Send sanog mailing list submissions to sanog@sanog.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.sanog.org/mailman/listinfo/sanog or, via email, send a message with subject or body 'help' to sanog-requ...@sanog.org
You can reach the person managing the list at sanog-ow...@sanog.org When replying, please edit your Subject line so it is more specific than "Re: Contents of sanog digest..." Today's Topics: 1. Weekly Routing Table Report (Routing Analysis Role Account) 2. Fwd: [fellowships-alumni] PONMOCUP THREAT (GZ Kabir) ---------------------------------------------------------------------- Message: 1 Date: Sat, 5 Dec 2015 04:11:13 +1000 (AEST) From: Routing Analysis Role Account <csc...@apnic.net> To: ap...@apops.net, na...@nanog.org, routing...@ripe.net, af...@afnog.org, sanog@sanog.org, pac...@pacnog.org, saf...@safnog.org Subject: [SANOG] Weekly Routing Table Report Message-ID: <201512041811.tb4ibdj8031...@thyme.rand.apnic.net> This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, SAFNOG, PaNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith <pfsi...@gmail.com>. Routing Table Report 04:00 +10GMT Sat 05 Dec, 2015 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary ---------------- BGP routing table entries examined: 571357 Prefixes after maximum aggregation (per Origin AS): 212309 Deaggregation factor: 2.69 Unique aggregates announced (without unneeded subnets): 278305 Total ASes present in the Internet Routing Table: 52177 Prefixes per ASN: 10.95 Origin-only ASes present in the Internet Routing Table: 36655 Origin ASes announcing only one prefix: 15946 Transit ASes present in the Internet Routing Table: 6383 Transit-only ASes present in the Internet Routing Table: 165 Average AS path length visible in the Internet Routing Table: 4.4 Max AS path length visible: 35 Max AS path prepend of ASN ( 55644) 31 Prefixes from unregistered ASNs in the Routing Table: 1028 Unregistered ASNs in the Routing Table: 367 Number of 32-bit ASNs allocated by the RIRs: 11965 Number of 32-bit ASNs visible in the Routing Table: 9139 Prefixes from 32-bit ASNs in the Routing Table: 34775 Number of bogon 32-bit ASNs visible in the Routing Table: 14 Special use prefixes present in the Routing Table: 0 Prefixes being announced from unallocated address space: 421 Number of addresses announced to Internet: 2802085056 Equivalent to 167 /8s, 4 /16s and 108 /24s Percentage of available address space announced: 75.7 Percentage of allocated address space announced: 75.7 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 97.8 Total number of prefixes smaller than registry allocations: 188133 APNIC Region Analysis Summary ----------------------------- Prefixes being announced by APNIC Region ASes: 144487 Total APNIC prefixes after maximum aggregation: 39866 APNIC Deaggregation factor: 3.62 Prefixes being announced from the APNIC address blocks: 152684 Unique aggregates announced from the APNIC address blocks: 60777 APNIC Region origin ASes present in the Internet Routing Table: 5113 APNIC Prefixes per ASN: 29.86 APNIC Region origin ASes announcing only one prefix: 1190 APNIC Region transit ASes present in the Internet Routing Table: 895 Average APNIC Region AS path length visible: 4.4 Max APNIC Region AS path length visible: 34 Number of APNIC region 32-bit ASNs visible in the Routing Table: 1719 Number of APNIC addresses announced to Internet: 756067456 Equivalent to 45 /8s, 16 /16s and 172 /24s Percentage of available APNIC address space announced: 88.4 APNIC AS Blocks 4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 63488-64098, 131072-135580 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8, 163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary ---------------------------- Prefixes