I often get asked about Distributed Denial of Service (DDoS) attacks, how it works and what role we can play to prevent them.

So, let me start with the first part of it: Our Security Intelligence Report version 5 talked about the underground economy and actually explained what is happening before a DDoS takes place. Let’s recap this:

Often it starts with the plan of a criminal to build a botnet. So, this malicious person goes to an underground marketplace, buys a piece of malware, a bot and a control server software. In addition, he/she might even be able to buy an initial distribution of the bot by letting somebody infect a webpage (which might be unpatched or have a weak password or somehow else being unsecured) or any other distribution channel for malware you might know of (e.g. social engineering):

Now, the criminal is ready to go. He/she might own a certain number of PCs called Zombies. He can now offer his “services” on the same online black market, he initially purchased the malware from and might find “customers” like spammers, phishers, blackmailers or any other criminals:

Here you see the reason why we leverage our Malicious Software Removal Tool to go after the largest botnets. It is all about protecting the ecosystem.

So, I could basically rent a botnet to flood a web server with any kind of junk in order to take it offline – this is called a Distributed Denial of Service attack. I often compare this with spam – not for your Inbox but for your web server. The server is still up and running but kept busy sorting junk from legitimate traffic.

There are often different motivations behind this:

• Remember the times of Al Capone? Where the criminals attacked shops and then offered them a service to protect them? The same can happen here: A criminal runs a DDoS against your website and takes it down for a few minutes. Then he lets it come up again and tells you that he can protect you from these attacks – I would call this blackmailing.
• We often see such attacks with a political background. You see a conflict happening somewhere and one party (or both) is trying to take down the website of the other.
• Sometimes it is more a “I do not like you” background. Microsoft has been attacked as well from time to time….

So, if you want to know more about DDoS, I can recommend you two sites:

• On our Technet site, there is an article called Distributed Denial-of-Service Attacks and You, which is worthwhile reading and shows you some basic protection as well. This article is not too new but it even gives you some advice on how to protect yourself.
• Wikipedia has a site, which can give you some history on it and shows you different types of the attacks: Denial-of-service attack

I hope this helps and clarifies some questions. Otherwise, do not hesitate to get in touch with me

Roger

I often see a lot of discussions on Information Warfare. Today I just stumbled across a paper published by RAND called Strategic Information Warfare – A New Face of War – from my first impression definitely worth reading

Roger

I guess you know my view to protection of USB-ports. I get often asked how you can protect your user’s from using USB-sticks. There are ways – especially in Vista – but don’t do it. Your users most probably have a good business reason, why they would want to use USB-sticks and by not letting them, they will most probably find another way to transport your sensitive information.

Rather give them the tools to do their business in a secure and safe way. Protect sensitive information with technology like Active Directory Rights Management Services – then you do not have to worry anymore where your data resides. Additionally you might still be worried about the loss of thumb drives as this happens so often. This might be the background why I get so many questions on Bitlocker To Go. Let’s just briefly look at the user experience when using this technology.

I just plugged in a normal USB stick into my Windows 7 box. I then right-click on the USB drive in “My Computer” and get the following menu:

So, let’s try to click on Turn on BitLocker… and give it a try:

This answers one of the questions I often get:How does Bitlocker To Go authenticate the user. As you can see, there are two options:

• You can use a password to protect it – or even better a passphrase. This will be the option you use, if you want to share the USB-key or if you are not sure what kind of machine you will have to unlock it as you do not know whether there is a smartcard reader (or you know that there is no smartcard reader on the target machine).
• If you want to make sure you have strong authentication and only you get access, use smartcard!

And then – no, not yet. The drive will not be encrypted yet. As you know from “normal” Bitlocker, there is no encryption without backup keys:

After having a backup of the key, you are ready to go and to encrypt the USB stick:

So far so good: Pretty easy! But what happens, if I plug this stick in to another machine? This is what I did and this happened:

So, I am prompted for the password, I enter it and the device is unlocked. However, if I forgot my password, this happens:

So, similar to Bitlocker on your main machine/disk you can use the recovery key to unlock it.

If you look at it, it is a pretty easy and straight forward way to encrypt a USB stick and protect it against loss by encrypting it with the same technology as your main disk.

One final question I get asked pretty often: What editions of Windows 7 support it? In Windows 7 BitLocker Executive Overview, you find the answer: BitLocker To Go can be utilized on its own, without requiring that the system partition be protected with the traditional BitLocker feature. Although you will need a premium Windows 7 SKU to enable protection of removable storage devices with BitLocker, any SKU can be utilized to unlock and use a protected device. Finally, BitLocker To Go provides read-only support for removable devices on older versions of Windows allowing you to more securely share files with users who are still running Windows Vista and Windows XP.

Roger

This has absolutely nothing to do with security but is a lot of fun: A few years ago, I read an article about Geocaching. Basically, this is a treasure hunt using GPS. Wikipedia describes it like that: Geocaching is similar to the 150-year-old game letterboxing, which uses clues and references to landmarks embedded in stories. Geocaching was imagined shortly after the removal of Selective Availability from GPS on May 1, 2000, because the improved accuracy of the system allowed for a small container to be specifically placed and located. The first documented placement of a GPS-located cache took place on May 3, 2000, by Dave Ulmer of Beavercreek, Oregon. The location was posted on the Usenet newsgroup sci.geo.satellite-nav as 45°17.460′N 122°24.800′W / 45.291°N 122.413333°W / 45.291; -122.413333. By May 6, 2000, it had been found twice and logged once (by Mike Teague of Vancouver, Washington). According to Dave Ulmer's message, the original stash was a black plastic bucket buried most of the way in the ground and contained software, videos, books, food, money, and a slingshot.

There are people who are really addicted to and found thousands of caches all around the globe. For us, it is more a family-fun-event and we are up to a few dozens till now. However, the reason why I wrote this post is more that we started to use it during vacation to get to know space we would never have gone to.

Let me give you two examples. Last year we went to a camping at Costa Brava in Spain close to Barcelona. Close to where we stayed, there was a national park where a lot of people go to. So, we went looking for a cache called Monastery of Sant Pere de Rodes, basically a really touristic attraction.

However, the cache itself was not located there (the picture was actually taken on the way up to the cache). It was about a 30 minutes hike up the mountain to an old castle up there with an outstanding view on all sides – something we would never have seen without the wish to find the cache:

Another example is just form our latest vacation in Crete. We were looking for Crete - Akrotiri - "3 Monasteries Cache" – again monasteries. The first one on that list was the one, the buses stopped. The last one was about 30 mins later… Look at the pictures:

Worth it – wasn’t it? I know that I am a simple person: I just do not want to be in the big masses of people and I love toys (like GPS). But Geocaching led us to spots we would never have gone to. We did not even know that the center point of the state we are living in (and I was even growing up here) is just about 2 km away from where we live.

So, this is definitely something I would recommend you to look into. Just visit the Geocaching website and have fun

Roger

Just some fun before I leave for vacation: http://www.youtube.com/watch?v=VUawhjxLS2I

BTW: Office 2010 really rocks – I am running the Technical Preview since quite a while now…

Have a good summer

Roger