Category Archives: Future Threats

The Novel Use of TCP RST to Nullify Malicious Traffic On Networks As An Intermediate Step In Threat Prevention And Detection

Leave a reply

Introduction

In the ever-evolving landscape of network security, the ability to quickly and effectively mitigate threats is paramount. Traditional intrusion detection and prevention systems (IDPS) are essential tools, but there remains a need for innovative solutions that can act as an intermediary step in threat detection and prevention. This article explores a novel approach: utilizing TCP RST packets to nullify malicious traffic on networks.

The proposed solution involves a pseudo IDPS-like device that leverages a database of TCP/UDP payload, header, and source IP signatures to identify malicious traffic on an internal network. By utilizing the libpcap library, this device operates in promiscuous mode, connected to a supervisor port on a core switch. Upon detecting a signature, the device sends TCP RST packets to both the source and destination, masking its MAC address to conceal its presence as a threat prevention device. This immediate response prevents communication between malicious hosts and vulnerable devices, buying crucial time for system administrators to address the threat.

This approach offers a novel method of using TCP RST packets not just to disrupt unwanted connections, but as a proactive measure in network security. By exploring the technical implementation, potential challenges, and future advancements in machine learning integration, this article aims to educate network security administrators and CISOs while also seeking support for further development of this innovative concept.

Understanding TCP RST Packets

Definition and Function of TCP RST Packets

TCP Reset (RST) packets are a fundamental part of the Transmission Control Protocol (TCP). They are used to abruptly terminate a TCP connection, signaling that the connection should be immediately closed. Typically, a TCP RST packet is sent when a system receives a TCP segment that it cannot associate with an existing connection, indicating an error or unexpected event.

In standard network operations, TCP RST packets play several roles:

  • Error Handling: Informing the sender that a port is closed or that the data cannot be processed.
  • Connection Teardown: Quickly closing connections in certain situations, such as when a server is under heavy load.
  • Security Measures: Preventing unauthorized access by terminating suspicious connections.

Novel Use in Threat Prevention

While TCP RST packets are traditionally used for error handling and connection management, they can also serve as an effective tool in threat prevention. By strategically sending TCP RST packets, a device can disrupt communication between malicious actors and their targets on a network. This method provides an immediate response to detected threats, allowing time for more comprehensive security measures to be enacted.

In the context of our proposed network sentry device, TCP RST packets serve as a rapid intervention mechanism. Upon detecting a signature of malicious traffic, the device sends TCP RST packets to both the source and destination of the connection. This action not only halts the malicious activity but also obscures the presence of the sentry device by modifying packet headers to match the original communication endpoints.

Conceptualizing the Network Sentry Device

Overview of the Pseudo IDPS Concept

The pseudo IDPS device operates as an intermediary threat prevention tool within a network. It functions by continuously monitoring network traffic for signatures of known malicious activity. Leveraging the libpcap library, the device is placed in promiscuous mode, allowing it to capture and analyze all network packets passing through the supervisor port of a core switch.

How the Device Operates Within a Network

  1. Traffic Monitoring: The device captures all network traffic in real-time.
  2. Signature Detection: It analyzes the captured traffic against a database of signatures, including TCP/UDP payloads, headers, and source IP addresses.
  3. Threat Response: Upon detecting a malicious signature, the device immediately sends TCP RST packets to both the source and destination, terminating the connection.
  4. MAC Address Masking: To conceal its presence, the device modifies the TCP RST packets to use the MAC addresses of the original communication endpoints.
  5. Alerting Administrators: The device alerts system administrators to the detected threat, providing them with the information needed to address the issue.

This approach ensures that malicious communication is promptly disrupted, reducing the risk of data theft, remote code execution exploits, and other network attacks.

The Role of the libpcap Library

The libpcap library is an essential component of the network sentry device. It provides the functionality needed to capture and analyze network packets in real-time. By placing the device in promiscuous mode, libpcap allows it to monitor all network traffic passing through the supervisor port, ensuring comprehensive threat detection.

Technical Implementation

The technical implementation of the network sentry device involves several key steps: placing the device in promiscuous mode, detecting malicious traffic using signatures, sending TCP RST packets to both the source and destination, and masking the MAC addresses to conceal the device. This section will provide detailed explanations and example Python code for each step.