being announced by ARIN Region ASes: 180946 Total ARIN prefixes after maximum aggregation: 88978 ARIN Deaggregation factor: 2.03 Prefixes being announced from the ARIN address blocks: 184304 Unique aggregates announced from the ARIN address blocks: 86632 ARIN Region origin ASes present in the Internet Routing Table: 16512 ARIN Prefixes per ASN: 11.16 ARIN Region origin ASes announcing only one prefix: 5973 ARIN Region transit ASes present in the Internet Routing Table: 1717 Average ARIN Region AS path length visible: 3.7 Max ARIN Region AS path length visible: 27 Number of ARIN region 32-bit ASNs visible in the Routing Table: 859 Number of ARIN addresses announced to Internet: 1102523072 Equivalent to 65 /8s, 183 /16s and 42 /24s Percentage of available ARIN address space announced: 58.3 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 35840-36863, 39936-40959, 46080-47103 53248-55295, 62464-63487, 64198-64296, 393216-395164 ARIN Address Blocks 3/8, 4/8, 6/8, 7/8, 8/8, 9/8, 11/8, 12/8, 13/8, 15/8, 16/8, 17/8, 18/8, 19/8, 20/8, 21/8, 22/8, 23/8, 24/8, 26/8, 28/8, 29/8, 30/8, 32/8, 33/8, 34/8, 35/8, 38/8, 40/8, 44/8, 45/8, 47/8, 48/8, 50/8, 52/8, 53/8, 54/8, 55/8, 56/8, 57/8, 63/8, 64/8, 65/8, 66/8, 67/8, 68/8, 69/8, 70/8, 71/8, 72/8, 73/8, 74/8, 75/8, 76/8, 96/8, 97/8, 98/8, 99/8, 100/8, 104/8, 107/8, 108/8, 128/8, 129/8, 130/8, 131/8, 132/8, 134/8, 135/8, 136/8, 137/8, 138/8, 139/8, 140/8, 142/8, 143/8, 144/8, 146/8, 147/8, 148/8, 149/8, 152/8, 155/8, 156/8, 157/8, 158/8, 159/8, 160/8, 161/8, 162/8, 164/8, 165/8, 166/8, 167/8, 168/8, 169/8, 170/8, 172/8, 173/8, 174/8, 184/8, 192/8, 198/8, 199/8, 204/8, 205/8, 206/8, 207/8, 208/8, 209/8, 214/8, 215/8, 216/8, RIPE Region Analysis Summary ---------------------------- Prefixes being announced by RIPE Region ASes: 137500 Total RIPE prefixes after maximum aggregation: 68502 RIPE Deaggregation factor: 2.01 Prefixes being announced from the RIPE address blocks: 145455 Unique aggregates announced from the RIPE address blocks: 90245 RIPE Region origin ASes present in the Internet Routing Table: 18032 RIPE Prefixes per ASN: 8.07 RIPE Region origin ASes announcing only one prefix: 7990 RIPE Region transit ASes present in the Internet Routing Table: 2987 Average RIPE Region AS path length visible: 4.8 Max RIPE Region AS path length visible: 30 Number of RIPE region 32-bit ASNs visible in the Routing Table: 4264 Number of RIPE addresses announced to Internet: 701905536 Equivalent to 41 /8s, 214 /16s and 58 /24s Percentage of available RIPE address space announced: 102.0 RIPE AS Blocks 1877-1901, 2043, 2047, 2107-2136, 2585-2614 (pre-ERX allocations) 2773-2822, 2830-2879, 3154-3353, 5377-5631 6656-6911, 8192-9215, 12288-13311, 15360-16383 20480-21503, 24576-25599, 28672-29695 30720-31743, 33792-35839, 38912-39935 40960-45055, 47104-52223, 56320-58367 59392-61439, 61952-62463, 196608-204287 RIPE Address Blocks 2/8, 5/8, 25/8, 31/8, 37/8, 46/8, 51/8, 62/8, 77/8, 78/8, 79/8, 80/8, 81/8, 82/8, 83/8, 84/8, 85/8, 86/8, 87/8, 88/8, 89/8, 90/8, 91/8, 92/8, 93/8, 94/8, 95/8, 109/8, 141/8, 145/8, 151/8, 176/8, 178/8, 185/8, 188/8, 193/8, 194/8, 195/8, 212/8, 213/8, 217/8, LACNIC Region Analysis Summary ------------------------------ Prefixes being announced by LACNIC Region ASes: 60468 Total LACNIC prefixes after maximum aggregation: 11827 LACNIC Deaggregation factor: 5.11 Prefixes being announced from the LACNIC address blocks: 73119 Unique aggregates announced from the LACNIC address blocks: 34095 LACNIC Region origin ASes present in the Internet Routing Table: 2455 LACNIC Prefixes per ASN: 29.78 LACNIC Region origin ASes announcing only one prefix: 599 LACNIC Region transit ASes present in the Internet Routing Table: 544 Average LACNIC Region AS path