Hosters vs. Malware: Best Practices

•Download as PPTX, PDF•

0 likes•400 views

Presentation to the RIPE Anti-Abuse Working Group at RIPE63 in Vienna, November 2011. Covers adopting best practices to handle malware and other forms of network abuse for hosting providers and network operators

Technology Business

Hosters vs. Malware: Best Practices

BLACKNIGHT
Domain Registrar – Hosting Provider

BLACKNIGHT

 Michele Neylon
 Founder / CEO Blacknight
 Contact: http://mneylon.tel
 @mneylon / @blacknight
 http://www.blacknight.com
 http://michele.me/blog

BLACKNIGHT

 Overview
 Why does it matter?

 Some Guidelines / Best Practices

BLACKNIGHT

 Self-regulation => control remains with
industry => retain control of destiny
 Govt. Regulation => industry input possibly
ignored => lose control of destiny

BLACKNIGHT

 Abuse desk best practices => not rocket
science
 No need to think – someone’s already
developed some
 StopBadware (http://stopbadware.org/best-
practices/web-hosting-providers)

StopBadWare Action Flow

1. Acknowledge report
2. Evaluate report
3. Pass on the report
4. Mitigate
5. Resolve
6. Notify reporter
7. Track
8. Review

BLACKNIGHT

 Questions? Complaints?
 Photo credits:
 IStockPhoto
 http://www.flickr.com/photos/forbairt/

Presenting this set of slides with name - Corporate Disaster Prevention And Preparedness Powerpoint Presentation Slides. This complete deck is oriented to make sure you do not lag in your presentations. Our creatively crafted slides come with apt research and planning. This exclusive deck with thirty two slides is here to help you to strategize, plan, analyse, or segment the topic with clear understanding and apprehension. Utilize ready to use presentation slides on Corporate Disaster Prevention And Preparedness Powerpoint Presentation Slides with all sorts of editable templates, charts and graphs, overviews, analysis templates. It is usable for marking important decisions and covering critical issues. Display and present all possible kinds of underlying nuances, progress factors for an all inclusive presentation for the teams. This presentation deck can be used by all professionals, managers, individuals, internal external teams involved in any company organization.

Reputation Guards

Reputation-guards.com

Reputation Guards

Reputation-guards

Reputation Guards

Why isn't infosec working? Did you turn it off and back on again?

Rob Fuller

BruCon 2019 Keynote -=> My name is Rob Fuller, I've been around a bit, not as long as some but longer than others. From the US military to government contracting, consulting, large companies, tiny startups and silicon valley behemoths, from podcasting to television, I've had a storied and humbling career in infosec. Let’s get past complaining about blinky lights and users. Let’s talk about what actually works and what doesn't.

Building a Modern Security Engineering Organization

Zane Lackey

Continuous deployment and the DevOps philosophy have forever changed the ways in which businesses operate. This talk with discuss how security adapts effectively to these changes, specifically covering: - Practical advice for building and scaling modern AppSec and NetSec programs - Lessons learned for organizations seeking to launch a bug bounty program - How to run realistic attack simulations and learn the signals of compromise in your environment

Planning and Deploying an Effective Vulnerability Management Program

Sasha Nunke

This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets. Key take-aways: * Integrating the 3 critical factors - people, processes & technology * Saving time and money via automated tools * Anticipating and overcoming common Vulnerability Management roadblocks * Meeting security regulations and compliance requirements with Vulnerability Management

Irm 12-insiderabuse

Kasper de Waard

Intro to-ssdl--lone-star-php-2013nanderoo

Demystifying Selling Online

Blacknight

Every Time You Register a Domain Name With a Hyphen a Puppy Dies

Blacknight

Similar to Hosters vs. Malware: Best Practices

DeltaV Security - Don’t Let Your Business Be Caught Without It

Emerson Exchange

OSB310: Whitelisting: The Good, The Bad, and The Ugly!

Ivanti

Infrastructure is development

stahnma

INFRAGARD 2014: Back to basics security

Joel Cardella

DS Crisis Management Foundation Risk

Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...