Placing the Device in Promiscuous Mode

To monitor all network traffic, the device must be placed in promiscuous mode. This mode allows the device to capture all packets on the network segment, regardless of their destination.

Example Code: Placing the Device in Promiscuous Mode

Using the pypcap library in Python, we can place the device in promiscuous mode and capture packets:

import pcap

# Open a network device for capturing
device = 'eth0'  # Replace with your network interface
pcap_obj = pcap.pcap(device)

# Set the device to promiscuous mode
pcap_obj.setfilter('')

# Function to process captured packets
def packet_handler(pktlen, data, timestamp):
    if not data:
        return
    # Process the captured packet (example)
    print(f'Packet: {data}')

# Capture packets in an infinite loop
pcap_obj.loop(0, packet_handler)

In this example, eth0 is the network interface to be monitored. The pcap.pcap object opens the device, and setfilter('') sets it to promiscuous mode. The packet_handler function processes captured packets, which can be further analyzed for malicious signatures.

Signature-Based Detection of Malicious Traffic

To detect malicious traffic, we need a database of signatures that include TCP/UDP payloads, headers, and source IP addresses. When a packet matches a signature, it is considered malicious.

Example Code: Detecting Malicious Traffic

import struct

# Sample signature database (simplified)
signatures = {
    'malicious_payload': b'\x90\x90\x90',  # Example payload signature
    'malicious_ip': '192.168.1.100',       # Example source IP signature
}

def check_signature(data):
    # Check for malicious payload
    if signatures['malicious_payload'] in data:
        return True

    # Extract source IP address from IP header
    ip_header = data[14:34]
    src_ip = struct.unpack('!4s', ip_header[12:16])[0]
    src_ip_str = '.'.join(map(str, src_ip))

    # Check for malicious IP address
    if src_ip_str == signatures['malicious_ip']:
        return True

    return False

# Modified packet_handler function
def packet_handler(pktlen, data, timestamp):
    if not data:
        return
    if check_signature(data):
        print(f'Malicious packet detected: {data}')
        # Further action (e.g., send TCP RST) will be taken here

pcap_obj.loop(0, packet_handler)

This example checks for a specific payload and source IP address. The check_signature function analyzes the packet data to determine if it matches any known malicious signatures.

Sending TCP RST Packets

When a malicious packet is detected, the device sends TCP RST packets to both the source and destination to terminate the connection.

Example Code: Sending TCP RST Packets

To send TCP RST packets, we can use the scapy library in Python:

from scapy.all import *

def send_rst(src_ip, dst_ip, src_port, dst_port):
    ip_layer = IP(src=src_ip, dst=dst_ip)
    tcp_layer = TCP(sport=src_port, dport=dst_port, flags='R')
    rst_packet = ip_layer/tcp_layer
    send(rst_packet, verbose=False)

# Example usage
send_rst('192.168.1.100', '192.168.1.200', 12345, 80)
send_rst('192.168.1.200', '192.168.1.100', 80, 12345)

In this example, send_rst constructs and sends a TCP RST packet using the source and destination IP addresses and ports. The flags='R' parameter sets the TCP flag to RST.

Masking the MAC Address to Conceal the Device

To conceal the device’s presence, we modify the MAC address in the TCP RST packets to match the original communication endpoints.

Example Code: Masking the MAC Address

def send_masked_rst(src_ip, dst_ip, src_port, dst_port, src_mac, dst_mac):
    ip_layer = IP(src=src_ip, dst=dst_ip)
    tcp_layer = TCP(sport=src_port, dport=dst_port, flags='R')
    ether_layer = Ether(src=src_mac, dst=dst_mac)
    rst_packet = ether_layer/ip_layer/tcp_layer
    sendp(rst_packet, verbose=False)

# Example usage with masked MAC addresses
send_masked_rst('192.168.1.100', '192.168

.1.200', 12345, 80, '00:11:22:33:44:55', '66:77:88:99:aa:bb')
send_masked_rst('192.168.1.200', '192.168.1.100', 80, 12345, '66:77:88:99:aa:bb', '00:11:22:33:44:55')

In this example, send_masked_rst constructs and sends a TCP RST packet with the specified MAC addresses. The Ether layer from the scapy library is used to set the source and destination MAC addresses.

