This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Achieving Best Practices for Virtual Machine Backup and Recovery

The following is external content provided as a free resource for blog readers.





This Lab Validation report from ESG provides you with best practices to create an environment that offers you simple unified data protection across physical and virtual landscapes, maximum protection and data availability, and reduced storage needs and operational costs.



Request Free!

Everything You Need To Know About A DDoS Attack

The following is external content provided as a free resource for blog readers.






Big companies and brands have been victims of attacks with the attacks themselves growing in size and complexity. While large corporations are often the topic of these stories, DDoS attacks can happen to companies of any size.


Just a few things you’ll learn and understand:



  • How downtime can mean big losses in revenue

  • Creating a defense plan

  • Ways to detect if you’re under attack

  • Mitigating DDoS attacks…and more!






Request Free!

Evaluating The Cost Of A DDoS Attack

The following is external content provided as a free resource for blog readers.






Take a look at all that a DDoS attack can cost you (hint: it’s not JUST downtime) and maybe you’ll reconsider your plan of crossing your fingers that no one attacks you.


While no one would want to undergo a DDoS attack and risk downtime, many companies don’t have the proper procedures and equipment in place to successfully prevent or mitigate an attack.


For something that may never happen, many look at DDoS protection as a sunk cost.


The question is, are you willing to risk the cost of a DDoS attack in order to save some money now? Find out just how much you’re putting at stake if you skimp on security.






Request Free!

Top 5 Ways to Improve Protection from Advanced Threats

The following is external content provided as a free resource for blog readers.





In a recent IDG Research Survey, enterprise executives cited both the sophisticated threat environment and consolidation of security functions as top drivers for Next Generation FireWall (NGFW) deployments.



Among other things, this webinar will discuss the top 5 ways network security professionals can improve their security posture in light of advanced threats. And see the 5 times faster next generation performance of Fortinet's FortiGate next generation firewalls.



Request Free!

5 DNS Security Risks That Keep You Up At Night

The following is external content provided as a free resource for blog readers.






In this whitepaper, we discuss 5 common and treacherous security threats that can completely debilitate your DNS, and subsequently, your online business. From DNS Amplification Attacks to Registrar Hijacking, we explain exactly what goes on during these attacks, what threat do they pose to you, and how you can prevent becoming a target yourself.


Don’t let your DNS fend for itself; give it the protection it needs to hide from the Internet monsters.






Request Free!

Space Weather Outlook July 27, 2014 at 10:44PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-30 2014 July 27 at 8:33 p.m. MDT (2014 July 28 0233 UTC) **** SPACE WEATHER OUTLOOK **** Summary For July 21-27 No space weather storms were observed. Outlook For July 28-August 3 There is a chance for R1 (minor) radio blackouts on 28 July - 03 August. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Data Centers in the Crosshairs: Today's Most Dangerous Threats

The following is external content provided as a free resource for blog readers.





Comprising the most valuable assets in your organization – your web, DNS, database, and email servers - data centers have become the number one target of cyber criminals, hacktivists and state-sponsored attackers. This paper analyzes the top five most dangerous threats to your data center. It also describes the impact of these threats and it reveals the latest methods, tools and techniques used by attackers to exploit data center resources.



Request Free!

Space Weather Outlook July 20, 2014 at 09:43PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-29 2014 July 20 at 7:31 p.m. MDT (2014 July 21 0131 UTC) **** SPACE WEATHER OUTLOOK **** Summary For July 14-20 No space weather storms were observed. Outlook For July 21-27 There is a chance for R1 (minor) radio blackouts 23-27 July. No geomagnetic or space radiation storms are expected. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

SECURITY LEADERSHIP SERIES: Security Strategies for Success

The following is external content provided as a free resource for blog readers.





For IT leaders, these security strategies for success are essential reading.



Request Free!

Critical Concepts of the 200-120 CCNA Routing and Switching Exam

The following is external content provided as a free resource for blog readers.





