Library items tagged: infosec

Seven steps to secure ntp servers from DDoS attacks

James Davis
Thursday, February 13, 2014 - 15:36
ntp
DDOS
DoS
reflection
infosec
Network time protocol (ntp) servers are regularly being used to reflect and amplify spoofed UDP packets towards the target of a DDoS attack. Attacks are growing in size and frequency and sometimes even cause issues for the organisations hosting the reflectors. Servers offering the 'monlist' command are particularly troublesome and can provide a huge amplification affect.
Read more

Janet Network Security Incident Classification Scheme

James Davis
Tuesday, December 17, 2013 - 11:11
CSIRT
infosec
security
The statistics provided by Jisc's Janet network CSIRT require a degree of interpretation. Often the numbers are influenced more by the team's activities than they are by external influences. For example: an increase in the number of malware incidents may indicate increasing infections, but it is just as likely to be due to increased detection rates by CSIRT.
Read more

"Fake" colleges

James Davis
Thursday, October 4, 2012 - 09:09
IPR
copyright
fake
infosec
security
There has been a resurgence of "fake" websites that infringe upon the intellectual property of our customers. Their name and brand may be misused, the design of their site may have been copied, or the website may be trying to masquerade as them. In some cases the legitimacy of the organisation running the site may be in question.
Read more

Penetration Testing

James Davis
Thursday, June 28, 2012 - 14:48
PCI
compliance
infosec
penetration test
pentest
security
Many organisations are looking to have some form of penetration testing performed on their systems. This may simply be to evaluate existing security measures and to find gaps where security needs improvement, but increasingly it is performed to comply with security standards when connecting to public sector networks or processing payment details.
Read more