Advanced Features and Machine Learning Integration

To enhance the capabilities of the network sentry device, we can integrate machine learning (ML) and artificial intelligence (AI) to dynamically learn and adapt to network behavior. This section will discuss the potential for ML integration and provide an example of how ML models can be used to detect anomalies.

Using ML and AI to Enhance the Device

By incorporating ML algorithms, the device can learn the normal patterns of network traffic and identify deviations that may indicate malicious activity. This approach allows for the detection of previously unknown threats and reduces reliance on static signature databases.

Example Code: Integrating ML for Anomaly Detection

Using the scikit-learn library in Python, we can train a simple ML model to detect anomalies:

from sklearn.ensemble import IsolationForest
import numpy as np

# Generate sample training data (normal network traffic)
training_data = np.random.rand(1000, 10)  # Example data

# Train an Isolation Forest model
model = IsolationForest(contamination=0.01)
model.fit(training_data)

def detect_anomaly(data):
    # Convert packet data to feature vector (example)
    feature_vector = np.random.rand(1, 10)  # Example feature extraction
    prediction = model.predict(feature_vector)
    return prediction[0] == -1

# Modified packet_handler function with anomaly detection
def packet_handler(pktlen, data, timestamp):
    if not data:
        return
    if check_signature(data) or detect_anomaly(data):
        print(f'Malicious packet detected: {data}')
        # Further action (e.g., send TCP RST) will be taken here

pcap_obj.loop(0, packet_handler)

In this example, an Isolation Forest model is trained on normal network traffic data. The detect_anomaly function uses the trained model to predict whether a packet is anomalous. This method enhances the detection capabilities of the device by identifying unusual patterns in network traffic.

Caveats and Challenges

The implementation of a network sentry device using TCP RST packets for intermediate threat prevention is a novel concept with significant potential. However, it comes with its own set of challenges that need to be addressed to ensure effective and reliable operation. Here, we delve deeper into the specific challenges faced and the strategies to mitigate them.

1. Developing and Maintaining a Signature Database

Challenge: The creation and upkeep of an extensive database of malicious signatures is a fundamental requirement for the device’s functionality. This database must include various types of signatures, such as specific TCP/UDP payload patterns, header anomalies, and source IP addresses known for malicious activity. Given the dynamic nature of cyber threats, this database requires constant updating to include new and emerging threats.

Details:

  • Volume of Data: The sheer volume of network traffic and the diversity of potential threats necessitate a large and diverse signature database.
  • Dynamic Threat Landscape: New vulnerabilities and attack vectors are continually being discovered, requiring frequent updates to the database.
  • Resource Intensive: The process of analyzing new malware samples, creating signatures, and validating them is resource-intensive, requiring specialized skills and significant time investment.

Mitigation Strategies:

  • Automation: Employing automation tools to streamline the process of malware analysis and signature creation can help manage the workload.
  • Threat Intelligence Feeds: Integrating third-party threat intelligence feeds can provide real-time updates on new threats, aiding in the rapid update of the signature database.
  • Community Collaboration: Leveraging a collaborative approach with other organizations and security communities can help share insights and signatures, enhancing the comprehensiveness of the database.
  • Use-Once Analysis: Implement a use-once strategy for traffic analysis. By utilizing short-term memory to analyze packets and discarding them once analyzed, storage needs are significantly reduced. Only “curious” traffic that meets specific criteria should be stored for further human examination. This approach minimizes the volume of packets needing long-term storage and focuses resources on potentially significant threats.

2. Potential Issues and Limitations

Challenge: The deployment of the network sentry device may encounter several issues and limitations, such as false positives, evasion techniques by attackers, and the handling of encrypted traffic.

Details:

  • False Positives: Incorrectly identifying legitimate traffic as malicious can disrupt normal network operations, leading to potential downtime and user frustration.
  • Evasion Techniques: Sophisticated attackers may use techniques such as encryption, polymorphic payloads, and traffic obfuscation to evade detection.
  • Encrypted Traffic: With the increasing adoption of encryption protocols like TLS, analyzing payloads for signatures becomes challenging, limiting the device’s ability to detect certain types of malicious traffic.

Mitigation Strategies:

  • Machine Learning Integration: Implementing machine learning models for anomaly detection can complement signature-based detection and reduce false positives by learning the normal behavior of network traffic.
  • Deep Packet Inspection (DPI): Utilizing DPI techniques, where legally and technically feasible, can help analyze encrypted traffic by inspecting packet headers and metadata.
  • Heuristic Analysis: Incorporating heuristic analysis methods to identify suspicious behavior patterns that may indicate malicious activity, even if the payload is encrypted or obfuscated.

