The title

Author: Peter Rigbye

DDoS Attack – What is it? How To protect Yourself

Major portions of the internet were recently taken offline by a major cyber attack. Websites became inaccessible and internet users were unable to access websites or undertake any of the usual things they do online.

According to global internet security provider Verisign in July 16 Distributed Denial-of-Service (DDoS) attacks have increased 75% year on year, and so recent attacks taking out major portions of the Internet globally are a sure sign of things to come.


So what does this actually mean?

DDoS attacks stop users from accessing any types of Internet resources. They are typically directed at webservers, or DNS servers, and cause those to be inundated with false requests, and thus flooding available bandwidth which then restricts access to resources on the same bandwidth. Hence they are called ‘Denial of Service’


How does this happen?

Hackers initially gain access to compromised devices, and then use these – perhaps hundreds or thousands at a time to launch specific requests against a target site. Hence they are termed ‘Distributed’.


Do I lose Data?

Generally, no – the attacks simply deny access to resources for a period of time. However, if you happen to have one of the machines used to generate the attack, it’s a different story…


Can I protect Myself Against DDoS Attacks?

Again, generally no – you are dependent on the services provider where your resources exist to implement appropriate protection to minimize such outages. BUT, there are steps you can take to minimize such disruptions:

[1] Ensure your DNS provider sets appropriate DNS timeouts for your resources – a day is a good time, but many providers will set five minutes. If you own a .com namespace and set your DNS timeouts too short, access to your resources hosted far away (such as in Singapore) may have been impacted because you could not get DNS name resolution to reach those resources.

[2] Implement bandwidth-limiting to ensure a single server cannot hog all available bandwidth by itself. At PASR for example we expressly limit all machines in this manner – for example our public DNS servers are limited to only 500Kbps to protect other resources in the event of such an attack.

If you are unclear about this and what it means for your business, please get in touch. Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

At PASR Technologies, we solve your IT problems before you even realize you have one!

The Black Art of SPAM Prevention

Most organisations today categorise email as mission-critical to their business, and so the ability to reliably send and receive emails receives a lot of attention from us. However, as we are all aware, the amount of junk mail – ‘SPAM’ – received is a continuing annoyance.

A quick check of our servers shows that over the past three months, a massive 53% (of nearly 1/2 million emails) of all emails received were suspect. Now obviously it would be great if we could simply block such messages, but detection of SPAM is more a black art than a defined science, and so SPAM filters must be continually adjusted and refined to ensure all real/valid emails get through (zero false-positives) while all SPAM is blocked. We could simply turn off SPAM filters, but generally this would result in 50% extra emails reaching each users’ inbox – a situation no user wants to contemplate.


Breakdown of the 53% Suspect Emails

 

Breaking down the above 53% shows that:

  • 2% of all emails contain malware – Viruses, Trojans etc – we definitely do not want these passed through.
  • 31% of all emails are from known spammers  – we want these blocked automatically, but as some users want to see some of these, we need to provide a mechanism whereby they can be retrieved.
  • 20% of all emails are where we have to be somewhat creative and apply our black-art talents to separating the wheat from the chaff, and it’s this 20% that seems to cause the most questions and mis-deliveries.

How to determine the validity of incoming email?

 

So what ‘black arts’ do we employ to determine the validity of this 20% (90,000) of messages? Essentially, each and every message is tested and given a Spam Confidence Level (SCL) score, and when it gets above a defined level, it is tagged as SPAM. Virtually all anti-SPAM solutions – whether in-house, or in-cloud, software-based or appliance-based – employ some or more of the following checks:

  1. Reputation of Sender:
    1. Is the sending server on a blacklist? This occurs when a recipient reports receiving SPAM from a server, and is placed on one or more of the 100+ blacklisting organisations.
    2. Is the sending server properly set up with a fixed address – determined by whether it has a Reverse-DNS (RDNS) entry. (Spammers will use arbitrary/impermanent servers).
    3. Does the sending organisation designate approved sending servers – via the Sender Policy Framework (SPF) stipulated in DNS
  2. Message Content:
    1. Does the message subject or content contain known SPAM-like words – such as ‘Drugs’, ‘Viagra’ and so on.
    2. Does the message contain multiple languages, such as combined English & Chinese?
  3. Message Distribution:
    1. How many recipients is the message sent to? More than a handful generally means the message is more likely to be Unsolicited Commercial Email (UCE).
  4. User Overrides:
    1. Has a given user either black-listed or white-listed a particular address?
    2. has a given user chosen to be more or less aggressive in their application of the above checks?

How to ensure that emails we send get read?

I trust from the above readers can get an idea of the issues we face in categorizing SPAM for delivery, and I trust that readers will also see that it’s very much an imperfect ‘guesstimation’ at best, and there is little as recipients we can do to more accurately qualify messages. But what should we do to ensure that messages we send get the highest possible chance to be delivered?

  • We MUST have adequate malware protection for inbound emails, and ideally also scan outbound emails for malware to ensure we do not compromise our message recipients.
  • We must properly designate and authenticate our outbound servers – via RDNS, SPF – and ensure all mails from our domain are sent only from these servers. This may not be just your corporate email server: – we must also check any other servers that send emails on behalf of our domain: -for example if our website sends emails, then it must also be properly designated and authenticated.
  • We must regularly check that our sending servers have not been blacklisted.
  • If we regularly need to send messages to more than a handful of recipients, we should consider using a third-party service rather than send such ‘mail-blasts’ through our own servers – which reduces the likelihood of getting our servers blacklisted.
  • If we send Unsolicited Commercial Email (UCE) as a Singapore organisation, we must ensure the subject line contains <ADV> and we must provide (and act on) an unscubscribe link – to ensure we comply with legislation, or otherwise face the risk of legal action against us.

