Hostile Attacks: In recent months more and more web site owners and content publishers have seen their sites coming under attack by hostile individuals and organizations and are actively seeking an effective defense. Microsoft itself came under attack after a widely publicized failure of its DNS system, and not for the first time. Attacks are common not only against large commercial sites, but also against government and university sites. For commercial reasons not all of them are reported, but any regular visitor to the relevant forums and newsgroups knows how many take place.
So what is a DoS attack? It's like a crowd in a stadium panicking and trying to get out through one gate. Because of the crush the gate clogs up and very few succeed in getting through. Even if the gate is wide, the number getting through is small compared to the number that could pass if there was more order and less jostling and pushing. This is what happens on the Internet during a Denial of Service attack. It can also happen naturally, as when Valentines Day 2001 saw the major greeting card sites, Hallmark, American Greetings and eGreetings experience downtime as star-struck surfers stormed the servers. An earlier example was during the Far East stock market crash in late 90's, when investors rushing to unload their stock found the brokerage sites blocked and down for hours because of the huge surge. Many of us would like to think that the firewall will take care of all this, but unfortunately it doesn't, so first of all let's try and see how an attack on a protected site takes place.
New Types of Attack: A firewall is supposed to protect a site from unauthorized entry. But for this to happen, the unauthorized entrant (in this case, the HTTP request) has to arrive at the firewall, be challenged, and then rejected and flung out into cyberspace. A huge number arriving floods the entrance to the firewall, clogging up the available bandwidth and leaving no room for authorized traffic. The attacking program has no interest in getting to the content of the site, its only aim is to cause disruption by swamping the firewall with meaningless but properly "GET" structured packets that have to be accepted. When the crowd around the door is so great, even the one with the key can't get close to open it. On the face of it, protection against DoS attack seems impossible. Every time an attack like this is made and after the damage has already been done, the FBI swings into action to find the culprits. If the motives were criminal and the attack was carried out from only one or two machines, the source can be found and the perpetrators traced. The problem is that because of the inability to actually prevent the attacks, the incentive to carry them out is great. In the meantime, attacks have become more and more sophisticated. There is the story of the mystery attacker who placed a small program on a number of vulnerable computers available through the Internet, and on a certain day activated it from a computer in an Internet caf? and disappeared. The program, remotely triggered and operating in parallel from a large number of unsuspecting "zombie" machines, caused enormous damage to the victim companies (Yahoo and Amazon). This all went completely unnoticed by the owners of the computers, themselves unwitting accomplices to the crime who ended up being investigated by the authorities without knowing why. This type of attack is called a "Distributed Denial of Service" (DDoS).
The Firewall doesn't help: Many participants in the various security forums still make the mistake of trying to classify Internet DoS attacks under the earlier and well-known categories of "intruding behavior" such as SYN flood, ACK flood, ICMP flood, UDP flood etc. These attacks take the form of a flood of identical packets which can be easily traced and eliminated by a "sensor" or a dumb firewall. The real nuisance is the fake GET flood. This new type of attack floods the server with apparently real GET requests, which are repeated in rapid succession without waiting for a response. The firewall, which usually does a good job of keeping out unauthorized requests (as configured in advance during set-up), cannot tell whether the requests are real or fake as the attack source IP is constantly changing. Its operation is similar to a gatekeeper at a stadium whose job is to allow entry only to ticket-holders. It does a good job at allowing them through if they arrive at a steady rate but is useless if too many arrive together or if more tickets have been sold than there are seats (GET Flood attack). Even those with tickets will be unable able to gain entry. This is more or less what happens during overload or a DDOS attack, first the gateway becomes congested and then completely blocked, leaving everybody outside. Some of the recent studies of the problem have suggested installing "sensors" at the ISP, paid for by the site owners but positioned at the gateway to the routers. This moves the problem but doesn't solve it, because during an attack the pressure on the firewall leads to the same Denial of Service result (for reasons which won't be gone into here).
The Great Wall of China: The only effective response to DoS attacks is to create a "security zone" by building a protective wall at a distance from the site. If we return to the crowd metaphor, we could say that this is similar to a crowd forcing its way through a breach in the Great Wall of China. The crowd might plug up that particular entrance to China but none of the Chinese would notice and there would be anyway a number of alternative points of entry into the country.
Global Network: Geographical dispersion of servers isn't a solution and if your servers get clobbered then buying more of them won't solve the problem as there is no way to hide the pipeline access. In any event, the load balancer will simply distribute the attack to all the servers as the attack source IP is constantly changing. The defense network solution creates a protective buffer zone, a "global firewall", around the subscriber site servers. The request routing system is capable of identifying the flood of legal but meaningless packets arising from the distributed attack and neutralizing them. New defense network architecture has been designed and programmed to isolate the temporary bottleneck in one unit and continue with the operation of the other accelerators in the defense system. The transparency of the defense hardware allows it to masquerade as the real site and divert the users requests from the real server, which then accepts requests only from the accelerators. The site administrators are then free to increase security by frequent changes of the IP address, an ineffective measure today because of the time required to update the Domain Name servers with a resultant ten-fold increase in response speed compared to normal operation.. A further benefit is the ability to limit access to the site servers to the accelerators alone, allowing site managers to make the HTTP and FTP services available through some other anonymous ports only. The large number of accelerators deployed around the world acts as a secure barrier to attacks on subscriber sites, which have no need to invest in extra equipment. The service allows free access and improved response times to users accessing the content through the defense hardware closest to them. The system architecture, based on proprietary hardware, is a true technological breakthrough, enabling simultaneous access by tens of millions of users to millions of sites.
