The most severe category includes the attacks that are close to exhausting resources on my defensive perimeter. These are typically either DNS connection attempts trying to overwhelm my DNS server, or large amounts of regular network packets trying to flood my network, or excessive SSL connections to my Web servers. Fortunately, none of these have yet been successful, partially due to the fact that my Internet service provider filters out a lot of bad traffic before it gets to me.
The reason I split things into these three categories is so I can better manage the information I'm looking at. For now, I don't need to look at events in the first category, since they don't represent an immediate threat. The second category can also be ignored for now, although I want to keep an eye on things that may escalate into the third category. That's the one I want to look at more closely. I'll be keeping an eye on these "level three" events to make sure they don't threaten to escalate into an actual breach, either by exploiting services through the firewall or by exhausting resources on my firewall, network or systems.
It's also interesting to look at where these attacks are coming from. In the level three category, the No. 2 source of attacks is China. There's been a lot of talk lately about Chinese hackers, and I'm seeing some evidence of that. The No. 3 source is the Netherlands, which I can't explain other than the fact that a lot of computer talent, as well as exploits, come from there. The next source is Ukraine, which probably shouldn't surprise me given the current political climate. South Korea, the Russian Federation, India, Taiwan, France and Brazil are next in line, knocking on my door.
Who is No. 1? The U.S. I don't think we'll be bragging about that ranking anytime soon.
This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons.
Sign up for CIO Asia eNewsletters.