Home Tags Overload

Tag: Overload

Microgrids: Energy independence (and money saved) for companies

At the end of a heavily wooded, sparse industrial park in Andover, Mass., sits the North American headquarters and R&D center for Schneider Electric, which earlier this month unveiled its own campus power microgrid.The microgrid for the global energy management conglomerate is expected to produce 520,000 kilowatt-hours (kWh) of electricity per year, or 10 percent of Schneider Electric’s power needs.
It’s also expected to reduce its energy costs by 20 percent.[ Control your storage requirements by eliminating data redundancy.
InfoWorld lays it all out in our Deep Dive Report on Data Deduplication. | Keep up with the latest approaches to managing information overload and compliance in InfoWorld's Enterprise Data Explosion Digital Spotlight. ]
Perhaps more importantly, the microgrid incorporates a natural gas generator as an anchor resource, allowing solar panels to operate during grid outages to maintain critical operations.
In the event of a power outage, a lithium-ion battery storage system would provide up to 100KW of power for an hour.To read this article in full or to leave a comment, please click here

14% off APC 11-Outlet Surge Protector with USB Charging Ports and...

Be it a lightning strike that destroys a home entertainment center or consistently fluctuating power that degrades the performance and shortens the life of your electronics – surges, lightning, and other power disturbances can have a devastating impact on the valuable electronics you rely on every day.

The P11U2 from APC offers guaranteed surge protection.

Connect and protect up to 11 electronics, and conveniently charge your mobile devices via 2 additional USB ports.
Installation is convenient and easy with a 180-degree rotating power cord and right-angle plug. Lastly, three LED indicators inform you if there is any overload, unit, or wall wiring issues.

The P11U2 averages 4.5 out of 5 stars from over 1,500 people on Amazon (read reviews), where its typical list price of $34.99 is discounted 14% to $29.99.
See this deal on Amazon.To read this article in full or to leave a comment, please click here

Cloud companies are eyeing cell services, Nokia CEO says

Enterprises and cloud companies will start trying their hands at cellular this year, Nokia President and CEO Rajeev Suri predicts.“Enhanced reality” and events such as concerts may be where cloud giants first get into mobile services, Suri said at a Nokia event in Barcelona on the eve of Mobile World Congress.[ Your company's data and applications will grow, but you can manage infrastructure convergence without losing your grip. | Keep up with the latest approaches to managing information overload and compliance in InfoWorld's Enterprise Data Explosion Digital Spotlight and Storage newsletter. ]“The first webscale players will enter the wireless access domain with mainstream technologies,” Suri said. Webscale usually refers to operators of big clouds, like Google, Facebook, and Alibaba.
Suri didn’t name any names.To read this article in full or to leave a comment, please click here

Trump inauguration DDoS protest is ‘illegal’, warn securobods

Whitehouse.gov down? A software engineer is calling on netizens opposed to Donald Trump to visit the Whitehouse.gov site and overload it with traffic tomorrow. The call to mark inauguration day by "occupying" whitehouse.gov as a form of protest against Donald Trump’s presidency is likely to succeed only in getting participants into trouble, security experts warn. Kyle Wilhoit, senior security researcher at DomainTools, commented: “Protestors across the globe continue to utilize denial of service and DDoS attacks to propagate their viewpoints and spread the concept of civil disobedience.
In this situation, the White House likely has protections in place to help prevent simple page refresh denial of service attacks, so in order for this style of attack to succeed, it would require a very large volume of traffic from thousands of personal machines.” Amichai Shulman, CTO and co-founder of Imperva, compared the protest campaign to similar action by the Anonymous hacker collective in 2010 / 2011. Anonymous, which declared "total war" on Trump before the US election last November, this week called on supporters to dig up and release any damaging information they could find on the incoming US president, The Daily Telegraph reports. The separate “call for protestors” to gather at whitehouse.gov is being hosted on a website using the .io domain, which is assigned to the British Indian Ocean Territory.