3. Scalability and Performance

Challenge: Ensuring that the network sentry device can handle high volumes of traffic without introducing latency or performance bottlenecks is crucial for its successful deployment in large-scale networks.

Details:

  • High Traffic Volumes: Enterprise networks can generate immense amounts of data, and the device must process this data in real-time to be effective.
  • Performance Overhead: The additional processing required for capturing, analyzing, and responding to network traffic can introduce latency and affect network performance.

Mitigation Strategies:

  • Efficient Algorithms: Developing and implementing highly efficient algorithms for traffic analysis and signature matching can minimize processing overhead.
  • Hardware Acceleration: Utilizing hardware acceleration technologies such as FPGA (Field-Programmable Gate Arrays) or specialized network processing units (NPUs) can enhance the device’s processing capabilities.
  • Distributed Deployment: Deploying multiple devices across different network segments can distribute the load and improve overall performance and scalability.

4. Privacy and Legal Considerations

Challenge: The deployment of a network sentry device must comply with privacy laws and regulations, ensuring that the monitoring and analysis of network traffic do not infringe on user privacy rights.

Details:

  • Data Privacy: Monitoring network traffic involves capturing potentially sensitive data, raising concerns about user privacy.
  • Regulatory Compliance: Organizations must ensure that their use of network monitoring tools complies with relevant laws and regulations, such as GDPR, HIPAA, and CCPA.

Mitigation Strategies:

  • Anonymization Techniques: Implementing data anonymization techniques to strip personally identifiable information (PII) from captured packets can help protect user privacy.
  • Legal Consultation: Consulting with legal experts to ensure that the deployment and operation of the device comply with applicable laws and regulations.
  • Transparency: Maintaining transparency with network users about the use of monitoring tools and the measures taken to protect their privacy.

Conclusion

The novel use of TCP RST packets to nullify malicious traffic on networks presents a promising approach to intermediate threat prevention. By leveraging a pseudo IDPS-like device that utilizes the libpcap library, network security administrators can effectively disrupt malicious communication and protect their networks.

The integration of machine learning further enhances the capabilities of this device, enabling it to adapt to new threats and proactively prevent attacks. While there are challenges in developing and maintaining such a system, the potential benefits in terms of improved network security and reduced risk make it a worthwhile endeavor.

I invite potential financial backers, CISOs, and security administrators to support the development of this innovative solution. Together, we can enhance network security and protect critical infrastructure from evolving threats.

John

Future Challenges of Network Peering with Proxy Service Providers in the Age of DDoS and Other Forms of Mass Service Disruption Attacks

Leave a reply

Introduction

In the ever-evolving landscape of network security, the rise of Distributed Denial of Service (DDoS) attacks and other forms of mass service disruption attacks have become significant concerns for network security and infrastructure administrators. These malicious activities not only disrupt services but also pose severe threats to the integrity and availability of networks. One of the key strategies to mitigate these threats is the use of proxy service providers through network peering. This article aims to provide an in-depth understanding of the future challenges associated with network peering and proxy services in combating DDoS and other similar attacks. It will cover the background, key players, types of proxies, the nature of DDoS attacks, considerations for choosing proxy providers, and strategies to prepare network infrastructure for effective peering.

Background

The Evolution of Network Security

Network security has come a long way since the early days of the internet. Initially, security measures focused primarily on firewalls and antivirus software to protect against relatively simple threats. However, as the internet grew, so did the complexity and sophistication of cyber threats. Today, network security encompasses a broad range of technologies and practices designed to protect data integrity, confidentiality, and availability.

Rise of DDoS and Mass Service Disruption Attacks

Distributed Denial of Service (DDoS) attacks have emerged as one of the most pervasive and damaging types of cyber threats. These attacks involve overwhelming a network or service with a flood of traffic, rendering it unavailable to legitimate users. The motivations behind DDoS attacks can vary, including political activism, financial gain, or simply causing disruption for amusement. With the advent of botnets and IoT devices, the scale and impact of DDoS attacks have escalated dramatically.

