Know Network Attacks - DrDOS

DrDOS - DNS Reflection Denial Of Service

This technique exploits security weakness in the domain name system(DNS) protocol. Using IP spoofing, the source address of DNS queries are set to that of the target victim, which means all replies will go to the target. The target of the attack receives replies from all DNS servers that are used. This overwhelms the target by creating a DOS. In March 2013, SpamHouse, a Geneva based anti-spam organization, was targeted with such an attack, peaking at 300Gbps.
To know more

Are you on the right cloud computing career path?

Are you on the right cloud computing career path?

David S. Linthicum, 

While the rise of cloud computing frightens some in IT, many see the technology as an opportunity to accelerate their careers and bolster their bank accounts.

And IT pros have good reason to be optimistic. In a 2012 survey conducted within a 90-day period by Wanted Analytics, more than 2,400 companies said they are seeking candidates with cloud computing skills. Moreover, hiring demand increased by 61% from 2011 to 2012 for IT people with cloud knowledge. Analyst firm IDC also released a report last year that indicated public and private spending in cloud computing will increase exponentially over the next few years, resulting in an available jobs boost of nearly 14 million positions worldwide.

<![if !vml]><![endif]>

David S. Linthicum, cloud computing expert and consultant

There is an explosion in both the use of cloud computing and the demand for people to assist in the mass migration to cloud. Indeed, there are about 50 to 70 jobs chasing truly qualified candidates at this point in time, according to technical recruiters.

And there are two categories of cloud computing careers that seem to be emerging in the space: positions seeking IT pros with specific cloud skills and positions looking for IT admins with cloud architecture know-how.

Jobs that require specific cloud computing skills, such as Amazon Web Services (AWS) expertise or Google App Engine development skills, are typically with companies that have already committed to specific cloud service providers. These are usually for newly formed groups within IT departments, and the position is focused around tactical solutions development.

Roles for people with specific cloud skills encompass the majority of cloud computing jobs on the market today -- with AWS skills leading by a large margin, and Google, Microsoft and Rackspace postings following. Figure 1 shows the growth of job postings that request AWS talent, with a 2,500% growth over the six-year period. These jobs range from configuration, to development, to operations positions. And salaries range from $80,000 to $180,000 annually, depending on location.

Companies with positions for cloud architects seek people who can define the cloud -- from business requirements to the actual cloud deployment. These jobs tend to be with companies that have yet to define their path to the cloud and need some assistance in doing so. They may be defining the use of existing private and public clouds, or perhaps building clouds from the ground up.

Cloud architecture jobs are typically posted as "cloud solution architect" or other descriptive terms. Job posters are looking for strategic knowledge of most cloud computing technology and providers, and the ability to form those clouds to fit enterprise goals or needs.

Cloud architecture candidates should have enterprise architecture and/or service-oriented architecture experience, with some knowledge of the proper use of cloud computing technology. Salaries range from $100,000 to $200,000 annually, depending on location.

What you need to land that hot, new cloud job

With the rise of cloud-related jobs comes the rise of cloud certification programs. Larger cloud computing technology providers and vendors, such as IBM and Microsoft, as well as independent training organizations such as Cloud School and Learning Tree, typically offer these programs. Top cloud certification programs include:

• IBM Certified Solution Advisor -- Cloud Computing Architecture
• IBM Certified Solution Architect -- Cloud Computing Infrastructure
• Microsoft Learning
• Google Apps Certified Deployment Specialist
• VMware Certified Professional (VCP)
• Certified Cloud Professional (CCP)

As you may expect, technology providers tend focus on their own products. However, they do provide the basics around cloud computing architectures. If you are someone that learns through this type of training and needs that piece of paper, then these cloud certification programs might work for you.

The majority of IT pros working in specific cloud positions either learned on the job or are self-taught. That may change as these types of programs become more popular, and employers require the certifications.

While cloud administrators can find what they need in the way of certifications, those looking for cloud architecture skills may be disappointed. General cloud computing courses typically focus on the very basics -- the difference between IaaS, SaaS and PaaS -- not on gory details, such as different approaches to building multi-tenant architecture, identity-based security and application programming interface design.

While most architects in the world of cloud computing also typically acquire their skills on the job, that could change as the certification programs become more comprehensive in the coming years.

Investing in cloud computing skills and knowledge seems to be a good bet today -- and a wise career move. While many IT admins will seek cloud skills and knowledge through training and certification programs, the reality is cloud computing is moving too fast for those programs to keep up.

David (Dave) S. Linthicum is the CTO and founder of Blue Mountain Labs, an internationally recognized industry expert and thought leader, and the author and co-author of 13 books on computing, including the best-selling Enterprise Application Integration. Dave keynotes at many leading technology conferences on cloud computing, SOA, enterprise application integration and enterprise architecture.

His latest book is Cloud Computing and SOA Convergence in Your Enterprise, a Step-by-Step Guide. Dave's industry experience includes tenures as CTO and CEO of several successful software companies and upper-level management positions in Fortune 100 companies. In addition, he was an associate professor of computer science for eight years and continues to lecture at major technical colleges and universities, including the University of Virginia, Arizona State University and the University of Wisconsin.

Using The Same Password across multiple accounts....

SQL Injection is one of the most common security vulnerabilities on the web and is successful only when the web application is not sufficiently secured.

Recently a hacking Group named 'TeamBerserk' claimed on Twitter that, they have stolen $100,000 by leveraging user names and passwords taken from a California ISP Sebastian (Sebastiancorp.com)to access victims' bank accounts.

A video proof was uploaded on the Internet, shows that how hackers used a SQL injection attack against the California ISP Sebastian to access their customers' database includes  e-mail addresses, user names and clear text passwords and then using the same data to steal money from those customers.

Let's see what SQL Injection is and how serious an attack like this actually can be.

SQL Injection is a type of web application vulnerability in which the attacker adds Structured Query Language (SQL) code to web inputs to gain access to an organization's resources. Using this technique, hackers can determine the structure and location of key databases and can download the database or compromise the database server.

  

Hackers took just 15 minutes to hack into the website using SQLmap (Automated SQL Injection Tool) -- stole customers' database and then immediately accesses the victim's Gmail account, linked PayPal accounts and Bank accounts also.

 

It's so hard to remember multiple passwords, some people just use the same one over and over. Is your Facebook password the same as your Twitter password? How about the password for your bank's website?

Now the hack explains that this us why it's extremely dangerous to use the same password on more than one Web site. In the POC video, hacker randomly chooses one Sebastian username and his relative password against Paypal, Gmail and even Citibank account logins and seriously that actually worked, because the victim is using the same passwords for all websites.

Now that you've control of the situation, don't let this happen again! If you have a bank account, a few credit cards, and several other important sensitive accounts, conduct a thorough security audit on them. Be sure that you know when you last logged in. Be sure to keep using different and Strong passwords for each website.

complete article Ref:  http://thehackernews.com/2013/10/hacker-stole-100000-from-users-of.html

Windows server 2012 R2 New Features

New Features and Highlights
Using the new and enhanced features in Windows Server 2012 R2, you can improve performance and more efficiently use datacenter capacity, helping you increase business agility.

Windows Server delivers resilient, multi-tenant-aware storage and networking capabilities for a wide range of workloads using industry-standard hardware. By automating a broad set of management tasks, Windows Server 2012 simplifies the deployment of major workloads and increases operational efficiencies.

Storage
Organizations face increasingly large amounts of data that must be managed cost effectively. Windows Server helps you maximize your investments by getting better performance from your existing storage area network (SAN) infrastructure. It also delivers the ability to build enterprise-class storage infrastructure with commodity hardware.

Storage Spaces. Windows Server helps reduce costs and improve performance by consolidating standard disks into pools that can be treated as standard drives within the operating system. The logical disks, or Storage Spaces, can be configured for varying resiliency schemes and assigned to different departments. As a result, organizations can simplify isolation and administration of the storage infrastructure and improve performance, flexibility, scalability, and availability. With Windows Server 2012 R2, data is automatically tiered across solid-state drives and hard-disk drives based on usage patterns, to deliver the best performance for data that gets used the most.

Application support with Server Message Block (SMB) 3.0. By separating storage and compute elements of virtual machines, organizations can move virtual machines without impacting storage configurations. Windows Server enables this with SMB file shares for continuous availability using standalone file servers and clustered file servers. Storage can be managed with Storage Spaces and exposed as file shares for Hyper-V virtual machines and SQL databases. With SMB transparent failover, even if one of the nodes goes down, SMB transparently fails over to another node without downtime. Since SMB uses your existing network infrastructure, it also eliminates the need for a dedicated network.

Data deduplication. A new storage efficiency feature of Windows Server 2012 R2 helps reduce file storage requirements through variable-size chunking and compression. Windows Server will automatically scan disks, identify duplicate chunks of data and store those chunks once.

Networking
Networking enhancements in Windows Server 2012 R2 make it easier to virtualize workloads, improve security, provide continuous availability for applications, and get better performance out of existing resources. Networking enhancements also bolster network isolation, which is key to running multi-tenant environments. These enhancements can improve virtual machine density, mobility, and availability.
Comprehensive approach to software-defined networking. Windows Server 2012 R2 delivers several new capabilities for virtualized networks. With multi-tenant virtualization, datacenters can isolate tenant resources without the need for expensive and complex changes to the physical
network infrastructure. Hyper-V Network Virtualization in Windows Server provides a layer of abstraction between the physical networks that support the hosts, and the virtual networks that support the virtualized workloads. As a result, datacenters can handle multiple virtual networks with overlapping IP addresses on the same physical network and also move virtual machines across virtual networks without having to reconfigure the underlying physical network.
Using the multi-tenant Hyper-V Network Virtualization gateway capabilities in Windows Server, you can bridge virtualized networks with non-virtualized networks, service providers and Azure.

Hyper-V extensible switch. Window Server provides flexibility with advanced packet filtering and routing. The Hyper-V extensible switch offers an open development framework for adding layer-2 functionality such as filtering, monitoring, and packet-level redirection required by the application or tenant.
Network infrastructure enhancements. With automation, networks of virtualized data centers and cloud environments become more agile, dynamically scalable and dispensable, and able to enforce administrative controls. IP Address Management (IPAM) in Windows Server 2012 R2 implements several major enhancements, including unified IP address space management of physical and virtual networks, as well as tighter integration with System Center 2012 R2 Virtual Machine Manager (VMM). The IPAM feature provides granular and customizable role-based access control and delegated administration across multiple data centers. IPAM provides a single console for monitoring and managing IP addresses, domain names, and device identities. It also supports advanced capabilities for continuous availability of IP addressing with Dynamic Host Configuration Protocol (DHCP) failover, DHCP Policies, filters, and more.

For Further details downloadGuide