Akamai Diversity
Home > Bill Brenner

Recently by Bill Brenner

State of the Internet Security Podcast Host Bill Brenner catches up with an old friend: Tenable Network Security's Jack Daniel.

The two have been friends and industry colleagues for the last decade, having spent many a security conference in the trenches together. For travel to and from one such event, they shared a cramped RV from Boston to Washington, DC three years in a row.

Some things have changed in the security industry since those early days, while other things have stayed the same. In this conversation, Brenner and Daniel reminisce and look at where the state of security is headed.

The Q1 2015 State of the Internet - Security Report is due out next month, and we think the week of RSA Conference 2015 is a good time to start previewing sections.

Yesterday we reviewed the continuing trend of website defacements and DNS Hijacking. The day before that we reviewed the potential security risks of widespread IPv6 adoption. Today, we look at the significance of a 100 GBPS attack.

Akamai's Response to CVE-2015-1635

In response to the vulnerability discussed in the Microsoft disclosure at https://technet.microsoft.com/library/security/MS15-034, Akamai has analyzed its production servers and has determined it is not running any version of the software that is susceptible to the vulnerability.
 
Akamai has created a permanent rule for the Trustwave® ModSecurity® Core Rule Set (CRS) and Akamai® Kona Rule Set (KRS) rule to help protect customer servers from attacks that exploit this vulnerability. This rule (3000031) is available on Luna Control System and can be manually added to your Firewall policy using the following actions:
 
For Existing Firewall Policies using CRS v1.6.1:
  1. Access Luna Control Center and the Web Application Firewall page (CONFIGURE >> WAF Configuration).
  2. On the Web Application Firewall page, select the WAF Configuration version with which you would like to work.
  3. On the resulting Web Application Firewall Configuration page, edit the Firewall Policy for which you would like to enable rule 3000031.
  4. On the resulting Edit Firewall Policy page, click the Next button.
  5. On the resulting Application Layer Controls page, in the 1.6.1 Rule Set list, scroll to rule 3000031 and select its check box.

6. Click the Next button, and continue clicking it on any subsequent pages until you reach the final page.

7. Click Finish to finish updating the Firewall Policy.


For Existing Firewall Policies using KRS v1.0:
  1. Access Luna Control Center and the Web Application Firewall page (CONFIGURE >> WAF Configuration).
  2. On the Web Application Firewall page, select the WAF Configuration version with which you would like to work.
  3. On the resulting Web Application Firewall Configuration page, edit the Firewall Policy for which you would like to enable rule 3000031.
Be aware, unless you created your Firewall Policy on or after April 1, 2015, you must upgrade to the latest KRS version for rule 3000031 to become available to your Firewall Policy; a KRS 1.0 Update Requirednotification will appear on the Web Application Firewall Configuration page for each affected Policy. In addition, if you choose to create a new version of a WAF Configuration or Firewall Policy from an existing one created prior to April 1, 2015, you must be certain to upgrade KRS in the new version.
 
Complete the upgrade procedures in the Upgrading the KRS, Version 1.0 Rule Set section of the Kona Site Defender User Guide available in Luna Control Center (Support >> User and Developer Guides >> Kona Security Solutions) in order to proceed with enabling the rule.
4. On the resulting Edit Firewall Policy page, click the Next button.
5. On the resulting Application Layer Controls page, in the KRS 1.0 Rule Set list, scroll to rule 3000031 and select its check box.

6.      Click the Next button, and continue clicking it on any subsequent pages until you reach the final page.
7.      Click Finish. The Firewall Policy is now updated.

For New Firewall Policies:
1.      Access Luna Control Center and the Web Application Firewall page (CONFIGURE >> WAF Configuration).
2.      On the Web Application Firewall page, select the WAF Configuration version with which you would like to work.
3.      On the resulting Web Application Firewall Configuration page, click the plus sign (+) button at the upper right-hand corner of the Firewall Policies area.
4.      On the resulting Create New Firewall Policy page, enter and select all desired parameters, including the Application Layer Controls rule set (1.6.1 or KRS 1.0), then click the Next button.
5.      On the Application Layer Controls page, in the rule set list, select all desired rules, being certain to include rule 3000031, by selecting their respective check boxes.

Rule 3000031 in CRS v1.6.1.

Rule 3000031 in KRS v1.0.

6.      Click the Next button.
7.      On any subsequent pages, fill out and/or select all desired parameters, and click their Next buttons until you reach the final page.
8.      Complete the final page, and click Finish to create the Firewall Policy.

Andrew Hay, BSidesSF volunteer and research director at OpenDNS, talks to Bill Brenner about the major security issues being discussed at this year's two-day BSides event, as well as problems with attack attribution, potential fearmongering and what we might expect at RSA.

The Q1 2015 State of the Internet - Security Report is due out next month, and we think the week of RSA Conference 2015 is a good time to start previewing sections.

Yesterday we reviewed the potential security risks of widespread IPv6 adoption. Today, we look at the continuing trend of website defacements and DNS Hijacking.

Q1 2015 SOTI Preview: IPv6 Security Challenges

The Q1 2015 State of the Internet - Security Report is due out next month, and we think the week of RSA Conference 2015 is a good time to start previewing sections.

Let's begin with the potential security risks of widespread IPv6 adoption.

An Evening With Akamai and AT&T During #RSAC 2015

As RSA Conference 2015 attendees continue to finalize evening schedules, here's a suggestion: Come by our event with AT&T. Meet and mingle with Akamai, AT&T and your fellow security professionals. Enjoy libations and hors d'oeuvres.

Location:
The Burritt Room,
Mystic Hotel

Date & Time:
Wednesday, April 22
7:30-10:30 p.m.

Register today to attend this invitation-only reception at Burritt Room in the historic Mystic Hotel just North of Union Square in San Francisco.

Hope to see you there!

RSAC-Party_AS.jpg

Agenda for #BSidesSF 2015

A lot of attention is on RSA Conference 2015, which commences a week from Monday. But let's not forget that BSidesSF is also that week. Below is a full agenda for the event, which is April 19 and 20 at the OpenDNS offices at 135 Bluxome St., San Francisco.

Your 2015 Survival Guide for #rsac and #BSidesSF

It's two weeks until RSA, the biggest security conference of the year. For first-timers, this is the time to start preparing and understanding what lies ahead. It can be an overwhelming experience, with two loud exhibit halls, too many evening events to count on two hands, and so many talks it can be hard to choose what's best for your interests.

To that end, here's some advice for RSA 2015, which takes place April 20-24 at the Moscone Center in San Francisco:

After last week's news that RSA Conference 2015 will ban so-called booth babes, I heard from a lot of people who agree vendors need to find other ways to attract attention during security conferences. Others felt the issue was nothing but useless security industry drama, but there is a lesson in this discussion for marketers.

One reader told me the use of booth babes isn't the result of bad intentions. It's just that some marketing teams don't know any better. They assume the booth babes work because they see others using them. I think there's some truth to that.

So I've decided to give marketing practitioners some examples of successful exhibits that succeeded without the sex.

Here are four examples of exhibits that won on the strength of the security message. They use other gimmicks, to be sure, but in my opinion they are more about creativity than exploitation. Feel free to disagree with what follows, or share other examples of displays that worked.