length visible: 4.7 Max LACNIC Region AS path length visible: 22 Number of LACNIC region 32-bit ASNs visible in the Routing Table: 2126 Number of LACNIC addresses announced to Internet: 170315776 Equivalent to 10 /8s, 38 /16s and 208 /24s Percentage of available LACNIC address space announced: 101.5 LACNIC AS Blocks 26592-26623, 27648-28671, 52224-53247, 61440-61951, 64099-64197, 262144-265628 + ERX transfers LACNIC Address Blocks 177/8, 179/8, 181/8, 186/8, 187/8, 189/8, 190/8, 191/8, 200/8, 201/8, AfriNIC Region Analysis Summary ------------------------------- Prefixes being announced by AfriNIC Region ASes: 13096 Total AfriNIC prefixes after maximum aggregation: 3095 AfriNIC Deaggregation factor: 4.23 Prefixes being announced from the AfriNIC address blocks: 15374 Unique aggregates announced from the AfriNIC address blocks: 6200 AfriNIC Region origin ASes present in the Internet Routing Table: 734 AfriNIC Prefixes per ASN: 20.95 AfriNIC Region origin ASes announcing only one prefix: 194 AfriNIC Region transit ASes present in the Internet Routing Table: 164 Average AfriNIC Region AS path length visible: 4.5 Max AfriNIC Region AS path length visible: 20 Number of AfriNIC region 32-bit ASNs visible in the Routing Table: 171 Number of AfriNIC addresses announced to Internet: 70910720 Equivalent to 4 /8s, 58 /16s and 3 /24s Percentage of available AfriNIC address space announced: 70.4 AfriNIC AS Blocks 36864-37887, 327680-328703 & ERX transfers AfriNIC Address Blocks 41/8, 102/8, 105/8, 154/8, 196/8, 197/8, APNIC Region per AS prefix count summary ---------------------------------------- ASN No of nets /20 equiv MaxAgg Description 4538 5502 4192 75 China Education and Research 7545 3019 346 154 TPG Telecom Limited 4766 2994 11135 990 Korea Telecom 17974 2725 914 96 PT Telekomunikasi Indonesia 9829 2214 1413 315 National Internet Backbone 4755 2065 431 234 TATA Communications formerly 9808 1684 8639 18 Guangdong Mobile Communicatio 4808 1568 2273 500 CNCGROUP IP network China169 9583 1519 163 85 Sify Limited 9498 1401 335 112 BHARTI Airtel Ltd. Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-APNIC ARIN Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 22773 3244 2964 143 Cox Communications Inc. 3356 2574 10691 525 Level 3 Communications, Inc. 6389 2508 3687 42 BellSouth.net Inc. 18566 2213 394 277 MegaPath Corporation 20115 1889 1897 401 Charter Communications 6983 1697 849 238 EarthLink, Inc. 30036 1656 331 355 Mediacom Communications Corp 4323 1578 1021 396 tw telecom holdings, inc. 209 1486 4327 1235 Qwest Communications Company, 701 1392 11415 664 MCI Communications Services, Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-ARIN RIPE Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 39891 2473 129 7 SaudiNet, Saudi Telecom Compa 20940 2241 888 1608 Akamai International B.V. 34984 1912 319 410 TELLCOM ILETISIM HIZMETLERI A 8551 1241 376 44 Bezeq International-Ltd 8402 1185 544 15 OJSC "Vimpelcom" 13188 1075 97 79 TOV "Bank-Inform" 12479 1051 967 77 France Telecom Espana SA 31148 1041 47 41 Freenet Ltd. 9198 958 349 25 JSC Kazakhtelecom 6830 898 2712 468 Liberty Global Operations B.V Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-RIPE LACNIC Region per AS prefix count summary ----------------------------------------- ASN No of nets /20 equiv MaxAgg Description 10620 3407 540 157 Telmex Colombia S.A. 8151 2113 3347 500 Uninet S.A. de C.V. 7303 1580 941 241 Telecom Argentina S.A. 6503 1386 437 57 Axtel, S.A.B. de C.V. 28573 1261 2164 119 NET Serviços de Comunicação S 11830 1094 364 24 Instituto Costarricense de El 6147 1039 376 34 Telefonica del Peru S.A.A. 26615 1000 2325 34 Tim Celular S.A. 7738 994 1882 41 Telemar Norte Leste S.A. 3816 970 459 186 COLOMBIA