computer systems are used, one has to delve a bit deeper into how those issues occur and what they mean for the people who use computers. Addressed here will be a critique of two articles addressing DNS attacks and network intrusion detection, in order to determine the severity of the issues these attacks are causing and what can be done in order to lessen the risks and protect the data of more individuals and companies.
Jackson, C., Barth, A., Bortz, A., Shao, W., & Boneh, D., (2009). Protecting browsers from DNS rebinding attacks. ACM Transactions on the Web, 3(1): 1-26.
Jackson, et al. (2009), provides information on the use of DNS rebinding attacks, which are generally unexpected by the users who experience them and can be very devastating. Many firewalls and other protection options do not work against DNS rebinding attacks, because the browser is fooled into thinking that the website it is being asked to access is safe from malicious software or other problems (Jackson, et al., 2009). The main goals of these DNS rebinding attacks are to defraud pay-per-click advertisers, get around personal and organizational firewalls, and send spam emails (Jackson, et al., 2009). One of the reasons these attacks are becoming so popular is that they cost very little to create. For around $100, the study found that 100,000 IP addresses could be hacked (Jackson, et al., 2009).
There are defenses to these attacks, however, including the classic "DNS pinning" and improvements made to it (Jackson, et al., 2009). Web servers, firewalls, and plug-ins are all vulnerable, and there are recommended changes that can be made to these in order to better protect them from DNS attacks (Jackson, et al., 2009). Many of the defenses suggested by the authors of the study have been used by open-source firewall implementers and vendors who provide plug-ins, so they can provide extra measures of safety.
The main contributions and strengths of this article relate to the way the researchers provide information regarding not only what the issue is but how to correct the issue and reduce the risk to those who might otherwise be affected by it. It is one thing to discuss an issue and point out that there are problems, but it is a completely different thing to take those issues and show how they can be solved or at least mitigated (Dean, Felten, & Wallach, 1996). Addressing an issue and putting thought into how to solve it properly is far different -- and far more valuable -- than simply stating that one has discovered an issue that can and should be dealt with. Solutions are available for the majority of problems seen with computers and with other facets of life, but until solutions are provided and implemented, and until their value is truly shown, they remain only speculation and do not provide options for improvement.
There are weaknesses and limitations to every article, and this one is no exception. The main limitation of the study is that it focuses only on DNS attacks, and there are many other types of attacks that regularly occur on computers. While the article does help solve a problem, there is more that could be addressed and solved in order to make computing safer overall (Karlof, et al., 2007). The weaknesses seen in this article are not significant, really, based on what the authors are presenting. The suggestions they have made have already been implemented by a number of companies that provide plug-ins and other Web services, so the suggestions are acceptable and do work properly.
The improvements to the article that could be made would be an ease of readability. While this is a complex topic, the article is confusing for those who are not clear on what DNS attacks are or how computer information actually works. It would not be expected that all of that information would be provided by the authors because there would not be room for that in the study, but more "layman's terms" in the article would make it accessible and understandable to a larger number of readers who may have an interest in the subject but have not yet developed a high level of understanding regarding it.
The article compares well with other articles that have been read so far. It is explanatory and provides something of real value, which is not always seen in studies that simply address what the issue is but that do not provide information on how any of the problems can be corrected. At times it may not be possible to truly correct an issue, but there are usually at least options for mitigation that can be considered (Gajek, Schwenk, & Xuan, 2008). The article is important because it does not ignore the fact that people want answers to their problems, not just information on the severity of those problems. This article is also strengthened because of information provided in other papers and textbooks that address the severity of DNS attacks and how they can be snuck into a large number of areas when it comes to computing (Gajek, Schwenk, & Xuan, 2008; Karlof, et al., 2007). It is clear that the authors realize the severity, and that they have paid attention to others who have written on the issue so they could develop ways to protect against DNS attacks.
The bibliography that comes with the paper provides ample opportunity for information that can help others understand the topic. The most important sources the authors provide include:
Dean, D., Felten, E.W., & Wallach, D.S. (1996). Java security: From HotJava to Netscape and beyond. In IEEE Symposium on Security and Privacy.
Gajek, S., Schwenk, J., & Xuan, C. (2008). On the insecurity of Microsoft's identity metasystem. Tech. Rep. HGI-TR-2008-003, Horst Gortz Institute for IT Security, Ruhr University Bochum.
Karlof, C.K., Shankar, U., Tygar, D., & Wagner, D. (2007). Dynamic pharming attacks and the locked same-origin policies for Web browsers. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).
Discussion and Conclusion
Overall, the information provided in the article is quite valuable to the majority of businesses and individuals who are working to keep themselves safe from DNS attacks. Many end users do not even realize that these types of attacks are possible, so they rely on others to protect them. This is done primarily through firewalls, but also through a reduction in spam emails and the mitigation of pay-per-click fraud. Because these are the areas on which DNS attacks focus, it is highly important that these areas are the ones on which the authors focus. It is particularly impressive that the study's authors are aware of the seriousness of the problem and that they have already created ways in which they can help. Those ways have been provided to companies that have put them into use, and they have provided more value and more security to a number of individuals and companies that may have otherwise been at risk. This is the true value of the article.
Critique: Paper Two
Sommer, R., & Paxson, V. (2003). Enhancing byte-level network intrusion detection signatures with context. Proceedings of the 10th ACM Conference on Computer and Communication Security: 262-271.
The article written by Sommer and Paxson (2003), addresses the issue of network intrusion and how best to detect it in order stop it from happening before it can cause damage to what the end user is engaged in. There are, currently, a number of network intrusion detection systems (NIDS). They use specific byte sequences as signatures, in an effort to detect whether there is malicious activity taking place (Sommer & Paxson, 2003). They are efficient in keeping out attacks, but they also return a level of false positives that is too high for the comfort of most individuals. In an effort to avoid that, Sommer and Paxson (2003) developed the use of contextual signatures. This improves the string-based signatures that are being used, and makes it harder for a false positive to appear.
The NIDS Bro was designed to provide both high-level and low-level context, which work well with regular expressions and semantic information in the scripting language. The expressiveness of the signature is greatly enhanced by the addition of context, so the number of false positives drops dramatically (Sommer & Paxson, 2003). By leveraging freeware like NIDS Snort into Bro's language, the authors also created a base upon which they could build. That also allows for the work to be better evaluated, as it can be compared to Snort and the issues with the comparison of NIDS can also be considered. Since it can be difficult to truly compare NIDS with one another, that point has to be addressed in order to keep the study on the right track and remaining logical.
The main strengths and contributions of the article relate to the in-depth information regarding intrusion detection. Since the authors understand how important this detection is, they see the value in protecting individuals and…