It has been a while since my last post, so let us catch up on some very interesting trends that have been gaining momentum.
Since we last met, there have been a number of interesting events in the industry.
Carna Botnet's: Internet Census 2012
Researcher uses Nmap (NSE) to find a frightening amount of systems with the admin user: root and password: root, also finds a large number of embedded devices on the internet (printers, webcams)
Researcher uses this botnet of systems to conduct Internet Wide portscans in mere hours.
HD Moore's project: Critical IO
Hyperion Gray's Global Web Application Vulnerability Repo: PunkSPIDER
The University of Michigan's Networking and Security Research Group's: Internet Wide Monitoring
CloudAV Architecture: N-Version Antivirus in the Network Cloud - This project advocates and explores the deployment of malware detection functionality as an in-cloud service in contrast to the traditional host-based deployment model.
Detecting and Dismantling Botnet Command and Control Infrastructure using Behavioral Profilers and Bot Informants - In this project we seek to develop tools and techniques for identifying bots and botnets and for mitigating botnet attacks.
PREDICT - The Virtual Center for Network and Security Data is a unique effort to organize, structure, and combine the efforts of the network security researcher community with the efforts of the data measurement and collection community. Under the umbrella of the Protected Repository for the Defense of Infrastructure against Cyber Threats (PREDICT) our virtual center provides a common framework for managing datasets from various data providers.
Topology-Aware Internet Threat Detection Using Pervasive Darknets - This project seeks to increase the visibility and effectiveness of Internet threat detection systems by developing methods to automatically discover network topology and use that knowledge to deploy pervasive network sensors that enable new Internet threat detection capabilities.
Internet Motion Sensor - The Internet Motion Sensor (IMS) is a globally-scoped threat monitoring system whose goal is to measure, characterize, and track emerging threats such as worms, denial of service attacks and network scanning activities. The IMS utilizes a large collection of distributed sensors that monitor blocks of globally routable unused address space.
Let us take a moment to digest that information.
We have a growing amount of unmoderated bulk scanning of the internet taking place, we have standards groups moving to require responsible disclosure and remedation, and we have controls clamping down on the portals to the Net.
The future is clear.
If you require the Internet in order for you to do buisness (yes, that is most of you), then you are going to find yourself starting to proactively address security conserns in short order.
It took only minutes for researchers to discover and communicate the compromise and hosting of malware at NBC's websites; the sites was blocked and filtered shortly after. It took hours for NBC itself to announce and remediate the problem.
How much buisness would you like to do this year?
How many hours of downtime can you afford to loose?
It's no longer a case of Hackers directly taking you down with a DDoS or defacement.
Instead, your customers will now see the roads to your front door closed or detoured by the major gateways on the Net.
When building out you infrastructure, remember to aim for a Defensible Network Architecture; Don't fall victim to the fallacy of the 'Internal Network'