With stories of spying and security breaches all over the news, it seems like...
Dear Hakin9 Readers,
This month’s issue is devoted to DDoS Attacks. We prepared some articles written by experts who face these problems every day.
Janice Camacho and Josh Day discuss the business impact of DDoS and the loss it causes. Elizabeth Botes shares her long-time experience in this field with you too. Gur Shatz mentiones five golden rules to avoid DDoS attacks. Correro’s Security Evangelist, Stephen Gates, advises what kind of system is most effective in preventing today’s DDoS attacks. Sergey Shekyan presents his SlowHTTPTest, a tool that tests DdoS attacks.
Passing to the practical articles, Orlando Pivi explains how to check if your computer is infected and how to deal with it. Sahil Khan shows how to gather information from website and from Large Computer Network with simple DOS Command.
Hakin9’s Editorial Team would like to give special thanks to the authors, betatesters and proofreaders.
We hope you enjoy reading this issue and find its content both informative and interesting.
DDoS As a Threat to Busines
Why DDoS Attacks Are a Threat You Can’t Afford to Ignore?
By Janice Camacho & Josh Day
Distributed Denial of Service (DDoS) attacks no longer occur on a small-scale basis: they are now classified as “cybercriminal” activity, especially because today’s hackers have managed to take down well-known global corporations. Many DDoS attacks still continue to bypass some of the strongest barriers, making no place on the Internet safe.
How to Combat Email-Based Threats to Business Continuity with Trusted Sender Recognition?
By Elizabeth Botes
Though mature and capable, the spam filters and anti-virus solutions that organizations currently rely on to counter email-based threats are quite simply not enough as new threats emerge. These threats can – and do – result in the theft of intellectual property, large sums of money being stolen and other serious disruptions that can significantly impact both day-to-day and long-term business operations.
The DDoS Protection Jungle – The Five Golden Commandments
By Gur Shatz
DDoS is not a theoretical threat but something businesses and organizations deal with every day. DDoS is different because it involves real people trying to take down your site, using their wits and tools to overcome every protection layer. This has pushed vendors to the limits of their creativity. The good thing is that there are good solutions and ideas out there. The bad news is that there are lots of different options and technologies to pick from. Regardless of the type of solution that is best for you, to be effective, it should adhere to a set of fundamental commandments.
Interview with Stephen Gates
By Aimee Rhodes
Stephen Gates, Corero’s key security evangelist, explains what are the business impacts of DDoS and what defense systems he believes are capable to prevent the attacks.
Stimulating Application Layer Denial of Service attacks with SlowHTTPTest
By Sergey Shekyan
Slow HTTP attacks are denial-of-service (DoS) attacks that rely on the fact that the HTTP protocol, by design, requires a request to be completely received by the server before it is processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data.
Step by step with Dos and DDoS
(D)DOS: Practical Approach
By Dario Ursomando and Emanuele De Lucia
During the last years with the advance of information and communication technologies, our societies are evolving into global information societies. This brought in a constant computing environment that has made cyber attacks significantly more sophisticated and threatening. With the technologies alling prices and with the subsequent growth of internet access is becoming easier and more profitable for criminal organizations or for the single vandal launch attacks against governments and commercial organizations.
How to Understand that Your PC Is Infected?
By Orlando Pivi
In this article you will learn how to control and secure a computer that can be infected by a virus or in general by malicious software or unwanted software (PUA – PUP*). You will have also a general idea of how to determine if a file is safe or not, manually and automatically, and you will learn also how to do to find what a specific file does to the system. Balanced the use of on-line services to create a simple guide understandable by all. Of course the most accurate way is a total manual analysis but to understand it you should have some knowledge base.
How to Gather Information with Ddos?
By Sahil Khan
In this article you will learn how to gather information from websites and from large computer network, in different environment, with simple DOS command. Information Gathering is also used in Forensic Investigation in both way, web and network.