TELECOMUNICACIONES S Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-LACNIC AfriNIC Region per AS prefix count summary ------------------------------------------ ASN No of nets /20 equiv MaxAgg Description 8452 1117 1470 14 TE-AS 24863 1038 409 38 Link Egypt (Link.NET) 37611 577 39 42 Afrihost-Brevis Computer Serv 36903 522 263 102 Office National des Postes et 36992 427 1229 31 ETISALAT MISR 37492 323 192 74 Orange Tunisie 29571 244 21 11 Cote d'Ivoire Telecom 3741 221 837 183 Internet Solutions 24835 201 146 12 Vodafone Data 15706 171 32 6 Sudatel (Sudan Telecom Co. Lt Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-AFRINIC Global Per AS prefix count summary ---------------------------------- ASN No of nets /20 equiv MaxAgg Description 4538 5502 4192 75 China Education and Research 10620 3407 540 157 Telmex Colombia S.A. 22773 3244 2964 143 Cox Communications Inc. 7545 3019 346 154 TPG Telecom Limited 4766 2994 11135 990 Korea Telecom 17974 2725 914 96 PT Telekomunikasi Indonesia 3356 2574 10691 525 Level 3 Communications, Inc. 6389 2508 3687 42 BellSouth.net Inc. 39891 2473 129 7 SaudiNet, Saudi Telecom Compa 20940 2241 888 1608 Akamai International B.V. Complete listing at http://thyme.rand.apnic.net/current/data-ASnet Global Per AS Maximum Aggr summary ---------------------------------- ASN No of nets Net Savings Description 10620 3407 3250 Telmex Colombia S.A. 22773 3244 3101 Cox Communications Inc. 7545 3019 2865 TPG Telecom Limited 17974 2725 2629 PT Telekomunikasi Indonesia 6389 2508 2466 BellSouth.net Inc. 39891 2473 2466 SaudiNet, Saudi Telecom Compa 3356 2574 2049 Level 3 Communications, Inc. 4766 2994 2004 Korea Telecom 18566 2213 1936 MegaPath Corporation 9829 2214 1899 National Internet Backbone Complete listing at http://thyme.rand.apnic.net/current/data-CIDRnet List of Unregistered Origin ASNs (Global) ----------------------------------------- Bad AS Designation Network Transit AS Description 8655 UNALLOCATED 1.3.3.0/24 4134 No.31,Jin-rong Stree 30662 UNALLOCATED 8.2.129.0/24 3356 Level 3 Communicatio 47092 UNALLOCATED 8.8.204.0/24 16410 The Reynolds and Rey 53506 UNALLOCATED 8.17.102.0/23 3356 Level 3 Communicatio 46467 UNALLOCATED 8.19.192.0/24 46887 Lightower Fiber Netw 18985 UNALLOCATED 8.21.68.0/22 3356 Level 3 Communicatio 46473 UNALLOCATED 8.27.122.0/24 3356 Level 3 Communicatio 46473 UNALLOCATED 8.27.124.0/24 3356 Level 3 Communicatio 27205 UNALLOCATED 8.38.16.0/21 3356 Level 3 Communicatio 15347 UNALLOCATED 8.224.147.0/24 12064 Cox Communications I Complete listing at http://thyme.rand.apnic.net/current/data-badAS Advertised Unallocated Addresses -------------------------------- Network Origin AS Description 23.226.112.0/20 62788 >>UNKNOWN<< 23.249.144.0/20 40430 colo4jax, LLC 23.249.144.0/21 40430 colo4jax, LLC 23.249.152.0/21 40430 colo4jax, LLC 27.100.7.0/24 56096 >>UNKNOWN<< 31.170.96.0/23 23456 32bit Transition AS 31.217.248.0/21 44902 COVAGE NETWORKS SASU 37.46.8.0/23 13768 Peer 1 Network (USA) Inc. 37.46.10.0/23 36351 SoftLayer Technologies Inc. 37.46.14.0/24 36351 SoftLayer Technologies Inc. Complete listing at http://thyme.rand.apnic.net/current/data-add-IANA Number of prefixes announced per prefix length (Global) ------------------------------------------------------- /1:0 /2:0 /3:0 /4:0 /5:0 /6:0 /7:0 /8:16 /9:11 /10:36 /11:98 /12:264 /13:507 /14:1009 /15:1765 /16:12937 /17:7374 /18:12563 /19:25583 /20:37612 /21:39750 /22:62943 /23:54469 /24:312855 /25:541 /26:580 /27:382 /28:16 /29:16 /30:9 /31:0 /32:21 Advertised prefixes smaller than registry allocations ----------------------------------------------------- ASN No of nets Total ann. Description 22773 2435 3244 Cox Communications Inc. 39891 2432 2473 SaudiNet, Saudi Telecom Compa 18566 2115 2213 