In the spring of 2013, Cisco announced major updates to their Cisco Certified Network Associate (CCNA) curricula, including a new version of the CCNA Routing and Switching exam (200-120 CCNA). This paper provides a review of the CCNA Routing and Switching exam's critical concepts, as an aid to students preparing to pass the latest version of the CCNA Routing and Switching exam.



Request Free!

The CIO Playguide for Secure BYOD

The following is external content provided as a free resource for blog readers.






Mobile devices and the ability to work everywhere present a huge opportunity but also pose a challenge for IT in securing corporate data. This ebook provides essential insights for planning and deploying BYOD processes and tools to mitigate security risks and assure proper compliance. Ensure a successful BYOD program today, download the free ebook.






Request Free!

Single Sign-On Saves South Shore Staff 583 Hours a Day

The following is external content provided as a free resource for blog readers.





Learn more about how single sign-on saved staff 583 hours a day and helped increase productivity at South Shore Hospital. With single sign-on they were able to reduce roaming sign-on time, increase security and improve their staff's overall workflow. Download this case study to learn how single sign-on saves time and increases user productivity in a regulated industry.



Request Free!

The Value of Perfect Forward Secrecy

The following is external content provided as a free resource for blog readers.





A solution is to employ Perfect Forward Secrecy, in which unrecoverable temporary session keys are generated, used and discarded. When implemented correctly with Elliptic Curve Cryptography (ECC), Perfect Forward Secrecy is more secure than RSA algorithms and performs better.



Request Free!

Space Weather Outlook July 13, 2014 at 11:08PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-28 2014 July 13 at 8:56 p.m. MDT (2014 July 14 0256 UTC) **** SPACE WEATHER OUTLOOK **** Summary For July 7-13 An R2 (moderate) radio blackout was observed on 08 July at 1620 UTC. R1 (minor) radio blackouts were observed on 09 and 10 July at 0026 and 2234 UTC respectively. No G1 (minor) or greater geomagnetic storms and no S1 (minor) or greater space radiation storms were observed. Outlook For July 14-20 There is a chance for R1 (minor) or greater radio blackouts throughout the forecast period, particularly after 24 July. There is a slight chance for an S1 (minor) space radiation storm on 14 July. No G1 (minor) or greater geomagnetic storms are forecast in the absence of any transient features. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Protect Your IT Systems with Next Generation Security

The following is external content provided as a free resource for blog readers.





A data breach, probings, hackers… protect your critical IT information. What these real-life examples have in common is that perpetrators can attack companies through their IT systems. Read how trusted computing from IBM PureFlex System can help secure your systems against emerging threats.



Request Free!

The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook

The following is external content provided as a free resource for blog readers.





The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions.



The following kit contents will help you get the most out of your Information Security research:

  • PC Security Handbook - 2nd Edition

  • Best Practices for Successful IP Address Management (IPAM)

  • Extended Validation SSL Certificates

  • Practical Guide to Secure File Transfers






Request Free!

Extending Traditional Security to VDI

The following is external content provided as a free resource for blog readers.





Organizations have adopted Virtual Desktop Infrastructure (VDI) due to benefits such as increasing overall utilization, reducing management costs, and enhancing security. VDI also supports consumerization and Bring-Your-Own-Device (BYOD) strategies, as endpoint users can access applications and data on their desktops using any mobile device, resulting in better productivity. However, extending traditional security to virtualized environments opens up networks to a plethora of security challenges and threats that can lead to business disruption or, worse, data leakage.



Request Free!

Space Weather Outlook July 06, 2014 at 09:45PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-27 2014 July 6 at 7:34 p.m. MDT (2014 July 7 0134 UTC) **** SPACE WEATHER OUTLOOK **** Summary For June 30-July 6 Category R1 (Minor) radio blackouts were observed on 01 July due to flare activity from active sunspot Region 2106. Outlook For July 7-13 Category R1-R2 (Minor-Moderate) radio blackouts are likely through 13 July due to potential flare activity from active sunspot Regions 2104, 2107, 2108 a nd 2109. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

The 2014 Next Generation Firewall Challenge

The following is external content provided as a free resource for blog readers.





