is more open connection than you are under attack and you should start by dropping these connections.
This is for the SYN-Flood case but for the HTTP-flood it is more complicated to detect, First you need to count number of Apache processes and number of port 80 connections:

# Ps aux | grep httpd | wc-l

# Netstat-na | grep “: 80 \” | wc-l

Next you need to check the IP-addresses list:

# Netstat-na | grep “: 80 \” | sort | uniq-c | sort-nr | less

To be sure that there is HTTP-flood attack is impossible but you can assume that you are under attack if one address in the list is repeated too many times. Additional evidence can be made using tcpdump:

# tcpdump -n -i < interface > -c 100

the Tcpdump will help you in tracking the source of the attack if a big number of packets targeting a single port / service (cgi-script or web directory).

Finally we have to start to work around the situation by dropping malicious IP-addresses. You can block IP’s directly from the router.

On the FreeBSD we can take some steps to avoid DDoS:

1 – Reduce the packet request time (protection against SYN-flood):

# Sysctl net.inet.tcp.msl = 7500

If an ACK is not received in this time, the segment can be considered “lost” and the network connection is freed.

Move your server in a blackhole when a TCP packet is received on a closed port. When set to ‘1′, SYN packets arriving on a closed port will be dropped without a RST packet being sent back

# Sysctl net.inet.tcp.blackhole = 2
# Sysctl net.inet.udp.blackhole = 1

Limits ICMP replies to 50 per second (protection against ICMP-flood):

# Sysctl net.inet.icmp.icmplim = 50

Increase the maximum number of sockets to the server that can be open (protection against all types of DDoS):

# Sysctl kern.ipc.somaxconn = 32768

Finally enable a kernel feature called DEVICE_POLLING (significantly reduces the load on the system during DDoS Attack):

1. Compiling the kernel with option “options DEVICE_POLLING”;
2. Activate the mechanism of polling: “sysctl kern.polling.enable = 1″;
3. Add the entry “kern.polling.enable = 1″ in / etc / sysctl.conf.

These are a well balanced steps to mitigate getting exposed for Distributed Denial of Service Attack

Tags: DDOS attack, freeBSD, Security
Posted in DDoS Attacks | No Comments »