Importance of Proxy Services in Network Security

Proxy services have become crucial in the fight against DDoS and other attacks. By acting as intermediaries between clients and servers, proxies can filter traffic, mask IP addresses, and distribute loads to mitigate the impact of malicious activities. Network peering, which involves direct interconnections between networks, further enhances the effectiveness of proxy services by improving traffic flow and reducing latency.

Key Players in the Domain

Major Proxy Service Providers

  1. Cloudflare
  • Overview: Cloudflare is a leading provider of CDN, DDoS mitigation, and internet security services.
  • Services: Web application firewall, DDoS protection, global load balancing.
  • Notable Clients: Zendesk, Discord, Medium.
  1. Akamai
  • Overview: Akamai offers a comprehensive suite of services for securing and accelerating content delivery.
  • Services: DDoS mitigation, application security, cloud security.
  • Notable Clients: Adobe, Airbnb, BMW.
  1. Fastly
  • Overview: Fastly provides an edge cloud platform that includes content delivery, security, and edge computing services.
  • Services: Real-time content delivery, DDoS protection, web application firewall.
  • Notable Clients: Shopify, Slack, Spotify.
  1. Imperva
  • Overview: Imperva specializes in data security and provides solutions for protecting web applications and databases.
  • Services: DDoS protection, application security, data security.
  • Notable Clients: Allianz, ING, GE.
  1. StackPath
  • Overview: StackPath offers edge computing, CDN, and security services designed to optimize performance and security.
  • Services: DDoS mitigation, secure CDN, web application firewall.
  • Notable Clients: FuboTV, TechCrunch, IBM.

Emerging Proxy Service Providers

  1. QUIC.cloud
  • Overview: A relatively new player focusing on providing CDN and security services leveraging the QUIC protocol.
  • Services: DDoS protection, CDN services, application acceleration.
  • Notable Clients: Smaller enterprises and startups.
  1. G-Core Labs
  • Overview: G-Core Labs offers global cloud and edge services, including robust security solutions.
  • Services: DDoS protection, content delivery, cloud infrastructure.
  • Notable Clients: Wargaming, Avast, UNICEF.

Key Proxy Types

Forward Proxies

  • Functionality: Forward proxies act on behalf of clients, forwarding their requests to servers. They are typically used for controlling and monitoring outbound traffic.
  • Use Cases: Content filtering, anonymity, access control.
  • Challenges: Scalability and latency issues, especially under high traffic loads.

Reverse Proxies

  • Functionality: Reverse proxies sit in front of web servers, handling incoming client requests. They help balance load, cache content, and protect against DDoS attacks.
  • Use Cases: Load balancing, DDoS mitigation, SSL termination.
  • Challenges: Configuration complexity, potential single point of failure.

Transparent Proxies

  • Functionality: Transparent proxies intercept requests between client and server without requiring any client-side configuration.
  • Use Cases: Caching, content filtering, monitoring.
  • Challenges: Privacy concerns, potential impact on network performance.

Anonymous Proxies

  • Functionality: Anonymous proxies hide the client’s IP address from the server, providing a level of anonymity.
  • Use Cases: Privacy protection, bypassing geo-restrictions.
  • Challenges: Trust issues, possible misuse for malicious activities.

High Anonymity (Elite) Proxies

  • Functionality: These proxies provide the highest level of anonymity by not identifying themselves as proxies and not passing along the client’s IP address.
  • Use Cases: Enhanced privacy, secure browsing.
  • Challenges: Higher cost, potential slower speeds due to added layers of security.

Key DDoS Attacks and Future Attack Vectors

Common Types of DDoS Attacks

  1. Volume-Based Attacks
  • Description: These attacks flood the network with massive amounts of traffic, overwhelming bandwidth.
  • Examples: UDP floods, ICMP floods.
  • Mitigation: Rate limiting, blackholing, traffic filtering.
  1. Protocol Attacks
  • Description: These attacks exploit weaknesses in network protocols to exhaust resources.
  • Examples: SYN floods, Ping of Death, Smurf DDoS.
  • Mitigation: Stateful inspection, SYN cookies, protocol hardening.
  1. Application Layer Attacks
  • Description: These attacks target specific applications to exhaust server resources.
  • Examples: HTTP floods, Slowloris.
  • Mitigation: Web application firewalls, rate limiting, behavior analysis.

