Previous month:
August 2014
Next month:
October 2014

September 2014

Commonwealth Cybercrime Initiative (Quick Guide)

I've previously written about my and ICANN's participation in the Commonwealth Cybercrime Initiative (CCI) in the Internet Technical Advisory Committee (ITAC) Newsletter. Recently, the Commonwealth Secretariat has prepared a Quick Guide to promote the Initiative. 

CCI is a collaborative effort of international organizations, governments, and the private sector to address cybercrime. Briefly, at the request of members of the Commonwealth,  CCI sends a team of subject matter experts to assess cybercrime fighting capabilities of that member state. The team prepares a needs assessment, the member state and CCI come to an agreement of needs and priorities, and CCI members cooperate to plan and execute on capability building. The Quick Guide provides more detail:


DNS Traffic Monitoring Series at Dark Reading

I've published a two-part series of articles on the vaule to IT organizations of monitoring DNS traffic for suspicious activities. DNS traffic can reveal the existence of malware on hosts you manage, operational failures in your name resolution services, and even covert data exfiltration activities. 

In Part I,  Monitor DNS Traffic & You Just Might Catch A RAT, I describe six signs of suspicious activity to watch for in the DNS traffic flows. I explain why DNS is so obviously useful to criminals and what to look for in DNS query and response messages. 

In Part II, 5 Ways To Monitor DNS Traffic For Security Threats, I describe how to implement real-time or offline traffic monitoring using common commercial or open source security products. There are _lots_ of ways to monitor DNS and while I literally pepper this column with links to documentation, case studies, and examples, I've barely scratched the surface. Happily, I've received constructive comments that metion other products, services, or methods so please take a moment to consider these, too.