ddosim (v0.2) - the application layer DDOS simulator
november 2010 by hanicker
Dear All, I am pleased to present the new version of ddosim (v0.2) - the application layer DDOS simulator. Description ======== DDOSIM simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, DDOSIM starts the conversation with the listening application (e.g. HTTP server). Can be used only in a laboratory environment to test the capacity of the target server to handle application specific DDOS attacks. Features ====== - HTTP DDoS with valid requests - HTTP DDoS with invalid requests (similar to a DC++ attack) - SMTP DDoS - TCP connection flood on random port Download ======= http://sourceforge.net/projects/ddosim/ Documentation =========== http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/ Contact ======
Adrian Furtuna gmail.com Enjoy! Adrian
Inthenews
from google
Adrian Furtuna gmail.com Enjoy! Adrian
november 2010 by hanicker
More evidence of value of security certification
february 2010 by hanicker
This story appeared on Network World at http://www.networkworld.com/news/2010/020810-security-certification.html
More evidence of value of security certification
By M. E. Kabay, Network World February 08, 2010 12:04 AM ET
This is the second of five articles discussing the benefits (if any) of security certifications in the job market. In the first article, a number of studies suggested that certifications do indeed improve prospects for hiring and higher salaries.
In this article, I conclude the review of recent studies and surveys with yet more encouraging news for holders of security certifications.
* * *
In June 2008, NetworkWorld writer Jon Brodkin pointed out that "Overall, the value of 164 IT certifications measured by Foote dropped 4.9% the past two years and 1.6% in the six-month period ending April 1 [2008]." However, Brodkin wrote, "Some certifications are bucking the trend and rising in value. IT security certifications rose 3.1% in value over the past two years and 1.2% in value in the last six months. Certain types of security skills are seeing dramatic growth. A 27% rise in value was measured for the Certified Information Security Manager designation, just in the past six months. In second place with a 25% rise in the last six months was the GIAC Security Expert cert."
In a follow-up article, Brodkin reported on a survey carried out for the International Information Systems Security Certification Consortium, (ISC)^2, which showed "that holders of the CISSP, SSCP or CAP certifications who work in the Americas and have at least five years experience earn [an average of] $102,376 per year – more than $21,000 higher than IT pros who also have five years experience but lack the certifications."
Reporting on the popularity of security certifications, Joan Goodchild of CSO Magazine wrote about a CompTIA survey that came out in late October 2009. The study of more than 1,500 IT workers found that many of them planned to pass certifications in security, ethical hacking and digital forensics.
Goodchild added …[M]ore companies are requiring IT security certification…. [T]he number of organizations where IT security certification is required has increased by half and is continuing to grow; 32% of employees were required to have certifications in 2008, compared to 20% in 2006.
Foote Partners maintains a database with constant updates to produce its annual "IT Skills and Certifications Pay Index." The latest edition (as of this writing in the first week of January 2010) includes "data collected through January 1, 2010." A 55-page PDF sample of the $2,500, 305 page quarterly report ($9,750 for a year's worth of reports) is available free online to illustrate the format of the report (most of the charts have been redacted to blanks).
Among the 201 specializations studied by Foote Partners, 34 certifications specifically involve security, auditing, forensics or penetration testing.
Founder David Foote, who also serves as Foote Partners' CEO & Chief Research Officer, was quoted in a Dec. 31, 2009 interview in a Bank Information Security podcast as saying that "Information security is the hot career option for professionals in 2010 and beyond." He was also interviewed back in August 2009 by Carolyn Gibney of SearchSecurity and said much the same thing: "Foote says there's reason for those in the security industry to be optimistic."
The Jan. 5, 2010 issue of the System Administration and Network Security (SANS) NewsBites started with the following assertion in an advertisement for the organization's courses:
The hottest security skills employers are seeking for 2010:
1. Red teaming/penetration testing (systems/networks and applications)2. Forensics3. Security essentials4. Reverse engineering malware5. Auditing networks and systems (hands-on testing)6. Intrusion detection7. Security management and leadership8. Securing virtual systems9. CISSP certification
Plus: Effective presentation skills for security professionals.
