The SEI Podcast Series will highlight the work of SEI researchers with different backgrounds, expertise, and interests. Some episodes will summarize the goals and results of advanced research projects at the cutting edge of science and technology. Other episodes will highlight the work of SEI technologists with customer-facing roles on applied, transition- and acquisition-oriented topics.
DNS Best Practices
The Domain Name System (DNS) is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong. DNS also serves as the backbone for other services critical to organizations including email, external web access, file sharing and voice over IP (VoIP). There are steps, however, that network administrators can take to ensure the security and resilience of their DNS infrastructure and avoid security pitfalls. In this podcast, Mark Langston discusses best practices for designing a secure, reliable DNS infrastructure.
Three Roles and Three Failure Patterns of Software Architects
As a software system moves through its lifecycle, each phase calls for the architect to use a different mix of skills. This podcast explores three roles and three failure patterns of software architects that he has observed working with industry and government software projects. This blog post by John Klein is read by Bill Thomas.
Security Modeling Tools
Recent research indicates that security is no longer only a matter of code and is tightly linked to software architecture. SEI researchers have created security-focused modeling tools that capture vulnerabilities and their propagation paths in an architecture. These security-focused modeling tools help security analysts and researchers improve system and software analysis. In this podcast, Julien Delange discusses the motivation for the work, the available tools, and how to use them.
Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks
In November 2016, Internet users across the Eastern Seaboard of the United States had trouble accessing popular websites, such as Reddit, Netflix, and the New York Times. Known as the Dyn attack, the disruption was the result of multiple distributed denial of service (DDoS) attacks against a single organization: Dyn, a New Hampshire-based Internet infrastructure company. DDoS attacks can be extremely disruptive, and they are on the rise. The Verisign Distributed Denial of Service Trends Report states that DDoS attack activity increased 85 percent in each of the last two years, with 32 percent of those attacks in the fourth quarter of 2015 targeting IT services, cloud computing, and software-as-a-service companies. In this podcast, CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them.
Cyber Security Engineering for Software and Systems Assurance
Effective cybersecurity engineering requires the integration of security into the software acquisition and development lifecycle. For engineering to address security effectively, requirements that establish the target goal for security must be in place. Risk management must include identification of possible threats and vulnerabilities within the system, along with the ways to accept or address them. There will always be cyber security risk, but engineers, managers, and organizations must be able to plan for the ways in which a system should avoid as well as recognize, resist, and recover from an attack. In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles that address the challenges of acquiring, building, deploying, and sustaining software systems to achieve a desired level of confidence for software assurance.