MegaPath Corporation 6389 1553 2508 BellSouth.net Inc. 30036 1473 1656 Mediacom Communications Corp 6983 1344 1697 EarthLink, Inc. 10620 1285 3407 Telmex Colombia S.A. 34984 1209 1912 TELLCOM ILETISIM HIZMETLERI A 11492 1134 1219 CABLE ONE, INC. 31148 960 1041 Freenet Ltd. Complete listing at http://thyme.rand.apnic.net/current/data-sXXas-nos Number of /24s announced per /8 block (Global) ---------------------------------------------- 1:1645 2:701 4:100 5:2037 6:25 8:1409 12:1803 13:28 14:1550 15:23 16:2 17:57 18:19 20:48 23:1323 24:1740 27:2129 31:1681 32:54 33:2 34:4 35:5 36:192 37:2223 38:1122 39:22 40:74 41:2894 42:365 43:1615 44:36 45:1520 46:2338 47:63 49:1028 50:816 52:33 54:93 55:7 56:8 57:44 58:1414 59:822 60:514 61:1762 62:1448 63:1918 64:4408 65:2189 66:4032 67:2138 68:1078 69:3244 70:1035 71:463 72:1991 74:2548 75:356 76:407 77:1382 78:1259 79:803 80:1339 81:1356 82:845 83:650 84:780 85:1482 86:454 87:1042 88:540 89:1900 90:167 91:5988 92:861 93:2302 94:2179 95:2236 96:473 97:352 98:909 99:45 100:79 101:851 103:8953 104:2188 105:73 106:358 107:1136 108:635 109:2122 110:1223 111:1519 112:859 113:1101 114:892 115:1512 116:1472 117:1347 118:1976 119:1494 120:506 121:1155 122:2129 123:1853 124:1563 125:1736 128:707 129:369 130:389 131:1272 132:589 133:169 134:451 135:119 136:344 137:248 138:1539 139:190 140:247 141:456 142:638 143:727 144:571 145:147 146:798 147:612 148:1288 149:446 150:621 151:811 152:569 153:271 154:473 155:906 156:453 157:446 158:342 159:1057 160:420 161:674 162:2209 163:493 164:706 165:1086 166:312 167:889 168:1331 169:545 170:1502 171:261 172:357 173:1557 174:705 175:759 176:1511 177:3933 178:2341 179:1076 180:2022 181:1598 182:1874 183:656 184:770 185:5035 186:3049 187:1860 188:2075 189:1706 190:7525 191:1211 192:8713 193:5709 194:4311 195:3696 196:2238 197:1109 198:5484 199:5545 200:6682 201:3504 202:9848 203:9243 204:4567 205:2746 206:3032 207:3022 208:4004 209:3968 210:3748 211:2008 212:2684 213:2179 214:842 215:73 216:5763 217:1879 218:743 219:542 220:1631 221:808 222:639 223:861 End of report ------------------------------ Message: 2 Date: Sat, 5 Dec 2015 11:28:46 +0600 From: GZ Kabir <gzka...@office.bdcom.com> Subject: [SANOG] Fwd: [fellowships-alumni] PONMOCUP THREAT Message-ID: <91ac35cc-c56b-49f3-b940-494381b4a...@office.bdcom.com> Content-Type: text/plain; charset="utf-8" This is for all? > Begin forwarded message: > > From: Wisdom Donkor <wisdom...@gmail.com> > Date: December 5, 2015 at 3:53:08 AM GMT+6 > To: "fellowships-alu...@icann.org" <fellowships-alu...@icann.org> > Subject: [fellowships-alumni] PONMOCUP THREAT > > Dear All, > > Botconf One of the world's most successful, oldest, and largest botnets is an > underestimated and largely-unknown threat that has over time infected 15 > million machines and made millions plundering bank accounts. > > The findings from a team of eight Fox IT researchers say the 'Ponmocup' > botnet controlled 2.4 million infections at its peak in 2011 and now holds > about half a million machines under its power. > > Lead author Maarten van Dantzig presented the work at the BotConf conference > this week in the paper Ponmocup: A giant hiding in the shadows. > > In it he and researchers Danny Heppener; Frank Ruiz; Yonathan Klijnsma; Yun > Zheng Hu Erik de Jong; Krijn de Mik, and Lennart Haagsma say how the malware > first described in 2006 has a strong focus on stealth and has made its likely > Russian authors millions of dollars. > > "Compared to other botnets, Ponmocup is one of the largest currently active > and, with nine consecutive years, also one of the longest running but it is > rarely noticed as the operators take care to keep it operating under the > radar," van Dantzig says . > > "Although it is difficult