The Target security breach and discovery of the “Heartbleed” vulnerability in web encryption software taught us some important lessons about enterprise security. Analyst Robin Layland applies those lessons to establish key requirements for Next-Generation Firewalls (NGFW). Then HP's TJ Alldridge explains how HP TippingPoint NGFW meets those requirements and offers a compelling NGFW that is simple, effective, and reliable.



Read the report to learn:

  • How NGFWs improve on earlier firewalls

  • Why they are needed to counter today's advanced threats

  • Why HP leads the industry in security vulnerability research

  • How HP TippingPoint keeps security professionals focused on what matters






Request Free!

No-IP Microsoft Takedown: When Good Intentions Go Bad

I know a lot of you haven't heard from me for a while - I'm still sorting through and typing up all the INCREDIBLE information I received from the 2014 Maryland Cybersecurity Symposium. However, today I had to take a break from all this, because of current events affecting users on the Internet.

In case you hadn't heard, Microsoft convinced a federal court to seize 22 of No-IP.com's domains, taking down most of No-IP's free subdomains and impacting millions of users. Microsoft's justification was that No-IP.com subdomains are used by malware creators.

According to No-IP, Microsoft's intention was only to "filter out" the bad sub-domains, and continue to serve traffic for the valid ones.  However, Microsoft's infrastructure was unable to handle the load, and stopped serving No-IP content completely. Even if Microsoft's infrastructure would have been able to handle the load, the privacy implications for this kind of court order are astounding, and disturbing.

To put this in context, this would be no different from another company convincing a Federal court to seize Outlook.com or Live.com "because spammers and scammers use it to contact victims". Then, monitor every single email address, and make sure it's not being used by a scammer.

Disturbed yet? You should be.  Common uses for No-IP include VPN/remote desktop to home systems, monitoring home security systems and IP-cameras, and private game servers. And the only way Microsoft would know for sure if a domain was used by a malware creator would be to inspect the traffic for each and every subdomain.  It's no wonder Microsoft's infrastructure wasn't able to handle the load.

Another use which I have personally used No-IP for in the past on multiple occasions is for seeding honeypot URLs. You can see some of the results of my honeypot over at the CaffSec Malware Analysis Lab, including a LOT of previously unknown malware. So, in Microsoft's attempts to make the Internet a safer place, they have seriously hindered my (and most likely others') honeypots ability to collect new malware samples.

Additionally - sometimes it's not always the right step to shutdown a malware command and control center. Sometimes, the better approach is to simply monitor the known command and control center, in order to trace back its origins.  Otherwise, when that C&C server is shutdown, investigators lose future sources of intelligence.  It is sometimes much more effective to monitor malware creators than play a never-ending game of whack-a-mole with their servers.

So, with that said, who's going to step up to the plate and sieze Microsoft's free email system? I'm sure they won't mind, since they had no problems seizing domains from No-IP.

Extending Traditional Security to VDI

The following is external content provided as a free resource for blog readers.





Organizations have adopted Virtual Desktop Infrastructure (VDI) due to benefits such as increasing overall utilization, reducing management costs, and enhancing security. VDI also supports consumerization and Bring-Your-Own-Device (BYOD) strategies, as endpoint users can access applications and data on their desktops using any mobile device, resulting in better productivity. However, extending traditional security to virtualized environments opens up networks to a plethora of security challenges and threats that can lead to business disruption or, worse, data leakage.



Request Free!

5 DNS Security Risks That Keep You Up At Night

The following is external content provided as a free resource for blog readers.






In this whitepaper, we discuss 5 common and treacherous security threats that can completely debilitate your DNS, and subsequently, your online business. From DNS Amplification Attacks to Registrar Hijacking, we explain exactly what goes on during these attacks, what threat do they pose to you, and how you can prevent becoming a target yourself.


Don’t let your DNS fend for itself; give it the protection it needs to hide from the Internet monsters.






Request Free!