Princeton Upskills U on Open Source Security

Kelsey Kusterer Ziser
10/27/2016

While service providers expect higher-quality code from open source software at lower licensing costs, many have concerns about the stability and security of open source code. Distribution can be vulnerable to malicious code; patches can also introduce vulnerabilities; tracking bugs in the code makes bugs more visible; and the skillsets of developer teams varies.


Upskill yourself on Cybersecurity with our new Upskill U online university! Sign up for our free course with Princeton University now!

This Friday at Upskill U, Nick Feamster, acting director of the Center for Information Technology Policy at Princeton University , will examine emerging concerns about open source and security, as well as the benefits of using open source as part of service providers' security strategy. (Register for Security: The Plusses and Minuses of Open Source Software.)

Princeton Professor Nick Feamster addresses open  source security concerns at Upskill U.
Princeton Professor Nick Feamster addresses open
source security concerns at Upskill U.

During Wednesday's Upskill U course, lecturer Gary Sockrider, principal security technologist for Arbor Networks , explained the history of DDoS attacks, case studies of recent attacks, and the business impact of these security threats. DDoS attacks not only raise operational expenses, but can also negatively affect an organization's brand, and result in loss of revenue and customers. (Listen to Security: Tackling DDoS.)

"Having visibility is key, you can't stop something you can't see. Having good visibility across your own network is vital in finding and stopping these attacks," said Sockrider. "You can leverage common tools and technology that are already available on the network equipment you own today such as flow technologies, looking at SIP logs … Obviously you'll want to get to some specific intelligent DDoS mitigation in the end."

Sockrider explained that although there are many security tools operators already have available in the network, leveraging these technologies is only a preventative measure to harden the network against bad players. "At the end of the day if you are the target of a full-force DDoS attack there's really only one way to go about that and it's a layered DDoS protection."

Layered DDoS protection starts upstream in a service or cloud provider's scrubbing center that can handle the volumetric attack. Sockrider advised organizations to also implement security measures closer to the device, servers and applications requiring protection, which is usually an inline device capable of deep-packet analysis to find and stop stealthy applications in real-time. Finally, organizations need the capability to quickly and easily communicate threat intelligence to the operator upstream.

Balancing security and cost is an ongoing challenge for both service providers and enterprises. Join Upskill U this week in uncovering the rapidly changing face of security threats, and in rethinking strategies to strengthening the network. As always, each live lecture at Upskill U includes an opportunity for Q&A with experts in the industry -- don't miss your chance to find answers to top-of-mind security questions. I'll see you on the chat boards!

— Kelsey Kusterer Ziser, editor, Upskill U

(4)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
kq4ym
kq4ym
11/9/2016 | 11:11:11 AM
Re: security is hot now!
And it is always interesting for us to realize how "Balancing security and cost is an ongoing challenge," and just how the industry might justify the decisions involved in getting security without damagaing the budget or the management's desires to sometimes gamble on getting by with minimal security to save costs.
Kelsey Ziser
Kelsey Ziser
10/27/2016 | 3:00:31 PM
Re: security is hot now!
@jayakd0 Prof. Feamster is always a dynamic speaker and makes the Q&A really interactive, I know it'll be an interesting an timely course!
Michelle
Michelle
10/27/2016 | 2:57:01 PM
Timely topic
I'm looking forward to the next session in security. I was able to tune in to hear the first session on IoT and it was eye-opening.
jayakd0
jayakd0
10/27/2016 | 2:07:19 PM
security is hot now!
Thx Kelsey, look forward to Prof. Nick's talk!
More Blogs from Kelsey's Grammar
Mike Dano explains how Verizon and other service providers speaking at the 5G Transport & the Edge event are well positioned to talk about edge computing, transport and traffic routing.
MATRIXX's Founder Jennifer Kyriakakis says 5G will enable the creation of many new opportunities in the telecom industry, especially around microservices, networking, automation and security.
During a Women in Comms breakfast workshop, panelists shifted focus from the hype around connected cars and drones to debating how 5G could impact job opportunities for women in comms and tech.
In a recent podcast with Light Reading, John Isch discusses how Orange 'co-innovates' with SD-WAN customers, and shares several case studies on what this process looks like by describing collaborations with its SD-WAN customers Siemens and Sony.
As 5G takes off, service providers must plan ahead for its impact on SD-WAN. In addition, Ely says growing demand for 'co-managed' SD-WAN services creates challenges around scalability.
Featured Video
Upcoming Live Events
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events