by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : October 2012
8 GCN OCTOBER 2012 • GCN.COM [BrieFing] HOW IT WORKS Government websites have been frequent targets of distributed denial of service attacks, which attempt to overwhelm a Web server with so many requests that the site becomes unavail- able. Spotting such an attack can de- pend on what type of DDOS attack it is. Spotting and blocking a brute force Layer 4 (Transport Layer) denial-of-service attack is relatively simple, although de- fense can be complicated by distributing the attack across a number of compro- mised computers in a botnet to reduce the volume from any one address, or through other camou age techniques. A Layer 7 attack is another, more dif- cult, matter. It comes in at the Applica- tion Layer after a technically legitimate connection has been established with the target and overwhelms the applica- tion with a large number of otherwise. Excessive requests can be spotted and rejected, but when they are distrib- uted across a botnet or a network of accomplices it can be dif cult to dis- tinguish the legitimate from the hostile. Defenders risk either blocking legitimate requests (false positives) or allowing malicious requests to go through (false negatives). Which of these is worse depends on your mission and your re- sources, but neither is desirable. Fortunately there usually is a common characteristic of malicious traf c: It is being generated by an automated tool of some kind. So the challenge becomes, how do you spot the bot? The Hillsborough County, Fla., Sheriff's Of ce is using a hosted service from Black Lotus Communications that uses proprietary algorithms to identify auto- mated malicious traf c. The company began developing its Human Behavior Analysis in 2009 as a response to Layer 7 DDOS attacks. Cus- tomer traf c is routed through the HBA engine to answer the question, "human, or not human?" If traf c is human, it is passed along to its destination. If not, it is agged for further observation and analysis for malicious behavior. How does it know? Black Lotus CEO Jeffrey Lyon won't go into detail except to say the algorithms rely on collected experience of the behavior of traf c generated by real people. "A robot will mimic human behavior, but a robot will always act like a robot," Lyon said. The algorithms look for those fabricated patterns that do not match human behavior. Black Lotus's HBA is not the rst tool to spot and block DDOS attacks, but Lyon said he believes it is the rst that is website agnostic; that is, it does not depend on patterns generated by visitors to a speci c site. That means that --- if it works --- it should be able to identify DDOS traf c to any customer's site out of the box. The Hillsborough County Sheriff Of- ce, which adopted the service as an added layer of defense in anticipation of August's GOP convention in Tampa, is happy with it and is keeping it, although department CIO Christopher Peek said that in its rst two months it has not yet been called upon to block an attack. Lyon said the algorithms are constant- ly being tuned. "I am sure there will always be chal- lenges," he said. "I don't want to say that any system is foolproof. But there will always be something that will iden- tify a robot as a robot. The challenge will be how apparent it is. • Spot the bot: Identifying robot behavior to defeat DDOS attacks BY WILLIAM JACKSON [the index] 7 for 7: Top challenges faced by agencies in moving to the cloud The Government Accountability O ce recently studied progress of seven agencies in meeting the goals of the Obama administration s 2010 "Cloud First" policy, which requires agencies to evaluate secure cloud comput- ing options prior to making any new investments in IT. According to GAO, here are the top challenges agencies are facing imple- menting the policy. 1. Meeting federal security require- ments. Finding cloud vendors that can handle government agencies security requirements. 2. Obtaining guidance. In some cases, a mandate to move to the cloud was issued before su cient guidance was in place. 3. Acquiring knowledge and exper- tise. Some agencies had a di cult time teaching employees new pro- cesses. 4. Certifying and accrediting vendors. Federal security standards can slow the certifying of vendor employees and services.. 5. Ensuring data portability and interoperability. Always a di cult step, especially when changing ven- dors. 6. Overcoming cultural barriers. Culture can work against a switch to cloud, especially if an agency has had security breaches. 7. Procuring services on a consump- tion (on-demand) basis. On-demand service can ebb and flow, and can t be predicted, so budgeting and contract- ing is challenging.