Category Archives: Articles

This Category is for written articles

Free Cyber security training from


Hello Everyone,

I wanted to do a little write up on


Cybary logo


So I don’t normally review things like this but I recently came across this site, I have personally been using it for skills training and it’s awesome. They offer their own certification path and the courses are very well created.

As some of you may know cyber security training can get pricey some courses are in the 5k range and that can be a lot if you are starting out. Or if you are working for an employer that doesn’t invest in ongoing training.

I took one of the complimentary skills certifications and found it  to be a great experience the interface is nice and they have  a great forum going on

Below is a screen shot of the login page I am currently enrolled in some of their courses and am liking it.


Here is the certificate you get when you pass one of the exams



The biggest thing that appeals to me is that their courses are a general course instead of a vendor specific.

They also offer certification courses from CompTIA, Cisco, Microsoft, etc. You can save thousands of dollars training with this site they even have an Android App which I personally use.

At the end no matter how much you think you know about this industry there is tons more to learn. I am always learning and there is still things I don’t know I believe this should be the way education is free and open to anyone.


Is your Private MPLS network really private ?

Stock Photo

This is a question that security professionals must ask themselves.

The notion that the private networks we rely on to be secured against public access can be compromised.

What if I told you that your MPLS network is not 100% private you may ask how an attacker can gain access to a secured private network unless its via an Internet-based attack now I am not talking compromised as in a virus or APT but the network itself.

Think to yourself other than yourself who has control of your “Private” network?

who has the ability to add an MPLS site into your network ?.

Of course, it’s your ISP  now the attitude of most network admins is that the network is not public as in not Internet so the use of protocols such as FTP is fine… But … what if a worker at the ISP  decides to build an MPLS leg into your network and start sniffing ?.

How about if there is an accidental misconfiguration and an improper route distinguisher points your traffic to another customer’s network or if a VLAN has been


The point is that you have to trust someone with some part of your network but you should not operate that network with the belief its 100% secure.

That means telnet..out ftp..out pop..out any of these clear text protocols either via Internet or MPLS should be ripped out and secure alternatives put in.

Also from an ISP perspective more can be done to prevent such situations such as an email notification for when a change has been made to a particular routing instance or vrf any config changes? email the customer. Was this activity authorized? no, begin the investigation.

Some security  tips to help you with this type situation

Use encrypted protocols

-Audit network changes
-Work with  your ISP on security protocols  for changes made to your network
-Create firewall rules to only include subnets which are in use





Why is IOT a threat to internet security ?



The new wave of the internet is among us we are now in the era of IOT “Internet of things”  sensors and devices that connect to the internet from home IP camera to your fridge. This wonderful new era comes with a new challenge for security  professionals

Some of the questions you need to ask yourself as a security professional

How do we protect these devices?

How to check for vulnerabilities in the software?Where are these devices located i.e publically reachable or in your corporate network ?.

Where are these devices located i.e publically reachable or in your corporate network ?.

The growing concern is facing the home user why you ask?

Take the example of the home user the user wants a home security system because they want to monitor what happens at their home they purchase a DVR with IP Cameras. the user setups up the cameras attached to their wifi connection then allows access over the internet for the DVR. Here is where the problem starts and this is what we have seen time and time again  some users if not a majority of them don’t think to change the passwords on the cameras or put an ACL to prevent  connection;s to the camera now that home user has just contributed to the IOT issue just look at what Mirai has done  by scanning the internet for devices such as cameras with weak or default passwords to exploit them to be used as a node on a botnet.

Now comes another issue with the average home network its self-most home users and some small business use consumer grade off the shelf routers  well most home routers from manufactured like Dlink, Belkin etc have been found to have major security holes check out this link which offers insight into this big problem

Now unlike your operating system that automatically updates router firmware is usually a manual process. This is not always an easy task especially for a home user then comes the problem of the manufacturers not patching the holes in the first place.

So add poor security practices with vulnerable equipment and a lack of awareness. This is a recipe for disaster and we are starting to see the effects of it now that last massive DDoS attack against DYN  was found to be traffic from many IOT devices.   Check this link for a good article on the details of  the findings.


At the end IOT is here to stay so we need to adjust our ways in thinking about security.  Many of these issues were here before IOT like the poor use of passwords and default settings. Poorly written software causing security risks have been around for a long time but the difference now is that there are a huge amount of devices. Now you usually have more Ip cameras and gadgets for example than computers.The vast amount of devices is making attacks such as DDoS exponentially more powerful.


How do we fix this?

  • Better security awareness for the home user
  • Better written software that is regularly checked and patched for holes
  • Devices that have a randomized default password such as the MAC  or serial that forces the user to change the password before the device works

The above is a starting point but is not the full solution every case if different.


Let me know what you think !.





How can ISP’s help with DDoS mitigation ?



We have seen it time and time again DDoS attacks against organizations causing network interruptions and downtime .

These Organizations at times are hopeless at the hands of the attackers sometimes even for ransom. Think of a small or medium business with a 50Mbps internet connection that is getting attacked what options does that organization have ?


Sure if they pay extra for a subnet with BGP peering and have the technical know how to can black hole the traffic. But this is costly and often times the  smaller business don’t have the technical staff to have at security team keeping watch  .

The other option is to increase bandwidth when the attack happens but how reasonable is that ?  what is the guarantee that the attack won’t grow larger attacks are reaching the Gbps an SMB simply can’t afford that costs.


The best option is getting a DDoS protection service offered via the ISP or Interconnect  anti-DDoS  services are normally offered at the ISP level or carrier level also there are CDN’s (Content Delivery Networks).

Part of the reason why you would want to go with an ISP or a Carrier for DDoS protection is they have much more network infrastructure than you have.  They have all the expertise at the ready and often for much less that it would cost for you to run a solution yourself.


Anti DDoS solutions range from free to several thousands of dollars depending on the protection level but remember you get what you pay for.

The Anti DDoS providers usually offer tiers or actions they offer such as Null route the traffic where the traffic for the IP address that is under attack is re-directed into the carriers core.

The issue with the above solution is that a null route will take down all of the traffic destined to that IP address. So if you are hosting a website or an email server  then you have completed te job for the attacker… and don’t even think about changing the DNS entries the attacks can target the domain;s .

The other option is traffic scrubbing this technique is optimal its is more costly but optimal with this technique the ISP will drop  the bad traffic using algorithms  that detect bad traffic such as SYN floods or UDP flood .

the CDN approach like that used at   this service  acts a buffer between your web server and the internet all web requests are filtered through the CDN and then scrubbed and delivered to the server . this has some limitation if the server its self is being attacked via the IP address then the CDN will not help.

At the end of it all DDoS attacks cost money sometimes a lot of money, especially for e-commerce websites. Imagine not being able to sell your product’s on your websites due to a DDoS.

the  protection is a lot  cheaper than the cost of a successful attack  business need to adopt service to protect themselves from these ever growing powerful attacks .