Rafal Los

Problem management foundation - IT risk

Ronald Bartels

Image analysis for malicious advertisement detectionJithendranath Joijoide

The on-call survival guide - how to be confident on-call

Raygun

Reputation-guards.com

Reputation Guards

Corporate Disaster Prevention And Preparedness PowerPoint Presentation Slides

SlideTeam

Reputation Guards

Reputation-guards.com

Reputation Guards

Reputation-guards

Reputation Guards

Why isn't infosec working? Did you turn it off and back on again?

Rob Fuller

Building a Modern Security Engineering Organization

Zane Lackey

Planning and Deploying an Effective Vulnerability Management Program

Sasha Nunke

Irm 12-insiderabuse

Kasper de Waard

Intro to-ssdl--lone-star-php-2013nanderoo

Similar to Hosters vs. Malware: Best Practices (20)

DeltaV Security - Don’t Let Your Business Be Caught Without It

OSB310: Whitelisting: The Good, The Bad, and The Ugly!

Infrastructure is development

INFRAGARD 2014: Back to basics security

DS Crisis Management Foundation Risk

Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...

Problem management foundation - IT risk

Image analysis for malicious advertisement detection

The on-call survival guide - how to be confident on-call

Reputation-guards.com

Reputation Guards

Corporate Disaster Prevention And Preparedness PowerPoint Presentation Slides

Reputation Guards

Reputation-guards.com

Reputation-guards

Why isn't infosec working? Did you turn it off and back on again?

Building a Modern Security Engineering Organization

Planning and Deploying an Effective Vulnerability Management Program

Irm 12-insiderabuse

Intro to-ssdl--lone-star-php-2013

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

The Future of Platform Engineering

Jemma Hussein Allen

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

Enhancing Performance with Globus and the Science DMZ

Globus

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Elizabeth Buie - Older adults: Are we really designing for our future selves?

DevOps and Testing slides at DASA Connect

Quantum Computing: Current Landscape and the Future Role of APIs

Accelerate your Kubernetes clusters with Varnish Caching

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

FIDO Alliance Osaka Seminar: Overview.pdf

The Future of Platform Engineering

Epistemic Interaction - tuning interfaces to provide information for AI support

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Enhancing Performance with Globus and the Science DMZ

Pushing the limits of ePRTC: 100ns holdover for 100 days

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

UiPath Test Automation using UiPath Test Suite series, part 4

A tale of scale & speed: How the US Navy is enabling software delivery from l...

Hosters vs. Malware: Best Practices

1. Hosters vs. Malware: Best Practices BLACKNIGHT Domain Registrar – Hosting Provider

2. BLACKNIGHT  Michele Neylon  Founder / CEO Blacknight  Contact: http://mneylon.tel  @mneylon / @blacknight  http://www.blacknight.com  http://michele.me/blog

3. BLACKNIGHT  Overview  Why does it matter?  Some Guidelines / Best Practices

4. BLACKNIGHT

5. BLACKNIGHT  Security Issues / Abuse are not going away  Apathy is NOT an option  Self-regulation vs Regulation + govt intervention  Image / brand / reputation => You value them, don’t you?

6. BLACKNIGHT

7. BLACKNIGHT  Self-regulation => control remains with industry => retain control of destiny  Govt. Regulation => industry input possibly ignored => lose control of destiny

8. BLACKNIGHT

9. BLACKNIGHT  Abuse desk best practices => not rocket science  No need to think – someone’s already developed some  StopBadware (http://stopbadware.org/best- practices/web-hosting-providers)

10.

11. StopBadWare Action Flow 1. Acknowledge report 2. Evaluate report 3. Pass on the report 4. Mitigate 5. Resolve 6. Notify reporter 7. Track 8. Review

12.

13. BLACKNIGHT

14. BLACKNIGHT

15. BLACKNIGHT

16. BLACKNIGHT  Questions? Complaints?  Photo credits:  IStockPhoto  http://www.flickr.com/photos/forbairt/