PART A
Web cache can help users search the internet faster and safer. The web cache stores information such as html and images. This process access the website quicker than clicking on a link because the information of the site is stored. Oracle provides a web cache service that uses a filter to check the security of the website before the application reach the client. This is important to protect the user from malicious content that may be present on the site. At times, users download content from sites that may have viruses and malware that may attack the user""?s computer application or operating system.
SUBSTANTIVE COMMENTARY
Undoubtedly, Web caching is the storage of web pages not far away from the user to provide better, easy and fast access to web surfing. There may be objects, text, images etc in a Web cache memory. Oracle web cache is the best example author has provided. It performs caching and request filtering, thus scaling the overall performance of the systems and application servers. Oracle web cache has an in-built compatibility with third party content management systems. (“Sheila Frankel et al.”, 2005)
PART B
Web cache along with remote applications (VPN) can expose not up to date patches within the remote host that an attacker can place fake malicious websites . This websites are controlled by the attacker which could lead to identity fraud and all types of personal credentials being validated. Also, the attacker may just want to adjutant the company by disrupting the service accessibility, causing customers to have a denial of service (DOS). To prevent disruption in remote services, the company must update their application by performing patches to fix in loop holes within the application.
This past week, our class embarked on a lab assignment dealing with VPN remote services. However, we were fast with challenges due the coming storm on the east coast of the United States. I made sure that this assignment was completed before the storm arrived. Nature disasters play a major role in computer functions. However, this is something that we can""?t control and must face when the situation arises. I chose this vulnerability for that simple reason. I also wondered if the VPN server had a back-up in cold site where it was protected from electrical and flood damage since this sites add protection from natural disasters as mentioned.
SUBSTANTIVE COMMENTARY
Needless to say, Web caching is extremely good for improving the performance and ease of use but there are security vulnerabilities associated with it. One has to pay a security cost for enhancing user convenience and usage. Web caching is exposed to some specific threats like stealing user confidential data with a web proxy. There are several threats the author mentions in Part B. I will basically categorize them so that it is better to comprehend. The threats that you need to actually worry about are as follows:
1. Cached data access/Unauthorized information disclosure
2. User impersonation via cached session ID’s
3. Leakage of Information via HHTP post.
(“Radia Perlman”, 2000)
References:
Sheila Frankel et al. (2005), "Guide to IPsec VPNs", NIST Special Publication 800-77, Dec 2005. Retrieved from: http://csrc.nist.gov/publications/nistpubs/800-77/sp800-77.pdf
Radia Perlman (2000), "Key Exchange in IPSec: Analysis of IKE", IEEE Internet Computing, Vol. 4(6), 2000.
