IS4680 Lab 4 Q&A

Despite the presence of network security devices such as firewalls and other security appliances, today's corporate networks are still vulnerable to both internal and external attacks by hackers intent on creating havoc. By proactively

Vulnerability 3: Cross-Site Scripting (XSS): It is one of the most common application layer hacking techniques ("What is cross-site," 2015).

The attack is carried out on a closed environment using a local web server to host the

3. Warn : The number of days before password is to expire that user is warned that his/her password must be changed.

One of the most common is the CGI scripting. CGI scripting works by sending Bash command to the web server i.e. (Apache, *gnix, Webrick... etc.) to generate dynamic content for the user. Dynamic content is when a website appears personalized to the user. A normal Web browser would not allow the user to execute special query in the address bar. So, the attacker can use Bash to interact with website. For instance, the command in Bash called "curl" is a utility that is used to make HTTP request to a give specific URL essentially you are navigating the website without the Graphical User Interface (GUI). So, if the victims have CGI scripting enabled and the shellshock bug is present we know we can get the bash to run arbitrary code. So if the attacker runs this

12. Always keep an eye on the behavior of your site or script files to Read and learn how to handle and respond to visitors and intrusion discovered vulnerabilities, and protect

This type of attack is usually used for bringing down the systems at once by constantly sending massive amount of URL requests or overloading the server’s network traffic with bogus information. This is purposefully done to either a user’s system or the whole network to interrupt it partially or render it completely useless. When the system is brought down to its knees, the crackers either transform the complete system/website or do some manipulate some particular component to benefit from

The common gateway interface (CGI) is a standard way for a Web server to pass a Web user's request to an application program and to receive data back to forward to the user. It is part of the Web's Hypertext Transfer Protocol (HTTP). A disadvantage of a CGI application (or "executable file," as it is sometimes called) is that each time it is run, it runs as a separate process with its own address space, resulting in extra instructions that have to be performed, especially if many instances of it are running on behalf of users The improper use of CGI scripts affords users a number of vulnerabilities in system security.

According to the survey, "Perceptions about Network Security," 90 percent of the 583 companies polled said they've suffered a network security breach at the hands of hackers at least once in the past year.

Dougherty, C., Householder, A., & Houle, K. (2002). Computer attack trends challenge Internet security. Computer, 35(4), 0005-7.

System/application attacks fall within three categories: denial or destruction, alteration, and disclosure. This paper will cover some common system/application domain vulnerabilities: unauthorized physical and logical access to resources, weaknesses in server operating system and application software, and data loss.

“Branch Locator” page is vulnerable to SQL injection attacks. This is a serious vulnerability which involves inserting malicious SQL statements into an input field for execution. By appending SQL statements to the URL of the Branch Locator page, information about the structure of the underlying database was collected. This information was then used to generate further malicious statements. The list of database objects, tables and columns were returned. The

In the previous five years, cybersecurity has turned into the most looked for after calling around the world. More than 90 percent of respondents to an overview directed by the Ponemon Institute (2011) detailed being a casualty to cyberattacks amid the most recent year, costing all things considered more than $2 million for each association. This number keeps on ascending as the two programmers and security devices progress. As indicated by PwC, roughly 33% of all U.S. organizations are as of now utilizing digital protection (Lindros and Tittel, 2016).

The internet is a medium that is becoming progressively important as it makes information available in a quick and easy manner. It has transformed communications and acts as a global network that allows people to communicate and interact without being limited by time, boarders and distance. However, the infrastructure is vulnerable to hackers who use the system to commit cyber crime. To accomplish this, they make use of innovative stealth techniques for their malicious purposes in the internet.

Apache Resources DoS: This is vulnerability in Apache web server which is implemented using version Apache 2.0.52. In this the attacker forces the server to allocate more memory space until server is either degraded or crash of the server. To harm the system attacker uses long headers to Apache server.