Operation n

A growing technology is VOIP and there are a number of things, you can look for. Ideally, your voice network should be segregated from your data network using VLANs. Traditional phone/voicemail attacks may be used. There are two useful blogs that you may want to look into if you want to find out more, voipsecurityblog and Nortel.

This indirectly concerns the IT security industry but in the UK, there are less jobs going around for computer science graduates as 10% are unemployed after graduation. This seems a little bit strange considering in there is a skills shortage and university intake numbers are dropping.

So why aren’t companies hiring IT graduates? That’s a good question! Rightly or wrongly, companies are generally looking for guys to hit the floor running and be as productive as soon as possible. Training is expensive. I was just flicking through the SANS institute site and it’s not unheard of for a 5-day course to cost 3000 pounds. Training is also time-consuming and some companies may not have the luxury of time of having someone in-house train the kids up to speed.

The ideal solution is to introduce more industry-supported degrees. But once again that involved costs and these days with the credit crunch, cutbacks and job security worries, I wouldn’t be surprised that there is a major reluctance.

Something that was brought to my attention was this sticky honeypot that encourages scanning and attacks from the usual nasties of viruses, worms and hackers. This is an open source project called LaBrea. In some ways, it is like an Intrusion Detection System (IDS) that monitors traffic for suspicious activity or even an Intrusion Prevention System. There is even a tutorial on how to install it with irongeek.

I’ve heard a lot of more talk about this lately. In particular, how to test it? Now testing it, requires one of two things. Access to multiple connections with large bandwidth, which is expensive. Alternatively, access to a network of zombie hosts around the world, which is unethical. So testing is almost impossible. However, steps can be taken to counter this. Cisco offer a whitepaper on the very subject. And even the much maligned wikipedia offers some resources on how to prevent DDoS. It hints at using firewalls with ‘defender’ capabilities, switches with rate limiting, traffic shaping and deep packet inspection, and application front end hardware and IPS.

Have a look at what happened when there was a DDoS from Estonia

There has been a recent spate of domain hijacking. Even IANA and ICANN who have authority over some of the most the Internet’s most critical functions suffered from domain hijacking. Photobucket and Comcast have suffered the same fate. The attack may have simply been caused by a single email to the technical staff to update the DNS records according to Dancho Danchev.