Send sanog mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sanog.org/mailman/listinfo/sanog
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sanog digest..."
Today's Topics:
1. Weekly Routing Table Report (Routing Analysis Role Account)
2. Fwd: [fellowships-alumni] PONMOCUP THREAT (GZ Kabir)
----------------------------------------------------------------------
Message: 1
Date: Sat, 5 Dec 2015 04:11:13 +1000 (AEST)
From: Routing Analysis Role Account <[email protected]>
To: [email protected], [email protected], [email protected],
[email protected], [email protected], [email protected],
[email protected]
Subject: [SANOG] Weekly Routing Table Report
Message-ID: <[email protected]>
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG,
SAFNOG, PaNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG.
Daily listings are sent to [email protected]
For historical data, please see http://thyme.rand.apnic.net.
If you have any comments please contact Philip Smith <[email protected]>.
Routing Table Report 04:00 +10GMT Sat 05 Dec, 2015
Report Website: http://thyme.rand.apnic.net
Detailed Analysis: http://thyme.rand.apnic.net/current/
Analysis Summary
----------------
BGP routing table entries examined: 571357
Prefixes after maximum aggregation (per Origin AS): 212309
Deaggregation factor: 2.69
Unique aggregates announced (without unneeded subnets): 278305
Total ASes present in the Internet Routing Table: 52177
Prefixes per ASN: 10.95
Origin-only ASes present in the Internet Routing Table: 36655
Origin ASes announcing only one prefix: 15946
Transit ASes present in the Internet Routing Table: 6383
Transit-only ASes present in the Internet Routing Table: 165
Average AS path length visible in the Internet Routing Table: 4.4
Max AS path length visible: 35
Max AS path prepend of ASN ( 55644) 31
Prefixes from unregistered ASNs in the Routing Table: 1028
Unregistered ASNs in the Routing Table: 367
Number of 32-bit ASNs allocated by the RIRs: 11965
Number of 32-bit ASNs visible in the Routing Table: 9139
Prefixes from 32-bit ASNs in the Routing Table: 34775
Number of bogon 32-bit ASNs visible in the Routing Table: 14
Special use prefixes present in the Routing Table: 0
Prefixes being announced from unallocated address space: 421
Number of addresses announced to Internet: 2802085056
Equivalent to 167 /8s, 4 /16s and 108 /24s
Percentage of available address space announced: 75.7
Percentage of allocated address space announced: 75.7
Percentage of available address space allocated: 100.0
Percentage of address space in use by end-sites: 97.8
Total number of prefixes smaller than registry allocations: 188133
APNIC Region Analysis Summary
-----------------------------
Prefixes being announced by APNIC Region ASes: 144487
Total APNIC prefixes after maximum aggregation: 39866
APNIC Deaggregation factor: 3.62
Prefixes being announced from the APNIC address blocks: 152684
Unique aggregates announced from the APNIC address blocks: 60777
APNIC Region origin ASes present in the Internet Routing Table: 5113
APNIC Prefixes per ASN: 29.86
APNIC Region origin ASes announcing only one prefix: 1190
APNIC Region transit ASes present in the Internet Routing Table: 895
Average APNIC Region AS path length visible: 4.4
Max APNIC Region AS path length visible: 34
Number of APNIC region 32-bit ASNs visible in the Routing Table: 1719
Number of APNIC addresses announced to Internet: 756067456
Equivalent to 45 /8s, 16 /16s and 172 /24s
Percentage of available APNIC address space announced: 88.4
APNIC AS Blocks 4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319,
58368-59391, 63488-64098, 131072-135580
APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8,
49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8,
106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
222/8, 223/8,
ARIN Region Analysis Summary
----------------------------
Prefixes being announced by ARIN Region ASes: 180946
Total ARIN prefixes after maximum aggregation: 88978
ARIN Deaggregation factor: 2.03
Prefixes being announced from the ARIN address blocks: 184304
Unique aggregates announced from the ARIN address blocks: 86632
ARIN Region origin ASes present in the Internet Routing Table: 16512
ARIN Prefixes per ASN: 11.16
ARIN Region origin ASes announcing only one prefix: 5973
ARIN Region transit ASes present in the Internet Routing Table: 1717
Average ARIN Region AS path length visible: 3.7
Max ARIN Region AS path length visible: 27
Number of ARIN region 32-bit ASNs visible in the Routing Table: 859
Number of ARIN addresses announced to Internet: 1102523072
Equivalent to 65 /8s, 183 /16s and 42 /24s
Percentage of available ARIN address space announced: 58.3
ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106
(pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153
3354-4607, 4865-5119, 5632-6655, 6912-7466
7723-8191, 10240-12287, 13312-15359, 16384-17407
18432-20479, 21504-23551, 25600-26591,
26624-27647, 29696-30719, 31744-33791
35840-36863, 39936-40959, 46080-47103
53248-55295, 62464-63487, 64198-64296, 393216-395164
ARIN Address Blocks 3/8, 4/8, 6/8, 7/8, 8/8, 9/8, 11/8,
12/8, 13/8, 15/8, 16/8, 17/8, 18/8, 19/8,
20/8, 21/8, 22/8, 23/8, 24/8, 26/8, 28/8,
29/8, 30/8, 32/8, 33/8, 34/8, 35/8, 38/8,
40/8, 44/8, 45/8, 47/8, 48/8, 50/8, 52/8,
53/8, 54/8, 55/8, 56/8, 57/8, 63/8, 64/8,
65/8, 66/8, 67/8, 68/8, 69/8, 70/8, 71/8,
72/8, 73/8, 74/8, 75/8, 76/8, 96/8, 97/8,
98/8, 99/8, 100/8, 104/8, 107/8, 108/8, 128/8,
129/8, 130/8, 131/8, 132/8, 134/8, 135/8, 136/8,
137/8, 138/8, 139/8, 140/8, 142/8, 143/8, 144/8,
146/8, 147/8, 148/8, 149/8, 152/8, 155/8, 156/8,
157/8, 158/8, 159/8, 160/8, 161/8, 162/8, 164/8,
165/8, 166/8, 167/8, 168/8, 169/8, 170/8, 172/8,
173/8, 174/8, 184/8, 192/8, 198/8, 199/8, 204/8,
205/8, 206/8, 207/8, 208/8, 209/8, 214/8, 215/8,
216/8,
RIPE Region Analysis Summary
----------------------------
Prefixes being announced by RIPE Region ASes: 137500
Total RIPE prefixes after maximum aggregation: 68502
RIPE Deaggregation factor: 2.01
Prefixes being announced from the RIPE address blocks: 145455
Unique aggregates announced from the RIPE address blocks: 90245
RIPE Region origin ASes present in the Internet Routing Table: 18032
RIPE Prefixes per ASN: 8.07
RIPE Region origin ASes announcing only one prefix: 7990
RIPE Region transit ASes present in the Internet Routing Table: 2987
Average RIPE Region AS path length visible: 4.8
Max RIPE Region AS path length visible: 30
Number of RIPE region 32-bit ASNs visible in the Routing Table: 4264
Number of RIPE addresses announced to Internet: 701905536
Equivalent to 41 /8s, 214 /16s and 58 /24s
Percentage of available RIPE address space announced: 102.0
RIPE AS Blocks 1877-1901, 2043, 2047, 2107-2136, 2585-2614
(pre-ERX allocations) 2773-2822, 2830-2879, 3154-3353, 5377-5631
6656-6911, 8192-9215, 12288-13311, 15360-16383
20480-21503, 24576-25599, 28672-29695
30720-31743, 33792-35839, 38912-39935
40960-45055, 47104-52223, 56320-58367
59392-61439, 61952-62463, 196608-204287
RIPE Address Blocks 2/8, 5/8, 25/8, 31/8, 37/8, 46/8, 51/8,
62/8, 77/8, 78/8, 79/8, 80/8, 81/8, 82/8,
83/8, 84/8, 85/8, 86/8, 87/8, 88/8, 89/8,
90/8, 91/8, 92/8, 93/8, 94/8, 95/8, 109/8,
141/8, 145/8, 151/8, 176/8, 178/8, 185/8, 188/8,