to quantify the exact amount of money earned with > the Ponmocup botnet, it is likely that it has already been a multi-million > dollar business for years now. > > "Firstly, their infrastructure is complex, distributed and extensive, with > servers for dedicated tasks." > > Van Dantzig says the attackers maintain comprehensive infrastructure that is > quality tested, and updated to improve robustness stealth, and can quickly > mitigate risks. > > They are he says technically sophisticated with a deep access of Windows and > some 10 years malware development experience. > > So far the team has found some 25 unique plug-ins and a whopping 4000 > variants that indicate continuous development. > > The malware includes anti-analysis tricks such as heuristic checks for > network and host-based analysis tools, debuggers and virtualised > environments. It also drops clever fake payloads to throw off analysts, the > researcher team says. > > One of the payloads injects an obvious executable into running processes that > serves as an annoying advertising injector commonly found in horrid software > bundlers. > > It is recommends users and administrators mitigate this issue as follows: > > 1.Information Risk Management Regime > > Assess the risks to your organisation?s information assets with the same > vigour as you would for legal, regulatory, financial or operational risk. To > achieve this, embed an Information Risk Management Regime across your > organisation, supported by the Board, senior managers and an empowered > information assurance (IA) structure. Consider communicating your risk > management policy across your organisation to ensure that employees, > contractors and suppliers are aware of your organisation?s risk management > boundaries. 2. Secure configuration > > Introduce corporate policies and processes to develop secure baseline builds, > and manage the configuration and use of your ICT systems. Remove or disable > unnecessary functionality from ICT systems, and keep them patched against > known vulnerabilities. Failing to do this will expose your business to > threats and vulnerabilities, and increase risk to the confidentiality, > integrity and availability of systems and information. 3. Network security > > Connecting to untrusted networks (such as the Internet) can expose your > organisation to cyber attacks. Follow recognised network design principles > when configuring perimeter and internal network segments, and ensure all > network devices are configured to the secure baseline build. Filter all > traffic at the network perimeter so that only traffic required to support > your business is allowed, and monitor traffic for unusual or malicious > incoming and outgoing activity that could indicate an attack (or attempted > attack). 4. Managing user privileges > > All users of your ICT systems should only be provided with the user > privileges that they need to do their job. Control the number of privileged > accounts for roles such as system or database administrators, and ensure this > type of account is not used for high risk or day-to-day user activities. > Monitor user activity, particularly all access to sensitive information and > privileged account actions (such as creating new user accounts, changes to > user passwords and deletion of accounts and audit logs). 5. User education > and awareness > > Produce user security policies that describe acceptable and secure use of > your organisation?s ICT systems. These should be formally acknowledged in > employment terms and conditions. All users should receive regular training on > the cyber risks they face as employees and individuals. Security related > roles (such as system administrators, incident management team members and > forensic investigators) will require specialist training. 