Emerging and Future Attack Vectors

  1. IoT-Based DDoS Attacks
  • Description: Leveraging the growing number of IoT devices to create massive botnets.
  • Examples: Mirai botnet.
  • Mitigation: IoT security best practices, network segmentation.
  1. Artificial Intelligence (AI)-Driven Attacks
  • Description: Using AI to adapt attack strategies in real-time, making mitigation more challenging.
  • Examples: AI-driven botnets, automated phishing.
  • Mitigation: AI-driven defense mechanisms, continuous monitoring.
  1. Multi-Vector Attacks
  • Description: Combining multiple attack types to overwhelm defenses.
  • Examples: Simultaneous volumetric and application layer attacks.
  • Mitigation: Comprehensive defense strategies, multi-layer security.
  1. Cryptocurrency-Driven Attacks
  • Description: Attacks motivated by financial gain through ransom demands or cryptojacking.
  • Examples: Ransom DDoS, cryptomining malware.
  • Mitigation: Robust incident response plans, anti-malware solutions.

Considerations When Choosing a Proxy Provider

Security Features

  • DDoS Mitigation: Ensure the provider offers comprehensive DDoS protection with real-time threat detection and mitigation capabilities.
  • Encryption: Look for end-to-end encryption to protect data integrity and confidentiality.
  • Firewall Capabilities: A robust web application firewall (WAF) is essential for filtering malicious traffic.

Performance and Reliability

  • Latency: Choose providers with low latency to ensure optimal performance.
  • Uptime: High uptime guarantees are crucial for maintaining service availability.
  • Global Presence: Providers with a wide geographic distribution of servers can deliver better performance and reliability.

Scalability

  • Elasticity: The provider should offer scalable solutions that can handle varying traffic loads without degradation in performance.
  • Capacity Planning: Assess the provider’s ability to handle sudden spikes in traffic, especially during DDoS attacks.

Cost and Pricing Models

  • Transparent Pricing: Ensure the pricing structure is clear and transparent, with no hidden fees.
  • Cost-Effectiveness: Evaluate the cost-benefit ratio of the services provided.
  • Flexible Plans: Look for providers that offer flexible plans tailored to different business needs.

Customer Support

  • 24/7 Support: Round-the-clock customer support is vital for addressing issues promptly.
  • Expertise: Ensure the support team has the necessary expertise to handle complex security incidents.
  • Response Time: Quick response times can significantly reduce downtime during attacks.

Preparing Network Infrastructure for Proxy Provider Utilization

Assessing Network Requirements

  • Traffic Analysis: Conduct a thorough analysis of your network traffic to understand normal patterns and potential vulnerabilities.
  • Capacity Planning: Determine the required capacity to handle peak loads and potential attack traffic.

Implementing Redundancy

  • Multiple Providers: Consider using multiple proxy providers to ensure redundancy and avoid a single point of failure.
  • Geographic Redundancy: Distribute resources across different geographic locations to enhance resilience.

Configuring Firewalls and Routers

  • Access Control: Implement strict access control policies to limit exposure to potential threats.
  • Traffic Filtering: Configure firewalls and routers to filter out malicious traffic before it reaches your network.

Regular Security Audits

  • Vulnerability Assessments: Regularly assess your network for vulnerabilities and address any weaknesses.
  • Penetration Testing: Conduct penetration testing to simulate attacks and evaluate the effectiveness of your defenses.

Training and Awareness

  • Staff Training: Ensure your IT staff is well-trained in the latest security practices and technologies.
  • Incident Response Plans: Develop and regularly update incident response plans to handle potential security breaches.

Continuous Monitoring

  • Real-Time Monitoring: Implement real-time monitoring tools to detect and respond to threats promptly.
  • Threat Intelligence: Utilize threat intelligence services to stay informed about emerging threats and attack vectors.

Conclusion

As the threat landscape continues to evolve, network security administrators must stay ahead of the curve by leveraging advanced technologies and strategies. Proxy service providers play a crucial role in defending against DDoS and other forms of mass service disruption attacks. By understanding the key players, types of proxies, nature of attacks, and considerations for choosing providers, administrators can better prepare their network infrastructure to withstand and repel future threats. Continuous vigilance, regular security audits, and proactive measures will be essential in maintaining the integrity and availability of network services in the face of ever-increasing cyber threats.

John