193/8, 194/8, 195/8, 212/8, 213/8, 217/8,
LACNIC Region Analysis Summary
------------------------------
Prefixes being announced by LACNIC Region ASes: 60468
Total LACNIC prefixes after maximum aggregation: 11827
LACNIC Deaggregation factor: 5.11
Prefixes being announced from the LACNIC address blocks: 73119
Unique aggregates announced from the LACNIC address blocks: 34095
LACNIC Region origin ASes present in the Internet Routing Table: 2455
LACNIC Prefixes per ASN: 29.78
LACNIC Region origin ASes announcing only one prefix: 599
LACNIC Region transit ASes present in the Internet Routing Table: 544
Average LACNIC Region AS path length visible: 4.7
Max LACNIC Region AS path length visible: 22
Number of LACNIC region 32-bit ASNs visible in the Routing Table: 2126
Number of LACNIC addresses announced to Internet: 170315776
Equivalent to 10 /8s, 38 /16s and 208 /24s
Percentage of available LACNIC address space announced: 101.5
LACNIC AS Blocks 26592-26623, 27648-28671, 52224-53247,
61440-61951, 64099-64197, 262144-265628 + ERX transfers
LACNIC Address Blocks 177/8, 179/8, 181/8, 186/8, 187/8, 189/8, 190/8,
191/8, 200/8, 201/8,
AfriNIC Region Analysis Summary
-------------------------------
Prefixes being announced by AfriNIC Region ASes: 13096
Total AfriNIC prefixes after maximum aggregation: 3095
AfriNIC Deaggregation factor: 4.23
Prefixes being announced from the AfriNIC address blocks: 15374
Unique aggregates announced from the AfriNIC address blocks: 6200
AfriNIC Region origin ASes present in the Internet Routing Table: 734
AfriNIC Prefixes per ASN: 20.95
AfriNIC Region origin ASes announcing only one prefix: 194
AfriNIC Region transit ASes present in the Internet Routing Table: 164
Average AfriNIC Region AS path length visible: 4.5
Max AfriNIC Region AS path length visible: 20
Number of AfriNIC region 32-bit ASNs visible in the Routing Table: 171
Number of AfriNIC addresses announced to Internet: 70910720
Equivalent to 4 /8s, 58 /16s and 3 /24s
Percentage of available AfriNIC address space announced: 70.4
AfriNIC AS Blocks 36864-37887, 327680-328703 & ERX transfers
AfriNIC Address Blocks 41/8, 102/8, 105/8, 154/8, 196/8, 197/8,
APNIC Region per AS prefix count summary
----------------------------------------
ASN No of nets /20 equiv MaxAgg Description
4538 5502 4192 75 China Education and Research
7545 3019 346 154 TPG Telecom Limited
4766 2994 11135 990 Korea Telecom
17974 2725 914 96 PT Telekomunikasi Indonesia
9829 2214 1413 315 National Internet Backbone
4755 2065 431 234 TATA Communications formerly
9808 1684 8639 18 Guangdong Mobile Communicatio
4808 1568 2273 500 CNCGROUP IP network China169
9583 1519 163 85 Sify Limited
9498 1401 335 112 BHARTI Airtel Ltd.
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-APNIC
ARIN Region per AS prefix count summary
---------------------------------------
ASN No of nets /20 equiv MaxAgg Description
22773 3244 2964 143 Cox Communications Inc.
3356 2574 10691 525 Level 3 Communications, Inc.
6389 2508 3687 42 BellSouth.net Inc.
18566 2213 394 277 MegaPath Corporation
20115 1889 1897 401 Charter Communications
6983 1697 849 238 EarthLink, Inc.
30036 1656 331 355 Mediacom Communications Corp
4323 1578 1021 396 tw telecom holdings, inc.
209 1486 4327 1235 Qwest Communications Company,
701 1392 11415 664 MCI Communications Services,
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-ARIN
RIPE Region per AS prefix count summary
---------------------------------------
ASN No of nets /20 equiv MaxAgg Description
39891 2473 129 7 SaudiNet, Saudi Telecom Compa
20940 2241 888 1608 Akamai International B.V.
