Princeton Upskills U on Open Source Security

Princeton Professor and returning Upskill U lecturer Nick Feamster addresses the security risks and benefits of open source software.

Kelsey Ziser, Senior Editor

October 27, 2016

3 Min Read
Princeton Upskills U on Open Source Security

While service providers expect higher-quality code from open source software at lower licensing costs, many have concerns about the stability and security of open source code. Distribution can be vulnerable to malicious code; patches can also introduce vulnerabilities; tracking bugs in the code makes bugs more visible; and the skillsets of developer teams varies.

Upskill yourself on Cybersecurity with our new Upskill U online university! Sign up for our free course with Princeton University now!

This Friday at Upskill U, Nick Feamster, acting director of the Center for Information Technology Policy at Princeton University , will examine emerging concerns about open source and security, as well as the benefits of using open source as part of service providers' security strategy. (Register for Security: The Plusses and Minuses of Open Source Software.)

Figure 1: Princeton Professor Nick Feamster addresses open source security concerns at Upskill U. Princeton Professor Nick Feamster addresses open
source security concerns at Upskill U.

During Wednesday's Upskill U course, lecturer Gary Sockrider, principal security technologist for Arbor Networks , explained the history of DDoS attacks, case studies of recent attacks, and the business impact of these security threats. DDoS attacks not only raise operational expenses, but can also negatively affect an organization's brand, and result in loss of revenue and customers. (Listen to Security: Tackling DDoS.)

"Having visibility is key, you can't stop something you can't see. Having good visibility across your own network is vital in finding and stopping these attacks," said Sockrider. "You can leverage common tools and technology that are already available on the network equipment you own today such as flow technologies, looking at SIP logs … Obviously you'll want to get to some specific intelligent DDoS mitigation in the end."

Sockrider explained that although there are many security tools operators already have available in the network, leveraging these technologies is only a preventative measure to harden the network against bad players. "At the end of the day if you are the target of a full-force DDoS attack there's really only one way to go about that and it's a layered DDoS protection."

Layered DDoS protection starts upstream in a service or cloud provider's scrubbing center that can handle the volumetric attack. Sockrider advised organizations to also implement security measures closer to the device, servers and applications requiring protection, which is usually an inline device capable of deep-packet analysis to find and stop stealthy applications in real-time. Finally, organizations need the capability to quickly and easily communicate threat intelligence to the operator upstream.

Balancing security and cost is an ongoing challenge for both service providers and enterprises. Join Upskill U this week in uncovering the rapidly changing face of security threats, and in rethinking strategies to strengthening the network. As always, each live lecture at Upskill U includes an opportunity for Q&A with experts in the industry -- don't miss your chance to find answers to top-of-mind security questions. I'll see you on the chat boards!

— Kelsey Kusterer Ziser, editor, Upskill U

About the Author(s)

Kelsey Ziser

Senior Editor, Light Reading

Kelsey is a senior editor at Light Reading, co-host of the Light Reading podcast, and host of the "What's the story?" podcast.

Her interest in the telecom world started with a PR position at Connect2 Communications, which led to a communications role at the FREEDM Systems Center, a smart grid research lab at N.C. State University. There, she orchestrated their webinar program across college campuses and covered research projects such as the center's smart solid-state transformer.

Kelsey enjoys reading four (or 12) books at once, watching movies about space travel, crafting and (hoarding) houseplants.

Kelsey is based in Raleigh, N.C.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like