Week 2 Reading and In The News
My takeaway from Chapter 2 – Enterprise Data Center Topology: It seems that a good network architecture structurally decomposes incoming and outgoing traffic into n-tier functional service areas (i.e. client facing web tier, application tier, and database tier) to enable matching the placement of appropriate traffic-oriented defense mechanisms to the risk. It is interesting to learn that load balancers can be equipped to serve as better DoS defense mechanisms than firewalls.
Question: Do the specialized defense mechanisms of individual CISCO appliances clearly reflect unique functions and complementary capabilities, or do they have both unique and overlapping capabilities that make understanding how to best combine them more of an alchemy and art than an engineering discipline and science?
In The News
New analysis method discovers eleven security flaws in popular Internet browsers – August 14, 2015, Homeland Security News Wire (http://www.homelandsecuritynewswire.com/dr20150814-new-analysis-method-discovers-eleven-security-flaws-in-popular-internet-browsers) Facebook and USENIX awarded the second ever $100,000 Internet Defense Prize to researchers at Georgia Institute of Technology’s College of Computing for their techniques and tool that discovers security vulnerabilities in C++ data structure management functions used in popular web browsers – including Chrome and Firefox. Their research paper, “Type Casting Verification: Stopping an Emerging Attack Vector”, employs an innovative metadata inventory system that models the user of inheritance trees in polymorphic C++ code. The researchers’ discovered vulnerable programming techniques used to achieve fast browser runtime speeds in a trade-off for a “flow of control hijacking” vulnerability that can lead to execution of malicious code. The main culprit, brought to light by Professor Wenke Lee and his research team, is the coding practice of runtime “down-casting” – an otherwise efficient programming technique that changes data types in real-time to support polymorphic data processing, which they found in nine areas of the GNU libstdc++ library used in Chrome and two areas in Firefox. Experimentation in developing the CAVER tool, led the research team to analyze object-oriented type hierarchy techniques used in internet browser enabling C++ code-bases, and discover “dozens of previously unknown bad-casting bugs.” Their receipt of the Internet Defense Prize recognizes this accomplishment, and is intended to encourage further research into harder and more difficult high-impact areas of cybersecurity.