34984 1912 319 410 TELLCOM ILETISIM HIZMETLERI A
8551 1241 376 44 Bezeq International-Ltd
8402 1185 544 15 OJSC "Vimpelcom"
13188 1075 97 79 TOV "Bank-Inform"
12479 1051 967 77 France Telecom Espana SA
31148 1041 47 41 Freenet Ltd.
9198 958 349 25 JSC Kazakhtelecom
6830 898 2712 468 Liberty Global Operations B.V
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-RIPE
LACNIC Region per AS prefix count summary
-----------------------------------------
ASN No of nets /20 equiv MaxAgg Description
10620 3407 540 157 Telmex Colombia S.A.
8151 2113 3347 500 Uninet S.A. de C.V.
7303 1580 941 241 Telecom Argentina S.A.
6503 1386 437 57 Axtel, S.A.B. de C.V.
28573 1261 2164 119 NET Serviços de Comunicação S
11830 1094 364 24 Instituto Costarricense de El
6147 1039 376 34 Telefonica del Peru S.A.A.
26615 1000 2325 34 Tim Celular S.A.
7738 994 1882 41 Telemar Norte Leste S.A.
3816 970 459 186 COLOMBIA TELECOMUNICACIONES S
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-LACNIC
AfriNIC Region per AS prefix count summary
------------------------------------------
ASN No of nets /20 equiv MaxAgg Description
8452 1117 1470 14 TE-AS
24863 1038 409 38 Link Egypt (Link.NET)
37611 577 39 42 Afrihost-Brevis Computer Serv
36903 522 263 102 Office National des Postes et
36992 427 1229 31 ETISALAT MISR
37492 323 192 74 Orange Tunisie
29571 244 21 11 Cote d'Ivoire Telecom
3741 221 837 183 Internet Solutions
24835 201 146 12 Vodafone Data
15706 171 32 6 Sudatel (Sudan Telecom Co. Lt
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-AFRINIC
Global Per AS prefix count summary
----------------------------------
ASN No of nets /20 equiv MaxAgg Description
4538 5502 4192 75 China Education and Research
10620 3407 540 157 Telmex Colombia S.A.
22773 3244 2964 143 Cox Communications Inc.
7545 3019 346 154 TPG Telecom Limited
4766 2994 11135 990 Korea Telecom
17974 2725 914 96 PT Telekomunikasi Indonesia
3356 2574 10691 525 Level 3 Communications, Inc.
6389 2508 3687 42 BellSouth.net Inc.
39891 2473 129 7 SaudiNet, Saudi Telecom Compa
20940 2241 888 1608 Akamai International B.V.
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet
Global Per AS Maximum Aggr summary
----------------------------------
ASN No of nets Net Savings Description
10620 3407 3250 Telmex Colombia S.A.
22773 3244 3101 Cox Communications Inc.
7545 3019 2865 TPG Telecom Limited
17974 2725 2629 PT Telekomunikasi Indonesia
6389 2508 2466 BellSouth.net Inc.
39891 2473 2466 SaudiNet, Saudi Telecom Compa
3356 2574 2049 Level 3 Communications, Inc.
4766 2994 2004 Korea Telecom
18566 2213 1936 MegaPath Corporation
9829 2214 1899 National Internet Backbone
Complete listing at http://thyme.rand.apnic.net/current/data-CIDRnet
List of Unregistered Origin ASNs (Global)
-----------------------------------------
Bad AS Designation Network Transit AS Description
8655 UNALLOCATED 1.3.3.0/24 4134 No.31,Jin-rong Stree
30662 UNALLOCATED 8.2.129.0/24 3356 Level 3 Communicatio
47092 UNALLOCATED 8.8.204.0/24 16410 The Reynolds and Rey
53506 UNALLOCATED 8.17.102.0/23 3356 Level 3 Communicatio
46467 UNALLOCATED 8.19.192.0/24 46887 Lightower Fiber Netw
18985 UNALLOCATED 8.21.68.0/22 3356 Level 3 Communicatio
46473 UNALLOCATED 8.27.122.0/24 3356 Level 3 Communicatio
46473 UNALLOCATED 8.27.124.0/24 3356 Level 3 Communicatio
27205 UNALLOCATED 8.38.16.0/21 3356 Level 3 Communicatio
15347 UNALLOCATED 8.224.147.0/24 12064 Cox Communications I
Complete listing at http://thyme.rand.apnic.net/current/data-badAS
Advertised Unallocated Addresses
--------------------------------
Network Origin AS Description
23.226.112.0/20 62788 >>UNKNOWN<<
23.249.144.0/20 40430 colo4jax, LLC
23.249.144.0/21 40430 colo4jax, LLC
23.249.152.0/21 40430 colo4jax, LLC
27.100.7.0/24 56096 >>UNKNOWN<<
31.170.96.0/23 23456 32bit Transition AS
31.217.248.0/21 44902 COVAGE NETWORKS SASU
37.46.8.0/23 13768 Peer 1 Network (USA) Inc.