This last point is important: in addition to technical skills, communications and management skills are valuable to IA professionals. Recently Paul Dorey, chairman of the Institute of Information Security Professionals in Britain, was quoted as follows:
"We are entering a time when IT security people are going to have to move from being merely advisers to the business to real professionals whose views are listened to," he said. As IT supports every aspect of life, security breaches become potentially life-threatening or disastrous for their organisations. Just as bridge designers and structural engineers work to common and consistent standards and are therefore respected, he said, so security professionals should command the same level of respect.
For that to happen, security professionals need to communicate effectively with a wide range of disciplines – including audit, risk assessment and compliance, IT and engineering. "They need to be like chameleons to fit into those disciplines," he said. "You may not become an expert in them all, but you must at least don the facade. ... Get some mentoring to help you understand them."
In the next article in this five-part series, I'll look at the wider context of certification and licensing for a range of professionals in the United States and point to the efforts beginning in the early 2000s to force certification for IA officers in the U.S. Department of Defense.
Read more about security in Network World's Security section.
All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com
Inthenews
from google
More evidence of value of security certification
By M. E. Kabay, Network World February 08, 2010 12:04 AM ET
This is the second of five articles discussing the benefits (if any) of security certifications in the job market. In the first article, a number of studies suggested that certifications do indeed improve prospects for hiring and higher salaries.
In this article, I conclude the review of recent studies and surveys with yet more encouraging news for holders of security certifications.
* * *
In June 2008, NetworkWorld writer Jon Brodkin pointed out that "Overall, the value of 164 IT certifications measured by Foote dropped 4.9% the past two years and 1.6% in the six-month period ending April 1 [2008]." However, Brodkin wrote, "Some certifications are bucking the trend and rising in value. IT security certifications rose 3.1% in value over the past two years and 1.2% in value in the last six months. Certain types of security skills are seeing dramatic growth. A 27% rise in value was measured for the Certified Information Security Manager designation, just in the past six months. In second place with a 25% rise in the last six months was the GIAC Security Expert cert."
In a follow-up article, Brodkin reported on a survey carried out for the International Information Systems Security Certification Consortium, (ISC)^2, which showed "that holders of the CISSP, SSCP or CAP certifications who work in the Americas and have at least five years experience earn [an average of] $102,376 per year – more than $21,000 higher than IT pros who also have five years experience but lack the certifications."
Reporting on the popularity of security certifications, Joan Goodchild of CSO Magazine wrote about a CompTIA survey that came out in late October 2009. The study of more than 1,500 IT workers found that many of them planned to pass certifications in security, ethical hacking and digital forensics.
Goodchild added …[M]ore companies are requiring IT security certification…. [T]he number of organizations where IT security certification is required has increased by half and is continuing to grow; 32% of employees were required to have certifications in 2008, compared to 20% in 2006.
Foote Partners maintains a database with constant updates to produce its annual "IT Skills and Certifications Pay Index." The latest edition (as of this writing in the first week of January 2010) includes "data collected through January 1, 2010." A 55-page PDF sample of the $2,500, 305 page quarterly report ($9,750 for a year's worth of reports) is available free online to illustrate the format of the report (most of the charts have been redacted to blanks).
Among the 201 specializations studied by Foote Partners, 34 certifications specifically involve security, auditing, forensics or penetration testing.
Founder David Foote, who also serves as Foote Partners' CEO & Chief Research Officer, was quoted in a Dec. 31, 2009 interview in a Bank Information Security podcast as saying that "Information security is the hot career option for professionals in 2010 and beyond." He was also interviewed back in August 2009 by Carolyn Gibney of SearchSecurity and said much the same thing: "Foote says there's reason for those in the security industry to be optimistic."
The Jan. 5, 2010 issue of the System Administration and Network Security (SANS) NewsBites started with the following assertion in an advertisement for the organization's courses:
The hottest security skills employers are seeking for 2010:
1. Red teaming/penetration testing (systems/networks and applications)2. Forensics3. Security essentials4. Reverse engineering malware5. Auditing networks and systems (hands-on testing)6. Intrusion detection7. Security management and leadership8. Securing virtual systems9. CISSP certification
Plus: Effective presentation skills for security professionals.
