Recognition Scheme of Cybersecurity Assessment Providers

BNShosting.Net is now a part of the Security and Protection Assessment by DICT in Recognizing Cybersecurity Assessment Providers.

DICT recognized Bitstop Network Services Inc. as a Cybersecurity Assessment Provider (ISMS) effective 3rd June 2022 and that Bitstop Network Services Inc., will now be included in the DICT-Recognized Cybersecurity Assessment Providers listed in the DICT website.

https://dict.gov.ph/recognition-scheme-cybersecurity-assessment-providers/

How to survive a DDoS attack

A DDoS attack is an attack that targets a website. It works by flooding the target website with bogus traffic. By doing this, the attackers are able to “flood” and disrupt the service. This makes it unavailable for legitimate users. The impact of such an attack can be significant. It can lead to prolonged downtime, lost revenue, and dissatisfied customers.

The most important step in dealing with DDoS is to be prepared. This is what you do BEFORE the attack is launched. Identify the potential targets: assets, including servers, applications, and services. Then, you need to determine what effect the outage will have on your customers and users. The cost of an outage is your justification for budgets to fund your countermeasures. Create an incident response playbook.

Preparation Step 1

Have you done capacity planning? How many concurrent visitors can your existing setup handle? Would it make sense to add more memory, CPUs, bandwidth and faster SSD to your storage? Have you optimized your current code so that more visitors can be served? Do you have SNMP monitoring and alerts? Did you enable firewall, web and event logging? It is also important to set up security policies to protect sensitive data. Are all your systems fully updated and patched?

Preparation Step 2

Have you hardened your defenses yet? Did you update your rules for Intrusion protection and detection systems? These are your first line of defense. The attacks that gets past your first line of defense can be stopped by a second line. This is your Web Application Firewall (WAF/modsec). The combination usually is enough to filter out a lot of unwanted traffic.

The key point is to filter out unwanted traffic. You need to create a filter that allows legitimate traffic and discards illegitimate traffic. But understand that it is still no defense against a flood of traffic that is 100X what the server is setup to handle.

Preparation Step 3

Notice that hackers concentrate their DDoS ‘firepower’ onto a target. You can force hackers to spread out their attacks by adding more webservers. You can use Content distribution Networks — CDNs Like CloudFlare, Google’s Project Shield, AWS Shield, Akamai to name but a few.

These CDNs not only provide more bandwidth but also diffuse the DDoS’ impact. The attacks are now spread across several locations. This is like the classic Colonel Blotto Game. It boils down to a matter of forcing your opponents to commit more resources. You do this by opening more ‘fronts’ in the battlefield. The CDN is one way to force the DDoS to attack multiple fronts — instead of just one.

Preparation Step 4

Have you considered a paradigm shift? An out of the box solution should consider the power of distributed web. Rather than a single source of web files, think of using a bit torrent like solution, where the web files sit on multitudes of PCs. The CDN killer app is Brave (browser) + IPFS.

You need to quickly identify the source of the problem. Your SNMP Monitoring can quickly zero in on the asset/s being attacked. You need to notify your customers as soon as you notice that they’re being attacked. It’s important that everyone is aware of the potential risk.

Your web and firewall log files come in handy to identify the assets that are impacted. You can use this data to see whether your customers are seeing a difference in service quality. Find out the Who, When, How of the attacks. And then respond accordingly.

Post Mortem

Hold a “Lessons Learned” after the attack and update your incident response playbook. How can your response teams react faster? Got more to add? Please share your thoughts.

 

 

 

National Cyber Drill 2021

REGISTER HERE:

Day 1 (November 24, 2021 ): National Cyber Drill 2021 (Day 1)

Day 2 (November 25, 2021): National Cyber Drill 2021 (Day 2) 

The Department of Information and Communications Technology (DICT)-Cybersecurity Bureau will be conducting the fourth leg of its annual National Cyber Drill Exercise on 24 to 25 November 2021, with the theme, “Cybersecurity Starts with You: Building a CyberSecured Society.”

The conduct of this activity is part of the mandate of the Philippines National Computer Emergency Response Team (CERT-PH) as stated in the DICT Department Circular 003 series of 2020.

Through the CERT-PH initiative, this year’s cyber drill will focus on enhancing public awareness and assessing the public’s perspective on cybersecurity and their capacity to protect themselves from cyber threats and cyberattacks.

CERT-PH believes that a more holistic and inclusive approach in implementing the annual cyber drill is a step forward to creating a more proactive approach in addressing various cybersecurity threats in the country.

The two-day exercise will include a series of activities that will help assess and improve the participating organizations and individuals’ incident response capabilities to mitigate cybersecurity risks.

The first drill, conducted on the first day of the two-day activity, will be open to the public regardless of their age and background. The primary purpose of this activity is to make the public more involved to develop a better understanding of cybersecurity as a public concern.

On the other hand, the second part will cater to individuals and organizations with advanced cybersecurity knowledge. Like the previous years, the drill will also include simulations of cyberattacks and IT security incidents to test the participants’ readiness and capabilities to respond to various risks and threats. 

CERT-PH highlighted that familiarity with the given situations would strengthen each participants’ preparedness in solving issues relating to cybersecurity. This approach will also help them better understand how to handle the incidents in a specific case and be part of the cyber solution.

Participants who wish to be part of the National Cyber Drill  2021 will have to register separately for the two-day event.

Registration is OPEN from November 5 until November 17, 2021
This is a FREE event. E-Certificates will be provided upon completion of the drill.


For inquiries, send us an email to drill.cert-ph@dict.gov.ph

BNS Sponsorship “First Mass: The Butuan Claim Documentary”

We at BNS Hosting  proudly present and grateful to be a sponsor of the documentary “First Mass: The Butuan Claim”.

Summary:
Two sites are claiming the place for the first Easter mass – Butuan and Limasawa Island but we will focus first on the claim of Butuan. I am still with Mr. Greg Hontiveros, a researcher and a writer from Butuan City who accepted our invitation to tell us more about his paper for their claim as the site of Butuan. Currently, Mr. Hontiveros is based in Southern California.

Historia Episode Playlist: (1273) Historia Episode XIII – First Mass: The Butuan Claim Part II – YouTube

#BNSHosting

#ButuanClaim

#FirstMassInThePhilippines

BNS Donates Cisco Routers to Schools and Universities

Benguet State University

International School of Asia and the Pacific