The SEI Podcast Series will highlight the work of SEI researchers with different backgrounds, expertise, and interests. Some episodes will summarize the goals and results of advanced research projects at the cutting edge of science and technology. Other episodes will highlight the work of SEI technologists with customer-facing roles on applied, transition- and acquisition-oriented topics.
Ransomware: Best Practices for Prevention and Response
On May 12, 2017, in the course of a day, the WannaCry ransomware attack infected nearly a quarter million computers. WannaCry is the latest in a growing number of ransomware attacks where, instead of stealing data, cyber criminals hold data hostage and demand a ransom payment. WannaCry was perhaps the largest ransomware attack to date, taking over a wide swath of global computers from FedEx in the United States to the systems that power Britain’s healthcare system to systems across Asia, according to the New York Times. In this podcast, CERT researchers spell out several best practices for prevention and response to a ransomware attack.
Integrating Security in DevOps
The term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks to fast development and release. To secure software, developers must follow numerous guidelines that, while intended to satisfy some regulation or other, can be very restrictive and hard to understand. As a result, a lot of fear, uncertainty, and doubt can surround software security. In this podcast, Hasan Yasar discusses how the Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems.
SEI Fellows Series: Peter Feiler
The position of SEI Fellow is awarded to people who have made an outstanding contribution of the work of the SEI and from home the SEI leadership may expect valuable advice for continued success in the institute’s mission. Peter Feiler was named an SEI Fellow in August 2016. This podcast is the second in a series highlighting interviews with SEI Fellows
NTP Best Practices
The network time protocol (NTP) synchronizes the time of a computer client or server to another server or within a few milliseconds of Coordinated Universal Time (UTC). NTP servers, long considered a foundational service of the Internet, have more recently been used to amplify large-scale Distributed Denial of Service (DDoS) attacks. While 2016 did not see a noticeable uptick in the frequency of DDoS attacks, the last 12 months have witnessed some of the largest DDoS attacks, according to Akamai's State of the Internet/Security report. One issue that attackers have exploited is abusable NTP servers. In 2014, there were over seven million abusable NTP servers. As a result of software upgrades, repaired configuration files, or the simple fact that ISPs and IXPs have decided to block NTP traffic, the number of abusable servers dropped by almost 99 percent in a matter months, according to a January 2015 article in ACM Queue. But there is still work to be done. It only takes 5,000 abusable NTP servers to generate a DDoS attack in the range of 50-400 Gbps. In this podcast, Timur Snoke explores the challenges of NTP and prescribes some best practices for securing accurate time with this protocol.
Establishing Trust in Disconnected Environments
First responders, search-and-rescue teams, and military personnel often work in “tactical edge” environments defined by limited computing resources, rapidly changing mission requirements, high levels of stress, and limited connectivity. In these tactical edge environments, software applications that enable tasks such as face recognition, language translation, decision support, and mission planning and execution are critical due to computing and battery limitations on mobile devices. Our work on tactical cloudlets addresses some of these challenges by providing a forward-deployed platform for computation offload and data staging.
When establishing communication between two nodes, such as a mobile device and a tactical cloudlet in the field, identification, authentication, and authorization provide the information and assurances necessary for the nodes to trust each other (i.e., mutual trust). A common solution for establishing trust is to create and share credentials in advance and then use an online trusted authority to validate the credentials of the nodes. The tactical environments in which first responders, search-and-rescue, and military personnel operate, however, do not consistently provide access to that online authority or certificate repository because they are disconnected, intermittent, limited (DIL). In this podcast, Grace Lewis presents a solution for establishing trusted identities in disconnected environments based on secure key generation and exchange in the field, as well as an evaluation and implementation of the solution.