6. Incident > management > > Establish an incident response and disaster recovery capability that > addresses the full range of incidents that can occur. All incident management > plans (including disaster recovery and business continuity) should be > regularly tested. Your incident response team may need specialist training > across a range of technical and non-technical areas. Report online crimes to > the relevant law enforcement agency to help the UK build a clear view of the > national threat and deliver an appropriate response. 7. Malware prevention > > Produce policies that directly address the business processes (such as email, > web browsing, removable media and personally owned devices) that are > vulnerable to malware. Scan for malware across your organisation and protect > all host and client machines with antivirus solutions that will actively scan > for malware. All information supplied to or from your organisation should be > scanned for malicious content. 8. Monitoring > > Establish a monitoring strategy and develop supporting policies, taking into > account previous security incidents and attacks, and your organisation?s > incident management policies. Continuously monitor inbound and outbound > network traffic to identify unusual activity or trends that could indicate > attacks and the compromise of data. Monitor all ICT systems using Network and > Host Intrusion Detection Systems (NIDS/HIDS) and Prevention Systems > (NIPS/HIDS). 9. Removable media controls > > Produce removable media policies that control the use of removable media for > the import and export of information. Where the use of removable media is > unavoidable, limit the types of media that can be used together with the > users, systems, and types of information that can be transferred. Scan all > media for malware using a standalone media scanner before any data is > imported into your organisation?s system. 10. Home and mobile working > > Assess the risks to all types of mobile working (including remote working > where the device connects to the corporate network infrastructure) and > develop appropriate security policies. Train mobile users on the secure use > of their mobile devices for locations they will be working from. Apply the > secure baseline build to all types of mobile device used. Protect > data-at-rest using encryption (if the device supports it) and protect > data-in-transit using an appropriately configured Virtual Private Network > (VPN). > > Cheers > > -- > WISDOM DONKOR (S/N Eng.) > ICANN Fellow / ISOC Member > Web/OGPL Portal Specialist > National Information Technology Agency (NITA) > Ghana Open Data Initiative (GODI) > Post Office Box CT. 2439, Cantonments, Accra, Ghana > Tel; +233 20 812881 > Email: wisdom...@hotmail.com <mailto:wisdom...@hotmail.com> > wisdom.don...@data.gov.gh <mailto:wisdom.don...@data.gov.gh> > wisdom...@gmail.com <mailto:wisdom...@gmail.com> > Skype: wisdom_dk > facebook: facebook@wisdom_dk > Website: www.nita.gov.gh <http://www.nita.gov.gh/> / www.data.gov.gh > <http://www.data.gov.gh/> > www.isoc.gh <http://www.isoc.gh/> / www.itag.org.gh <http://www.itag.org.gh/> > > > _______________________________________________ > Fellowships-alumni mailing list > fellowships-alu...@icann.org > https://mm.icann.org/mailman/listinfo/fellowships-alumni -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.sanog.org/pipermail/sanog/attachments/20151205/a2f6ce94/attachment.html> ------------------------------ _______________________________________________ sanog mailing list sanog@sanog.org https://lists.sanog.org/mailman/listinfo/sanog End of sanog Digest, Vol 47, Issue 2 ************************************