37.46.10.0/23 36351 SoftLayer Technologies Inc.
37.46.14.0/24 36351 SoftLayer Technologies Inc.
Complete listing at http://thyme.rand.apnic.net/current/data-add-IANA
Number of prefixes announced per prefix length (Global)
-------------------------------------------------------
/1:0 /2:0 /3:0 /4:0 /5:0 /6:0
/7:0 /8:16 /9:11 /10:36 /11:98 /12:264
/13:507 /14:1009 /15:1765 /16:12937 /17:7374 /18:12563
/19:25583 /20:37612 /21:39750 /22:62943 /23:54469 /24:312855
/25:541 /26:580 /27:382 /28:16 /29:16 /30:9
/31:0 /32:21
Advertised prefixes smaller than registry allocations
-----------------------------------------------------
ASN No of nets Total ann. Description
22773 2435 3244 Cox Communications Inc.
39891 2432 2473 SaudiNet, Saudi Telecom Compa
18566 2115 2213 MegaPath Corporation
6389 1553 2508 BellSouth.net Inc.
30036 1473 1656 Mediacom Communications Corp
6983 1344 1697 EarthLink, Inc.
10620 1285 3407 Telmex Colombia S.A.
34984 1209 1912 TELLCOM ILETISIM HIZMETLERI A
11492 1134 1219 CABLE ONE, INC.
31148 960 1041 Freenet Ltd.
Complete listing at http://thyme.rand.apnic.net/current/data-sXXas-nos
Number of /24s announced per /8 block (Global)
----------------------------------------------
1:1645 2:701 4:100 5:2037 6:25 8:1409
12:1803 13:28 14:1550 15:23 16:2 17:57
18:19 20:48 23:1323 24:1740 27:2129 31:1681
32:54 33:2 34:4 35:5 36:192 37:2223
38:1122 39:22 40:74 41:2894 42:365 43:1615
44:36 45:1520 46:2338 47:63 49:1028 50:816
52:33 54:93 55:7 56:8 57:44 58:1414
59:822 60:514 61:1762 62:1448 63:1918 64:4408
65:2189 66:4032 67:2138 68:1078 69:3244 70:1035
71:463 72:1991 74:2548 75:356 76:407 77:1382
78:1259 79:803 80:1339 81:1356 82:845 83:650
84:780 85:1482 86:454 87:1042 88:540 89:1900
90:167 91:5988 92:861 93:2302 94:2179 95:2236
96:473 97:352 98:909 99:45 100:79 101:851
103:8953 104:2188 105:73 106:358 107:1136 108:635
109:2122 110:1223 111:1519 112:859 113:1101 114:892
115:1512 116:1472 117:1347 118:1976 119:1494 120:506
121:1155 122:2129 123:1853 124:1563 125:1736 128:707
129:369 130:389 131:1272 132:589 133:169 134:451
135:119 136:344 137:248 138:1539 139:190 140:247
141:456 142:638 143:727 144:571 145:147 146:798
147:612 148:1288 149:446 150:621 151:811 152:569
153:271 154:473 155:906 156:453 157:446 158:342
159:1057 160:420 161:674 162:2209 163:493 164:706
165:1086 166:312 167:889 168:1331 169:545 170:1502
171:261 172:357 173:1557 174:705 175:759 176:1511
177:3933 178:2341 179:1076 180:2022 181:1598 182:1874
183:656 184:770 185:5035 186:3049 187:1860 188:2075
189:1706 190:7525 191:1211 192:8713 193:5709 194:4311
195:3696 196:2238 197:1109 198:5484 199:5545 200:6682
201:3504 202:9848 203:9243 204:4567 205:2746 206:3032
207:3022 208:4004 209:3968 210:3748 211:2008 212:2684
213:2179 214:842 215:73 216:5763 217:1879 218:743
219:542 220:1631 221:808 222:639 223:861
End of report
------------------------------
Message: 2
Date: Sat, 5 Dec 2015 11:28:46 +0600
From: GZ Kabir <[email protected]>
Subject: [SANOG] Fwd: [fellowships-alumni] PONMOCUP THREAT
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
This is for all?
