Week 2 Reading and In The News

My takeaway from Chapter 2 – Enterprise Data Center Topology:  It seems that a good network architecture structurally decomposes incoming and outgoing traffic into n-tier functional service areas (i.e. client facing web tier, application tier, and database tier) to enable matching the placement of appropriate traffic-oriented defense mechanisms to the risk.  It is interesting to learn that load balancers can be equipped to serve as better DoS defense mechanisms than firewalls.

Question: Do the specialized defense mechanisms of individual CISCO appliances clearly reflect unique functions and complementary capabilities, or do they have both unique and overlapping capabilities that make understanding how to best combine them more of an alchemy and art than an engineering discipline and science?

 

In The News

New analysis method discovers eleven security flaws in popular Internet browsers – August 14, 2015, Homeland Security News Wire (http://www.homelandsecuritynewswire.com/dr20150814-new-analysis-method-discovers-eleven-security-flaws-in-popular-internet-browsers)  Facebook and USENIX awarded the second ever $100,000 Internet Defense Prize to researchers at Georgia Institute of Technology’s College of Computing for their techniques and tool that discovers security vulnerabilities in C++ data structure management functions used in popular web browsers – including  Chrome and Firefox.  Their research paper, “Type Casting Verification: Stopping an Emerging Attack Vector”, employs an innovative metadata inventory system that models the user of inheritance trees in polymorphic C++ code. The researchers’ discovered vulnerable programming techniques used to achieve fast browser runtime speeds in a trade-off for a “flow of control hijacking” vulnerability that can lead to execution of malicious code.  The main culprit, brought to light by Professor Wenke Lee and his research team, is the coding practice of runtime “down-casting” – an otherwise efficient programming technique that changes data types in real-time to support polymorphic data processing, which they found in nine areas of the GNU libstdc++ library used in Chrome and two areas in Firefox. Experimentation in developing the CAVER tool, led the research team to analyze object-oriented type hierarchy techniques used in internet browser enabling C++ code-bases, and discover “dozens of previously unknown bad-casting bugs.”  Their receipt of the Internet Defense Prize recognizes this accomplishment, and is intended to encourage further research into harder and more difficult high-impact areas of cybersecurity.

2 Responses to Week 2 Reading and In The News

  • Lesson Learned from Chapter 2 – Enterprise Data Center Topology: It seems that a defense in depth strategy which provides many layers for data to traverse provides a great defense mechanism for external threats.

    Question: What are the advantages and disadvantages of deploying Network IDS Capture Architecture?

    In The News
    http://dailybruin.com/2015/09/01/ucla-health-notifies-patients-of-data-breach-after-laptop-theft/

    UCLA Health notified more than 1,200 patients Tuesday who may have had their medical information exposed after a faculty member’s laptop was stolen in early July.
    No Social Security numbers, credit card numbers or financial data were stored on the laptop, according to a statement from UCLA Health. Officials said in a statement there is no evidence suggesting medical information on the laptop was accessed, used or distributed. Officials finished analyzing the data from the backup of the laptop on Aug. 14 and compiled a list of 1,242 individuals who may have had their information stolen.

    • My takeaway from Chapter 2 – Enterprise Data Center Topology: It seems that a good network architecture structurally decomposes incoming and outgoing traffic into n-tier functional service areas (i.e. client facing web tier, application tier, and database tier) to enable matching the placement of appropriate traffic-oriented defense mechanisms to the risk. It is interesting to learn that load balancers can be equipped to serve as better DoS defense mechanisms than firewalls.

      Question: Do the specialized defense mechanisms of individual CISCO appliances clearly reflect unique functions and complementary capabilities, or do they have both unique and overlapping capabilities that make understanding how to best combine them more of an alchemy and art than an engineering discipline and science?

      In The News

      New analysis method discovers eleven security flaws in popular Internet browsers – August 14, 2015, Homeland Security News Wire (http://www.homelandsecuritynewswire.com/dr20150814-new-analysis-method-discovers-eleven-security-flaws-in-popular-internet-browsers) Facebook and USENIX awarded the second ever $100,000 Internet Defense Prize to researchers at Georgia Institute of Technology’s College of Computing for their techniques and tool that discovers security vulnerabilities in C++ data structure management functions used in popular web browsers – including Chrome and Firefox. Their research paper, “Type Casting Verification: Stopping an Emerging Attack Vector”, employs an innovative metadata inventory system that models the user of inheritance trees in polymorphic C++ code. The researchers’ discovered vulnerable programming techniques used to achieve fast browser runtime speeds in a trade-off for a “flow of control hijacking” vulnerability that can lead to execution of malicious code. The main culprit, brought to light by Professor Wenke Lee and his research team, is the coding practice of runtime “down-casting” – an otherwise efficient programming technique that changes data types in real-time to support polymorphic data processing, which they found in nine areas of the GNU libstdc++ library used in Chrome and two areas in Firefox. Experimentation in developing the CAVER tool, led the research team to analyze object-oriented type hierarchy techniques used in internet browser enabling C++ code-bases, and discover “dozens of previously unknown bad-casting bugs.” Their receipt of the Internet Defense Prize recognizes this accomplishment, and is intended to encourage further research into harder and more difficult high-impact areas of cybersecurity.

  • In The News
    As per recent hacking attack conducted against Ashley Madison’s adultery-promoting web site as reported by Philadelphia Action News and online resources, it has been a big deal since a lot of military and government related officials’ personal information have been compromised. Now, people cannot even remove their profiles unless paid a required dollar amount. Some people even think about conducting a suicide because of such exposure to public.

    It is important to understand the criticality of Cyber-Security threats and huge demand for security professionals and company’s corporate management to understand how critical IT is in nowadays. Especially, when it comes to protecting people’s privacy, there must be an appropriate financial investment to make sure assets are protected. Considering how many persons of interest had registered on Ashley’s website, management should have made sure of a maximum security-in-depth implementation to prevent or minimize such private information leakage to public.

    I like this post since it reflects a level of potential issues at global scale if IT environment is not secured adequately based on nature of the business. Most importantly, the embarrassment of hacking attack is not about business, but people who have been compromised and being blackmailed.

    Ref. Sources:
    http://www.technewsworld.com/story/82417.html

Leave a Reply

Your email address will not be published. Required fields are marked *