The person behind the protest, who is calling themselves Juan Soberanis, describes it as an act of civil disobedience akin to marching on Washington DC. Security experts caution that what has been proposed amounts to organising a distributed denial-of-service attack, an illegal act under anti-hacking laws in the US, UK and other countries. Stephen Gates, chief research intelligence analyst at NSFOCUS IB, warned: “Participating in a DDoS attack is a crime, regardless if you use a tool, a script, a botnet for hire, or a finger and a keyboard.  If protesters move forward with this demonstration, they must remember that their source IP addresses in most cases will not be spoofed, meaning law enforcement can easily track those who participate.” The protester site hosting the action is up and running, even though the whitehouse.gov down campaign itself was unavailable when El Reg checked it on Thursday morning. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub

Netsurion Launches SIEM-at-the-Edge and Breach Detection Services

New services launched by Netsurion benefit from the company's October 2016 acquisition of EventTracker, bringing advanced security logging and remediation to small and branch offices. Security firm Netsurion is launching its first new services since ac...

Hurricanes, Earthquakes & Threat Intelligence

You must be prepared for foreseeable attacks as well as the ones that sneak up on you. Organizations deal with two types of cyberthreats: hurricanes and earthquakes. Hurricanes are those attacks you can see coming; earthquakes, you can't. Both are inevitable, and you need to plan and take action accordingly. This starts with an understanding of what threat intelligence is and how to make it relevant and actionable. Threat intelligence can help you transition from constantly reacting to being proactive. It allows you to prepare for the hurricanes and respond to the earthquakes with an efficient, integrated approach.   Eliminate Noise Mention threat intelligence and most organizations think about multiple data feeds to which they subscribe — commercial sources, open source, and additional feeds from security vendors — each in a different format and most without any context to allow for prioritization. This global threat data gives some insight into activities happening outside of your enterprise — not only attacks themselves, but how attackers are operating and infiltrating networks. The challenge is that most organizations suffer from data overload. Without the tools and insights to automatically sift through mountains of disparate global data and aggregate it for analysts and action, this threat data becomes noise: you have alerts around attacks that aren't contextualized, relevant, or a priority. To make more effective use of this data, it must be aggregated in one manageable location and translated into a uniform format so that you can automatically get rid of the noise and focus on what's important. Focus on Threats With global threat data organized, you can focus on the hurricanes and earthquakes that threaten your organization. Hurricanes are the threats you know about, can prepare for, protect against, and anticipate based on past trends. For example, based on research, say that we know a file is malware. This intelligence should be operationalized — turned into a policy, a rule, or signature and sent to the appropriate sensor — so that it can prevent bad actors from stealing valuable data, creating a disruption, or causing damage. As security operations become more mature, you can start to get alerts on these known threats in addition to automatically blocking them so you can learn more about the adversary. This allows you to focus on the attacks that really matter. Earthquakes are unknown threats, or threats that you may not have adequate countermeasures against, that have bypassed existing defenses. Once they're inside the network, your job is to detect, respond, and recover. This hinges on the ability to turn global threat data into threat intelligence by enriching that data with internal threat and event data and allowing analysts to collaborate for better decision making. Threat intelligence helps you better scope the campaign once the threat is detected, learn more about the adversary, and understand affected systems and how to best remediate. By correlating events and associated indicators from inside your environment (e.g., SIEM alerts or case management records) with external data on indicators, adversaries, and their methods, you gain the context to understand the who, what, when, where, why, and how of an attack. Going a step further, applying context to your business processes and assets helps you assess relevance. Is anything the organization cares about at risk? If the answer is "no," then what you suspected to be a threat is low priority. If the answer is "yes," then it's a threat. Either way, you have the intelligence you need to quickly take action. Make Intelligence Actionable Intelligence has three attributes that help define "actionable." Accuracy: Is the intelligence reliable and detailed? Relevance: Does the intelligence apply to your business or industry? Timeliness: Is the intelligence being received with enough time to do something? An old industry joke is that you can only have two of the three, so you need to determine what's most important to your business. If you need intelligence as fast as possible to deploy to your sensors, then accuracy may suffer and you might expect some false positives. If the intelligence is accurate and timely, then you may not have been able to conduct thorough analysis to determine if the intelligence is relevant to your business. This could result in expending resources on something that doesn't present a lot of risk. Ultimately, the goal is to make threat intelligence actionable. But actionable is defined by the user. The security operations center typically looks for IP addresses, domain names, and other indicators of compromise — anything that will help to detect and contain a threat and prevent it in the future. For the network team, it's about hardening defenses with information on vulnerabilities, signatures, and rules to update firewalls, and patch and vulnerability management systems. The incident response team needs intelligence about the adversary and the campaigns involved so they can investigate and remediate. And the executive team and board need intelligence about threats in business terms — the financial and operational impact — in order to increase revenue and protect shareholders and the company as a whole. Analysts must work together and across the organization to provide the right intelligence in the right format and with the right frequency so that it can be used by multiple teams. Operationalizing threat intelligence takes time and a plan. Many organizations are already moving from a reactive mode to being more proactive. But to make time to look out at the horizon and see and prepare for hurricanes while also dealing with earthquakes, organizations need to move to an anticipatory model with contextual intelligence, relevance, and visibility into trends in the threat landscape. Related Content: As Senior VP of Strategy of ThreatQuotient, Jonathan Couch utilizes his 20+ years of experience in information security, information warfare, and intelligence collection to focus on the development of people, process, and technology within client organizations to assist in ... View Full Bio More Insights