> Begin forwarded message:
>
> From: Wisdom Donkor <[email protected]>
> Date: December 5, 2015 at 3:53:08 AM GMT+6
> To: "[email protected]" <[email protected]>
> Subject: [fellowships-alumni] PONMOCUP THREAT
>
> Dear All,
>
> Botconf One of the world's most successful, oldest, and largest botnets is an
> underestimated and largely-unknown threat that has over time infected 15
> million machines and made millions plundering bank accounts.
>
> The findings from a team of eight Fox IT researchers say the 'Ponmocup'
> botnet controlled 2.4 million infections at its peak in 2011 and now holds
> about half a million machines under its power.
>
> Lead author Maarten van Dantzig presented the work at the BotConf conference
> this week in the paper Ponmocup: A giant hiding in the shadows.
>
> In it he and researchers Danny Heppener; Frank Ruiz; Yonathan Klijnsma; Yun
> Zheng Hu Erik de Jong; Krijn de Mik, and Lennart Haagsma say how the malware
> first described in 2006 has a strong focus on stealth and has made its likely
> Russian authors millions of dollars.
>
> "Compared to other botnets, Ponmocup is one of the largest currently active
> and, with nine consecutive years, also one of the longest running but it is
> rarely noticed as the operators take care to keep it operating under the
> radar," van Dantzig says .
>
> "Although it is difficult to quantify the exact amount of money earned with
> the Ponmocup botnet, it is likely that it has already been a multi-million
> dollar business for years now.
>
> "Firstly, their infrastructure is complex, distributed and extensive, with
> servers for dedicated tasks."
>
> Van Dantzig says the attackers maintain comprehensive infrastructure that is
> quality tested, and updated to improve robustness stealth, and can quickly
> mitigate risks.
>
> They are he says technically sophisticated with a deep access of Windows and
> some 10 years malware development experience.
>
> So far the team has found some 25 unique plug-ins and a whopping 4000
> variants that indicate continuous development.
>
> The malware includes anti-analysis tricks such as heuristic checks for
> network and host-based analysis tools, debuggers and virtualised
> environments. It also drops clever fake payloads to throw off analysts, the
> researcher team says.
>
> One of the payloads injects an obvious executable into running processes that
> serves as an annoying advertising injector commonly found in horrid software
> bundlers.
>
> It is recommends users and administrators mitigate this issue as follows:
>
> 1.Information Risk Management Regime
>
> Assess the risks to your organisation?s information assets with the same
> vigour as you would for legal, regulatory, financial or operational risk. To
> achieve this, embed an Information Risk Management Regime across your
> organisation, supported by the Board, senior managers and an empowered
> information assurance (IA) structure. Consider communicating your risk
> management policy across your organisation to ensure that employees,
> contractors and suppliers are aware of your organisation?s risk management
> boundaries. 2. Secure configuration
>
> Introduce corporate policies and processes to develop secure baseline builds,
> and manage the configuration and use of your ICT systems. Remove or disable
> unnecessary functionality from ICT systems, and keep them patched against
> known vulnerabilities. Failing to do this will expose your business to
> threats and vulnerabilities, and increase risk to the confidentiality,
> integrity and availability of systems and information. 3. Network security
>
> Connecting to untrusted networks (such as the Internet) can expose your
> organisation to cyber attacks. Follow recognised network design principles
> when configuring perimeter and internal network segments, and ensure all
> network devices are configured to the secure baseline build. Filter all
> traffic at the network perimeter so that only traffic required to support
> your business is allowed, and monitor traffic for unusual or malicious
> incoming and outgoing activity that could indicate an attack (or attempted
> attack). 4. Managing user privileges
>
> All users of your ICT systems should only be provided with the user
> privileges that they need to do their job. Control the number of privileged
> accounts for roles such as system or database administrators, and ensure this
> type of account is not used for high risk or day-to-day user activities.
