Using Open Source Reconnaissance Tools for Business Partner Vulnerability Assessment (Young, S., 2014) . This article began with a warning about the legal risks of assessing the vulnerabilities of websites and servers used by prospective and current business partners, and went on to provide an informative discussion of a number of public information sources and non-intrusive open source reconnaissance tools that can be used to conduct vulnerability assessments.

The Art of Reconnaissance – Simple Techniques (Bhamidipati, S. 2001). This article presented reconnaissance as a straight forward three-step process.  The first step is reconnaissance and focuses on obtaining basic information about a target entity’s internet presence, including domain names, servers and IP addresses, network connection to the internet.   The second step uses pings and  port scanning via a series of commands to determine the nature and configurations of the entity’s machines including Operating Systems,  open ports and services that are open, running, and available. The third-step is a more detailed reconnaissance focused on finding out the software and versions supporting available services.  While the author does not actively mention it, it seems that the logical next step is to follow up and assess the vulnerabilities of the software versions being used.

Question for class:  Are any of the techniques described in the articles safe to use on my work computer, or would I be smarter to first set up “totally” anonymous accounts and non-work personal computer before delving into hands on reconnaissance and penetration testing?

 In the News Article –  BlackHat2014: Airport Scanners Riddled with Security Flaws (Rashid, F.Y. 2014-08-08).  Security researchers report that scanners used in many US airports are “riddled with security flaws.”   Flaws cited included storing baggage X-Ray machine user credentials in plain text, hardcoded passwords providing vendors backdoor access for maintenance and testing are vulnerable, and time clock system used to synchronize RSA security passwords is available from Internet.  http://www.infosecurity-magazine.com/news/airport-scanners-riddled-with/

My takeaway from Chapter 2 – Enterprise Data Center Topology:  It seems that a good network architecture structurally decomposes incoming and outgoing traffic into n-tier functional service areas (i.e. client facing web tier, application tier, and database tier) to enable matching the placement of appropriate traffic-oriented defense mechanisms to the risk.  It is interesting to learn that load balancers can be equipped to serve as better DoS defense mechanisms than firewalls.

Question: Do the specialized defense mechanisms of individual CISCO appliances clearly reflect unique functions and complementary capabilities, or do they have both unique and overlapping capabilities that make understanding how to best combine them more of an alchemy and art than an engineering discipline and science?

In The News

New analysis method discovers eleven security flaws in popular Internet browsers – August 14, 2015, Homeland Security News Wire (http://www.homelandsecuritynewswire.com/dr20150814-new-analysis-method-discovers-eleven-security-flaws-in-popular-internet-browsers)  Facebook and USENIX awarded the second ever $100,000 Internet Defense Prize to researchers at Georgia Institute of Technology’s College of Computing for their techniques and tool that discovers security vulnerabilities in C++ data structure management functions used in popular web browsers – including  Chrome and Firefox.  Their research paper, “Type Casting Verification: Stopping an Emerging Attack Vector”, employs an innovative metadata inventory system that models the user of inheritance trees in polymorphic C++ code. The researchers’ discovered vulnerable programming techniques used to achieve fast browser runtime speeds in a trade-off for a “flow of control hijacking” vulnerability that can lead to execution of malicious code.  The main culprit, brought to light by Professor Wenke Lee and his research team, is the coding practice of runtime “down-casting” – an otherwise efficient programming technique that changes data types in real-time to support polymorphic data processing, which they found in nine areas of the GNU libstdc++ library used in Chrome and two areas in Firefox. Experimentation in developing the CAVER tool, led the research team to analyze object-oriented type hierarchy techniques used in internet browser enabling C++ code-bases, and discover “dozens of previously unknown bad-casting bugs.”  Their receipt of the Internet Defense Prize recognizes this accomplishment, and is intended to encourage further research into harder and more difficult high-impact areas of cybersecurity.