This last point is important: in addition to technical skills, communications and management skills are valuable to IA professionals. Recently Paul Dorey, chairman of the Institute of Information Security Professionals in Britain, was quoted as follows:
"We are entering a time when IT security people are going to have to move from being merely advisers to the business to real professionals whose views are listened to," he said. As IT supports every aspect of life, security breaches become potentially life-threatening or disastrous for their organisations. Just as bridge designers and structural engineers work to common and consistent standards and are therefore respected, he said, so security professionals should command the same level of respect.
For that to happen, security professionals need to communicate effectively with a wide range of disciplines – including audit, risk assessment and compliance, IT and engineering. "They need to be like chameleons to fit into those disciplines," he said. "You may not become an expert in them all, but you must at least don the facade. ... Get some mentoring to help you understand them."
In the next article in this five-part series, I'll look at the wider context of certification and licensing for a range of professionals in the United States and point to the efforts beginning in the early 2000s to force certification for IA officers in the U.S. Department of Defense.
Read more about security in Network World's Security section.
All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com
february 2010 by hanicker
Is my network part of a Botnet -- How do I find out?
february 2010 by hanicker
Welcome to BotHunter Central Latest release: version 1.5 BotHunter is a U.S. Registered Trademark of SRI International, 2009. (1) Patent Pending.
BotHunter 1.5 Development Team: Phillip Porras (Lead), Martin Fong, Keith Skinner, Steven Dawson, Rukman Senanayake, Leigh Moulder BotHunter is developed and maintained by the Computer Science Laboratory, SRI International BotHunter is the first, and still the best, network-based malware infection detection system out there. It tracks the two-way communication flows between your computer(s) and the Internet, comparing your network traffic against an abstract model of malware communication patterns.(1) Its goal is to catch bots and other coordination-centric malware infesting your network, and it is exceptionally effective. BotHunter will help you catch malware infections that go regularly undetected by antivirus systems and completely ignored by traditional intrusion detection systems. Let's find out who really owns your network. Get BotHunter Now (FREE) and Check Out: BotHunter2Web
NOW HUNTING ON: Windows, Linux, FreeBSD, MacOS
Inthenews
from google
BotHunter 1.5 Development Team: Phillip Porras (Lead), Martin Fong, Keith Skinner, Steven Dawson, Rukman Senanayake, Leigh Moulder BotHunter is developed and maintained by the Computer Science Laboratory, SRI International BotHunter is the first, and still the best, network-based malware infection detection system out there. It tracks the two-way communication flows between your computer(s) and the Internet, comparing your network traffic against an abstract model of malware communication patterns.(1) Its goal is to catch bots and other coordination-centric malware infesting your network, and it is exceptionally effective. BotHunter will help you catch malware infections that go regularly undetected by antivirus systems and completely ignored by traditional intrusion detection systems. Let's find out who really owns your network. Get BotHunter Now (FREE) and Check Out: BotHunter2Web
NOW HUNTING ON: Windows, Linux, FreeBSD, MacOS
february 2010 by hanicker
A new version of [IN]SECURE magazine is ready for download
DOWNLOAD ISSUE 24 HERE (February 2010)
Writing a secure SOAP client with PHP: Field report from a real-world project
How virtualized browsing shields against web-based attacks
Review: 1Password 3
Preparing a strategy for application vulnerability detection
Threats 2.0: A glimpse into the near future
Preventing malicious documents from compromising Windows machines
Balancing productivity and security in a mixed environment
AES and 3DES comparison analysis
OSSEC: An introduction to open source log and event management
Secure and differentiated access in enterprise wireless networks
AND MORE!
Inthenews
from google
february 2010 by hanicker
DOWNLOAD ISSUE 24 HERE (February 2010)
Writing a secure SOAP client with PHP: Field report from a real-world project
How virtualized browsing shields against web-based attacks
Review: 1Password 3
Preparing a strategy for application vulnerability detection
Threats 2.0: A glimpse into the near future
Preventing malicious documents from compromising Windows machines
Balancing productivity and security in a mixed environment
AES and 3DES comparison analysis
OSSEC: An introduction to open source log and event management
Secure and differentiated access in enterprise wireless networks
AND MORE!
february 2010 by hanicker