WatchDog Case 1: Attacks on Port 5432

Watchdog dashboard shows that for the last 7 days ended Nov 6, 2022, attacks using port 5432 have increased by 158% (as seen below). We have sent abuse alerts to the top networks where the attacks came from. In the chart below: Incrediserve LTD network is the most prolific source of attacks (5276 incidents representing a 1,470% increase over the prior 7 days).

We quickly identify the rogue source IP from Incrediserve LTD using Port 5432: (In this case: 89.248.163.199). We also note the increase in attacks by this IP over the last 7 days.

What exploits are on port 5432 ?
A quick check over at SANS Internet Storm center shows that this port is associated with PostGres database server. Apple also uses this for ARD 2.0 Database.

When we compare our dashboard results with worldwide stats, there is a slight increase in world wide attacks on PostGres. This typically means that there are exploitable vulnerabilities that may or may not be patched:

SANS Internet Storm Center chart for 5432

True enough. There ARE recently published vulnerabilities for PostGres (https://stack.watch/product/postgresql/)

Lesson Learned?
By monitoring our network for changes in attack patterns, we can focus on vulnerabilities that are actively being targeted. Patch your PostGres now.

To learn more about Watchdog, visit this : https://futuregen.sg/big-data/whitepaper-reducing-cyber-incidents-by-combatting-hackers-with-legal-revocation-strategy/

Early Breach Detection Lowers Costs

According to a March and McLennan study (Cyber Risk in Asia Pacific), Asian firms take 1.7 times longer to discover a data breach.

MMC Cyber risk in Asia Pacific
MMC Cyber risk in Asia Pacific

In addition, IBM Security and Ponemon Institute computes the average total cost of data breach at USD 141 per lost or stolen record.

The study also showed a strong relationship between mean time to detection (MTTI)  and the cost of each data breach. The good news, if we can call them that, is that the worldwide average breach detection time has improved from 201 days in 2016 to 190 days in 2017.

However, this is still far from the ideal 100 days mean time to breach detection.  The graph below shows that the longer a company takes to discover a data breach, the higher the associated cost to contain it later on.

Breach Detection and Average total costs

So one key goal of your company’s security framework would be to shorten cyber breach detection times.  One common way seasoned network admins do this is via SNMP monitoring of all network and server devices.

Then they also add SIEM capabilities (Security Incident and Events Monitoring). By correlating SNMP, syslog and SIEM data together, it will be easier for network guys to detect breaches in a shorter time.

 

Asian Internet Profile 2009 to Feb 2017

Based on MLab Data 2009 to 2016

Future Gen to Participate in RootCon 2016

RootCon 2016
RootCon 2016

Watch Mr Wilson L. Chua present actual cases at the Root Con 2017 event in Tagaytay, Philippines where Big Data Analytics was used to help uncover hacks and attempts.

Cases showcase how descriptive and predictive analytics can be used to help network admins present their analysis in a graphical and more intuitive format – one that helps C-level executives more easily understand and grasp the complex landscape.

Big Data Analytics Applied to Network Operations @ PHNOG event

PHNOG Conference 2016
PHNOG Conference 2016

 

The Department of Science and Technology – Advanced Science and Technology Institute (DOST-ASTI), in partnership with the Philippine Network Operators’ Group (PhNOG), and Trans-Eurasia Information Network (TEIN) Network Cooperation Center (TEIN*CC) will be conducting a one (1)-day Conference with the theme ‘”All over IP’ (AoIP) – touching the different facets of Internet, entwined to our daily lives” on 25 January 2016 at the Marriott Grand Ballroom, Marriott Hotel Manila, Pasay City, Metro Manila.

 

1100Big Data Analytics Applied in Network OperationsWilson Chua
1130IXP Next steps (advantages and disadvantages)Daishi Shima/BBIX
1200Lunch break
130Management and Sustainability of the IXP – taking it to the next level – Global Examples / DNSSECJane Coffin/ISOC, Kevin Meynell/ISOC
200Internet enabled businesses (challenges/milestones)Rhett Jones/Rise
230CDNs and Internet traffic AnalysticsKam-Sze Yeung/Akamai
300Role of a Peering ManagerJake Chin/Google
330Break time
400Network SecurityMon Nunez
430Internet BCPsAmante Alvaran/Brocade
500Evolution of the Network Engineer Job RoleCeejay Dideles
530IOTBenjie Tan
600Closing

 

Said activity aims to gather participants from the R&D and IT/ICT communities together with the current PhNOG members to discuss the opportunities that can be derived from joining and using the TEIN Network. TEIN is a high speed international research network which provides access to researchers and research institutions within participating countries in Asia and Europe. Through TEIN, international joint research projects pertaining to climate change, remote medical service, remote cultural performances, agriculture, and information technology have been conducted. Local and foreign experts will also share their knowledge and experiences that will enable the continuous development of the Philippine Internet.

