host's blog
Disabled BGP Routes Responsible for Second Round of Syrian Blackouts
Wed, 2013-06-05 12:45 — hostAuthored by: Ryan Curran
Disconnection, May 8th, 2013
Syrian Network Indicators Of Compromise (IOCs)
Mon, 2013-06-03 00:08 — hostAs a follow up to my last blog, Enumeration of Syrian Networks, which enumerates the Internet routing landscape and tactics used by the Syrian government to exercised control over its country’s Internet infrastructure, I thought it was worth investigating the threat landscape. ASNs 29386 and 29256, both assigned to the Syrian Telecommunications Establishment (STE), and their upstream peers all have an extensive collection of Indicators of Compromise (IOCs).
ScoutVision Enumerates Syrian Networks to Baseline Recent Network Blackouts
Thu, 2013-05-30 16:22 — hostAuthored by: Ryan Curran
Late last fall, on November 29th, 2012 at approximately 5:26 AM EST, the Syrian government blocked the majority of access to the Internet within its borders by removing the routing tables from global Internet traffic. This turned Syria “dark” as it disconnected the country from the necessary connections that allow information in and out of the country. We assume this was done in an effort to minimize the effectiveness of rebel communications.
What Does Your Cybersecurity "A Team" Look Like?
Fri, 2013-03-15 14:37 — hostTo Provide a Robust Team Capable of Supporting 24x7 Coverage, a Team of Specialists is Paramount to Securing any Infrastructure.
In this column I intend to break away from the previous discussions about doctrine as it applies to operations and focus on something the military calls “force structure.”
Cyber Close Combat Area - Developing Engagement Areas to Defeat the Threat
Mon, 2013-01-28 10:03 — hostThroughout this series of columns, the discussion has focused on topics leading up to where/when the pitched battle takes place and forces are committed to action. These critical aspects ultimately weigh heavily on whether you will win or lose. In US military doctrine, the pitched battle is fought in the close combat area. This is where “forces are in immediate contact with the enemy…or where commanders envision close combat taking place. …The close area is historically the only location where the commander could conduct his decisive operation.”
Scrap the DMZ - How a Security Zone Paves the Way for Proactive Cyber Security
Wed, 2012-12-19 14:25 — hostAccording to US military doctrine, a demilitarized zone or DMZ is an area devoid of military forces. It is designed to separate opposing forces to prevent hostile actions. Yet it is the term that cyber security practitioners have been using for years to describe the place on our network where we most often engage our cyber enemies.
Cyber Shaping Operations - How to Affect the Threat Before it Enters Your Area of Operations
Wed, 2012-11-21 23:02 — hostIn previous columns, I have outlined how to define the cyber battlespace in context with an enterprise, how to focus on the threats, and how to array assets to
Building an Early Warning System: External Threat Feeds
Fri, 2012-11-16 01:00 — hostSecurosis, Mike Rothman, November 16, 2012
Building an Early Warning System: Internal Data Collection and Baselining
Thu, 2012-11-08 01:00 — hostSecurosis, Mike Rothman, November 8, 2012
Building an Early Warning System: The Early Warning Process
Mon, 2012-11-05 01:00 — hostSecurosis, Mike Rothman, November 5, 2012