DoS technique lets a single laptop take down an enterprise firewall

At a time when the size of distributed denial-of-service attacks has reached unprecedented levels, researchers have found a new attack technique in the wild that allows a single laptop to take down high-bandwidth enterprise firewalls. The attack, dubbed BlackNurse, involves sending Internet Control Message Protocol (ICMP) packets of a particular type and code.
ICMP is commonly used for the ping network diagnostic utility, and attacks that try to overload a system with ping messages—known as ping floods—use ICMP Type 8 Code 0 packets. BlackNurse uses ICMP Type 3 (Destination Unreachable) Code 3 (Port Unreachable) packets instead and some firewalls consume a lot of CPU resources when processing them. According to experts from the Security Operations Center of the Danish telecom operator TDC, it would take from 40,000 to 50,000 ICMP Type 3 Code 3 packets a second to overload a firewall.

This is not a large number of packets and the bandwidth required to generate them is 15Mbps to 18Mbps, which means that BlackNurse attacks can be launched from a single laptop. “The impact we see on different firewalls is typically high CPU loads,” the TDC Security Operations Center (SOC) said in a technical report. “When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the internet.

All firewalls we have seen recover when the attack stops.” TDC SOC tested the attack successfully against Cisco Adaptive Security Appliance (ASA) firewalls in default configurations.

Cisco’s own documentation recommends that users allow ICMP Type 3 messages. “Denying ICMP unreachable messages disables ICMP Path MTU discovery, which can halt IPSec and PPTP traffic,” the company warns in its user guidelines. Some firewalls from Palo Alto Networks, SonicWall and Zyxel Communications are also affected, but only if they’re misconfigured or if certain protections are not turned on. “Palo Alto Networks Next-Generation Firewalls drop ICMP requests by default, so unless you have explicitly allowed ICMP in a security policy, your organization is not affected and no action is required,” Palo Alto said in a blog post in response to TDC SOC’s report. Customers who need to allow ICMP requests can follow best practices for DoS protection to mitigate this attack, the company said.

This involves enabling ICMP Flood and ICMPv6 Flood in their firewall’s DoS protection profile. Denial of service attacks are typically about generating more traffic than the target’s internet bandwidth can take.

BlackNurse is unusual in this respect, because it cannot be stopped by provisioning additional bandwidth. “On firewalls and other kinds of equipment a list of trusted sources for which ICMP is allowed could be configured,” the TDC SOC experts advise. “Disabling ICMP Type 3 Code 3 on the WAN interface can mitigate the attack quite easily.

This is the best mitigation we know of so far.” That said, there are many devices out there that are configured to accept ICMP traffic from the internet.

The TDC SOC has identified 1.7 million of them in Denmark alone.