On the other hand, Philippines Network Operators Group (PHNOG) is a nonprofit organization established to promote coordination among Network Operators in Philippines. Focus is given to knowledge development of all members as well as the Philippines IT community as a whole through discussions on technical issues/concerns regarding the Internet and network management.

In line with this, we would like to invite you as one of the participants in this one (1)-day activity. Registration for this activity is free. Please take note that the activity only offers limited slots, which will be granted on a first come, first served basis. Deadline for registration is on 15 January 2016. To reserve your seat, kindly register at this link: https://www.apan41manila.com/events/register/xphilippine-network-operators-group-conferenc

Should you have any clarifications, please feel free to contact Mitz Ann N. Montañez at mitz@asti.dost.gov.ph or Marie Antoinette F. Bangabang at meiann@asti.dost.gov.ph. You may also call +63 2 4269760 loc. 1603 / loc.1408.

– See more at: http://www.bnshosting.net/#sthash.plX0krt8.dpuf

When to Outsource?

People usually think that companies outsource some of their functions to save on money. While this has been true in the early days of outsourcing where companies enjoyed the savings from properly implemented plans, they  have also realised some additional benefits from outsourcing. Generally, when either one or more of the following occurs, it is best you consider Outsourcing as a viable option:

  1. Vacant positions are open for a long time.
    Your HR is facing a dwindling pool of qualified people for the open positions. In a tight labor market, outsourcing lets your HR source from a wider pool of potential star performers. You won’t be limited to hiring from your immediate vicinity.
  2. Uncertainty with Market conditions. 
    Management would like to have a more flexible and nimble operation that is not weighed down by a high fixed headcount. Think: Peak and low seasons. It is nice if you can forecast the future growth of your operations, and maintain your staff, but what happens in a downturn? It is easy to hire, and sadly, hardest to fire/layoff people.  By outsourcing your spillover work, you maintain that flexibility and are relieved of having to lay off extra workforce in low seasons.
  3. Quicker time to Market.
    Sometimes your project/s needs that top talent and you can’t wait to train/develop your in-house talents. Outsourcing enables your company to tap on the expertise and specialization of outsourcing companies in what they do best. Your in-house talents can work beside your outsourcing provider and hopefully, your inhouse talents can absorb the best practices and accelerate their own expertise.
  4. Minimizing Operational Risks.
    Sometimes, it just makes sense to ‘not put all your eggs in one basket’. Outsourcing enables your company to spread your manpower over geographic distances. This makes a lot of sense when the next global pandemic or catastrophe hits your main operating region.

Easy to Deploy Security Appliance

Untangle unveiled today its new pricing for its plug and play line of easy to deploy security appliance. Untangle keeps your systems running smoothly and your users happy and productive.

Security appliances are more cost effective deployment option. The discounted hardware and software renewals mean you are getting the best possible value for money. These come priced without any User band limits, so you don’t have to worry about incurring incremental costs. One price for all users!

 

 

For Pricing Details check out Untangle Website.

 

You can also avail of our 24×7 security monitoring service.

Cloud Hosting Security and MSSPs

John Sawyer wrote about security implications of being hosted in the cloud  in “Spot the Trouble in the Cloud” for InformationWeek. He highlights the security challenges for cloud based hosting. In particular:

“…enterprises are flying blind unless they adapt their security monitoring, incident response and digital forensic policies and procedures to the cloud… most cloud provider SLA state security is up to the customer”.

The steps to mitigate this challenge is to start monitoring. Enable system logs and send them over to your syslog server. Alternatively Mr Sawyer suggests the use of services like Loggly or products like Splunk, Tenalbe’s SecurityCenter and Log Corrlelation for your log management analysis.

In addition, you could outsource the monitoring to a dedicated team of professionals to notify you of any incidents that would otherwise escape your attention. You can also incorporate such a team into your incident handling policies and procedures. These teams are called Managed Security service providers (MSSPs).

Some of the security tasks MSSPs undertake on your behalf:

  1. System Patch management
  2. Malware detection and analysis
  3. IPS/IDS Incident Response
  4. Identity and password management
  5. Log analysis
  6. Researching new threats
  7. Writing or preparing reports for audit teams

Contact  marketing@futuregen.sg to see how you can benefit from our MSSP offerings and secure your data today!

Monitoring Service Expanded to cover Video

Since our team is monitoring networks on a 24×7 basis we decided to extend the service to cover also the video monitoring. A lot of video cameras are now hooked up to DVRs with internet capabilities. It would be simple for us to login and monitor the DVR from our NOC. By providing the service, our team can help owners and managers save time and manage the video review process.

The Video Monitoring service is envisioned to provide peace of mind to property and business owners with 24×7 staff keeping tabs on the remote video feed from newer generation Digital Video Recorders that have internet capabilities. Our team can also help plan the optimal location and aim of the various types of dome cameras for maximum coverage. Instant alerts are provided for every notable ‘incident’. This service can be rendered worldwide.

Our original network monitoring service covers network equipment and servers.