If you would like to discuss this issue and what it means for your business, please get in touch. Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

At PASR Technologies, we solve your IT problems before you even realize you have one!

 

60% Of Cyber Attacks Are On SMEs

Cyber crime has been in the news recently. A few months ago the UK press was awash with the lurid headlines of   UK telco TalkTalk’s admission that it was the victim of a “significant and sustained” cyber-attack that has led to 157,000 customers’ personal details being accessed.

The UK Institute of Directors (IoD) said only “serious breaches” made the headlines, but attacks on British businesses “happen constantly”. The UK government said it was “committed to tackling cyber-crime”.

 


Here in Singapore we are not immune from this

Small and medium-sized enterprises (SMEs) are increasingly becoming soft targets for cyber criminals…who are increasing hacking into smaller businesses as a way of getting access to larger companies to which SMEs are suppliers.

SMEs are easy targets as often they lack the resources, expertise and technical manpower to defend themselves against cyber attacks. The situation is serious as the 2015 Internet Security Report shows that 60 per cent of all cyber attacks are on SMEs.

Ascendas’ www.spacetobe.com.sg website was hacked in 2014 – an activity that has occurred all too frequently to SG websites in past months. A concerned colleague – after being advised (three days later!) that the website’s database of personal  information might have been exposed – asked me:

 


This is scary – so how can I be safe?

And what a good question!

Basically, we cannot. In the same way that we can protect our own homes with locks – without being a locksmith – we simply cannot guarantee that our homes will not be broken into by thieves, and precious contents stolen. Yes, we can report the matter after that fact, but as for cybercrime, we may never know what has been taken, and may not get it back.

In the mentioned case the hackers defaced the site by posting a public notice stating it had been hacked, so users, and the site owners, knew that it had occurred, but consider this more scary scenario: – if the hackers above had sufficient access to deface the site:

  • How long have they had these permissions?
  • Have they previously extracted out personal/private data?
  • What if they just took data and did not advertise their presence this time?

A few pointers to feel safe and secure

How should we go about protecting personal information that we provide to various online resources? In the same manner that we choose good and strong locks for our doors and windows, we need to be sure that we each do the same with our online credentials, and we also need to ask the owners and managers of such resources about what security practices they follow. So there are two components here, but only one of them is under our own control.

Here’s a few pointers as to what we each must do.

  • Use strong passwords. Preferably use a phrase or something easily remembered. For example, change ‘My dog’s name is Spot’ into a password MdniS. Add perhaps the year we got our dog, and a special character, and you have MdniS2011# – a very strong password that we can easily remember without writing it down.
  • Use different passwords for each online resource that stores your information. If we access a lot of sites that need logins but do not store private/personal information, it’s OK to have a common username & password, but for those that do store such data, DO NOT SHARE.
  • Limit the amount of information that we provide. Just because a website asks for 25 pieces of data does not mean they are all mandatory. Limit the input to only those mandatory fields necessary to use the site.
  • If entering financial data like credit card numbers, make sure the site is using an encrypted connection: – look for the https httpsMoniker at the start of the url.

 


 

How can I be sure the site is secure?

All of the above however does not help us if the site is not secure, and this means we need to be sure that both the site owners practice good security, and the site hosters also practice good security – an entity we as site users do not have any direct contact with, which means we have to rely on the site owners. Here’s some questions you might like to ask of those that ask for your personal data.

OnlineCreditCard

  • How do you protect my data?
  • How do you protect your servers from hacking?
  • How are your servers physically protected?
  • Do you know who has administrative access to your servers?
  • What are your policies and practices regarding password management?
  • What are you policies and practices regarding terminating access for resigning employees?
  • Do you change access passwords when staff leave?
  • Do you disable user accounts when staff leave?
  • Do all administrative users for your site share the same username and password?
  • Is there an online policy available regarding security and data protection?
  • Do they regularly check security logs for improper access?
  • Do they have any intrusion detection/prevention systems in place?

Be aware of the risks and manage your own online information

Obviously, some of the providers we deal with may never answer these questions, and there is not a lot we as individuals can do to force them to do so – other than simply not giving them anything personal or private – but this approach will generally thwart our business, and so is not acceptable. In the end, we need to ensure that we personally manage our own online information as securely as we can, and be constantly vigilant over the bits we have no direct control over.

I personally use a lot of online resources, and supply credit card details at least weekly for purchases. Am I concerned? Sure, but simply being a luddite and stopping using them is not an option in today’s connected world. Have I ever been hacked? No, well not that I know of, but then I practice all the points I mention above, and ensure that the organisations I deal with online are reputable.

Finally, we must each remain continually aware of the risks associated with the online world, and be personally responsible for our own access.


If you would like to discuss these issues and what it means for your business, please get in touch. Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

At PASR Technologies, we solve your IT problems before you even realize you have one!

 

The 8 Big Recurring IT Issues For SMEs

As a SME business specialist we have been providing outsourced IT support services to SMEs and growing businesses in APAC since 1996.

Over this time we regularly come across the same, repeated concerns facing SME management. Regardless of business sector, the same challenges continue to crop up.

Here, in priority order, is my list of the 8 biggest issues together with the impacts on the SME management.

How many of the following do you grapple with?

Continue reading The 8 Big Recurring IT Issues For SMEs

© 2016 PASR Technologies Pte Ltd

Terms & ConditionsPrivacy Policy

Support

Support Hotlines

Email: support@pasr.net

Skype: pasrsupport

  • Singapore

    +65 6340 1018

  • India

    000 800 443 0046

  • Philippines

    1800 1651 0800