> Monitor user activity, particularly all access to sensitive information and
> privileged account actions (such as creating new user accounts, changes to
> user passwords and deletion of accounts and audit logs). 5. User education
> and awareness
>
> Produce user security policies that describe acceptable and secure use of
> your organisation?s ICT systems. These should be formally acknowledged in
> employment terms and conditions. All users should receive regular training on
> the cyber risks they face as employees and individuals. Security related
> roles (such as system administrators, incident management team members and
> forensic investigators) will require specialist training. 6. Incident
> management
>
> Establish an incident response and disaster recovery capability that
> addresses the full range of incidents that can occur. All incident management
> plans (including disaster recovery and business continuity) should be
> regularly tested. Your incident response team may need specialist training
> across a range of technical and non-technical areas. Report online crimes to
> the relevant law enforcement agency to help the UK build a clear view of the
> national threat and deliver an appropriate response. 7. Malware prevention
>
> Produce policies that directly address the business processes (such as email,
> web browsing, removable media and personally owned devices) that are
> vulnerable to malware. Scan for malware across your organisation and protect
> all host and client machines with antivirus solutions that will actively scan
> for malware. All information supplied to or from your organisation should be
> scanned for malicious content. 8. Monitoring
>
> Establish a monitoring strategy and develop supporting policies, taking into
> account previous security incidents and attacks, and your organisation?s
> incident management policies. Continuously monitor inbound and outbound
> network traffic to identify unusual activity or trends that could indicate
> attacks and the compromise of data. Monitor all ICT systems using Network and
> Host Intrusion Detection Systems (NIDS/HIDS) and Prevention Systems
> (NIPS/HIDS). 9. Removable media controls
>
> Produce removable media policies that control the use of removable media for
> the import and export of information. Where the use of removable media is
> unavoidable, limit the types of media that can be used together with the
> users, systems, and types of information that can be transferred. Scan all
> media for malware using a standalone media scanner before any data is
> imported into your organisation?s system. 10. Home and mobile working
>
> Assess the risks to all types of mobile working (including remote working
> where the device connects to the corporate network infrastructure) and
> develop appropriate security policies. Train mobile users on the secure use
> of their mobile devices for locations they will be working from. Apply the
> secure baseline build to all types of mobile device used. Protect
> data-at-rest using encryption (if the device supports it) and protect
> data-in-transit using an appropriately configured Virtual Private Network
> (VPN).
>
> Cheers
>
> --
> WISDOM DONKOR (S/N Eng.)
> ICANN Fellow / ISOC Member
> Web/OGPL Portal Specialist
> National Information Technology Agency (NITA)
> Ghana Open Data Initiative (GODI)
> Post Office Box CT. 2439, Cantonments, Accra, Ghana
> Tel; +233 20 812881
> Email: [email protected] <mailto:[email protected]>
> [email protected] <mailto:[email protected]>
> [email protected] <mailto:[email protected]>
> Skype: wisdom_dk
> facebook: facebook@wisdom_dk
> Website: www.nita.gov.gh <http://www.nita.gov.gh/> / www.data.gov.gh
> <http://www.data.gov.gh/>
> www.isoc.gh <http://www.isoc.gh/> / www.itag.org.gh <http://www.itag.org.gh/>
>
>
> _______________________________________________
> Fellowships-alumni mailing list
> [email protected]
> https://mm.icann.org/mailman/listinfo/fellowships-alumni
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.sanog.org/pipermail/sanog/attachments/20151205/a2f6ce94/attachment.html>
------------------------------
_______________________________________________
sanog mailing list
[email protected]
https://lists.sanog.org/mailman/listinfo/sanog
End of sanog Digest, Vol 47, Issue 2
************************************
