New free infosec course: How To Protect Your Website From Bot Attacks

New free infosec course: How To Protect Your Website From Bot Attacks

Henry Dalziel | Concise Courses, Continuing Professional Education | June 27, 2014

Yes, as many of our loyal community are aware by now – we offer a ton of free information security training courses.

For a list of all our courses click here or here to view our free continuing education (CPU/ CPD) courses.

We are very keen to bring this to your attention because it is simply awesome, titled: How To Protect Your Website From Bot Attacks.

About the Course

How To Protect Your Website From Bot Attacks is a one-hour continuing education course. After successfully completing the course and final exam, you will be awarded a certificate of completion that you can use towards fulfilling your continuing education requirements.

Course Syllabus

  • What is a Botnet?
  • Purposes of a Botnet Case Study
  • The ZeroAccess Botnet
  • ZeroAccess; The Courier Service
  • Click Fraud & Bitcoin Minining
  • Bot Detection Reality Check
  • CAPTCHA’s – Pros & Cons
  • Rate Limiting – Pros & Cons
  • IP Blacklists – Pros & Cons
  • Honeypots – Pros & Cons
  • Hardware & Add-On Modules – Pros & Cons
  • Saas-Based Bot Detection – Pros & Cons
  • The Need For Bot Fingerprinting
  • Saas Provider Solutions – Pros & Cons
  • Saas-Based Bot Mitigation
  • ‘Instant-On’ Bot Detection
  • CDN Capabilities
  • Conclusion

Course Facts
The course does not have any specific requirements at all – in fact – anyone with an interest in bot attacks should take this course – registration is completely free and every student receives a certificate of completion. By taking this course the student will receive one hour of continuing education, (as mentioned) a Certificate of Completion and as a bonus you will also get a “The Bad Bot Landscape Report of 2014.”

What is the target audience?
This course is predominantly aimed at Retail and eCommerce CIO’s, CTO’s and CISO’s – however any professional working within cyber security will find this course beneficial since it has such wide implications.

Brief Summary
For those that are unclear, botnets are networks made up of remote-controlled computers, or “bots.” These computers have been infected with malware that allows them to be remotely controlled. Some botnets consist of hundreds of thousands — or even millions — of computers.

If your computer is part of a botnet, it’s infected with a type of malware. The bot contacts a remote server — or just gets into contact with other nearby bots — and waits for instructions from whoever is controlling the botnet. This allows an attacker to control a large number of computers for malicious purposes.

A botnet has several purposes and can be used for many different purposes, including: distributed denial-of-service (DDoS) attack on a web server, sending spam emails, “click fraud” and even mining Bitcoins.

Botnets can also just be used to distribute other malware — the bot software essentially functions as a Trojan, downloading other nasty stuff onto your computer after it gets in. The people in charge of a botnet might direct the computers to download additional malware, such as keyloggers, adware, and even nasty ransomware like CryptoLocker.

Case Study: The ZeroAccess botnet
As a way of a teaser into this free continuing education course, here is a case study: The ZeroAccess botnet

The ZeroAccess botnet is one of the largest known botnets in existence today with a population upwards of 1.9 million computers, on any given day.

A key feature of the ZeroAccess botnet is its use of a peer-to-peer (P2P) command-and-control (C&C) communications architecture, which gives the botnet a high degree of availability and redundancy.

Since no central C&C server exists, you cannot simply disable a set of attack servers to neuter the botnet. Whenever a computer becomes infected with ZeroAccess, it first reaches out to a number of its peers to exchange details about other peers in its known P2P network.

This way, bots become aware of other peers and can propagate instructions and files throughout the network quickly and efficiently. In the ZeroAccess botnet, there is constant communication between peers. Each peer continuously connects with other peers to exchange peer lists and check for updated files, making it highly resistant to any take-down attempts.

About the course author: Rami Essaid
Rami Essaid is CEO of Distil Networks and a bot attack expert! With over 10 years in communications, network security and infrastructure management, Rami has advised enterprise companies around the world, helping them embrace the cloud to scale their businesses and brands.

In Summary
Get involved! This course is free – it’s awesome – and you will learn a ton of useful information and knowledge that will help you with your career in cyber security! Here’s the link: How To Protect Your Website From Bot Attacks.

If you took this course let us know if you enjoyed it and above all – learned something from it!

Leave a comment or reply below...thanks!