Author: Michael (Micha) Shafir Direct: +972 544 837900 Mail@MichaShafir.com
Standing firm by the side of the organization that many of us know as Freemasonry, is a woman's auxiliary which was founded in 1868 known as the Order of the Eastern Star. It is the largest Fraternal Organization in the world. Also known as the ?Star?, OES is only open to women with specific Masonic affiliation and men who are Master Masons. By tradition, the Master Mason, also known as the Worthy Patron and an Associate Patron must be present at all of the Star meetings. If that is not the case, all of the offices are held by women. Anyone who expresses a desire to become a part of OES must be of good moral character, believe in a Supreme Being, and be at least 18 years of age. They must also believe in the laws of the United States, be willing to take on the obligation of the OES, Participate in the Ceremony of Initiation, be free of mental illness, free of any convicted felonies, and be a resident of the United States. Answers to question such as ?what is the basis of the Order of Eastern Star??, ?What are its goals and purpose?? ?Does it interfere with religion?? Or ?is it considered a secret society?? are only a few of many that may still sometimes leave the overall essence of the organization questionable.
It is explained that OES's goal and purpose is to provide an organization where women and men with high moral and social character can contribute their time, energy and wisdom to their Order with Charity, Truth and Kindness and Love for the good of all mankind throughout the world. Their meetings open up with the singing of Hyms and the waving of rods and banners. In a ritually tedious routine, the officers announce their stations and functions; following is the introduction and honoring of the Grand Chapter Officers. The remainder of the meetings operates like that of any club, mentioning members that are ill, initiating new members, and regular business transactions. Upon closing, there is another ceremonial routing, followed by social hour.
The Star is in general observed by the women of OES as a fine Christian institution within Masonry, but contrary to that, it is clearly explained at the start to those interested in becoming members that ?While this is an Order composed of people of deep spiritual convictions, it is open to all faiths, except no faith?. Does this not include non-Christians? For some, this is enough to raise an eyebrow but it gets better. The motto of the chapter which directly from the Bible quotes, ?We have seen his star in the east, and are come to worship him'" (Matthew 2:2). But anyone who understands the way cults work will know that tactics and strategies are purposely used to play upon and manipulate the interpretation of words. Well known Bible verses and words such as ?Jesus? that have common meanings are often used and are deliberately disguised, leaving their members in the dark about it containing a second underlying meaning.
It was read somewhere before that OES uses satanic symbolism, which is in fact the same five point star enclosed within a circle. This alone should make it worth searching for another layer or meaning. It was also bought to my attention that the A.V. 1611(Authorized Version of King James) does not use the words ?eastern star?. Instead it is phrased ?star in the east?, which has a very different meaning in occultism. It actually refers to ?Sirus?, which is the star most significant in Satanism and most sacred to the god, Set. Set was the evil Egyptian god who killed Osiris and is possibly the oldest form of Satan. The most chilling part of this all is, The Eastern Star is known as the star of SET.
It is sad to presume that most women who belong to this organization believe in their heart and souls that they are worshiping Jesus, all the while kneeling around the satanic pentagram. Clearly, there are deceitful word games being played. The core of this all has nothing to do with Jesus? star, but everything to do with the star or set. This breaks down the most important and well disguised point that Satan is the accredited god of Masonry and sadly, has all of these affiliated people blindly worshiping him.
Now, going back to all of the questions about OES that to some people seemed to remain inadequately answered, this may be the very reason why. This could be a tremendous lesson to anyone with a habit of making drastic decisions without thoroughly checking the facts first. There is one thing that they surely did not lie about which is being a secret society. Of course they would not want to make it any harder for them to get more people involved in the organization. In fact, the chief function of a Star chapter is to make more members. Everything else is inferior to that.
Both Michael (micha) Shafir & Siobhan Gamble are contributors for EditorialToday. The above articles have been edited for relevancy and timeliness. All write-ups, reviews, tips and guides published by EditorialToday.com and its partners or affiliates are for informational purposes only. They should not be used for any legal or any other type of advice. We do not endorse any author, contributor, writer or article posted by our team.
Michael (micha) Shafir has sinced written about articles on various topics from Online Security. Michael (Micha) Shafir – CTO, Inventor, seasoned entrepreneur (RadWare, MagniFire, PonsEye, PonsHoldings - Technology Greenhouse, CrossID, Innovya) Email: