Preview

IS4680 Lab 4 Q&A

Powerful Essays
Open Document
Open Document
1180 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
IS4680 Lab 4 Q&A
The Lab #4 Assessment Questions and Answers

1. What is a PHP Remote File Include (RFI) attack, and why are these prevalent in today’s Internet world?
RFI stands for Remote File Inclusion that allows the attacker to upload a custom coded/malicious file on a website or server using a script. This vulnerability exploits the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). RFI is a common vulnerability and all website hacking is not entirely focused on SQL injection. Using RFI you can deface the websites, get access to the server and do almost anything. What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux.

2. What country is the top host of SQL Injection and SQL Slammer infections? Why can’t the US Government do anything to prevent these injection attacks and infections?
The United States of America is at the top of the list when it comes to SQL Injections and SQL Slammer infections, China comes in second. Cybercriminals have made vast improvements to their infrastructure over the last few years. Its expansion is thousands of websites vulnerable to SQL Injections. Malicious code writers have exploited these vulnerabilities to distribute malware so quick that the government cannot contain such a large quantity. The infected web servers redirected unsuspecting visitors to malicious websites, then the victim’s computers were then subjected to client-side exploit code. Once infected, these computers were added to the thousands of bots under the control of hackers. The attackers knew antivirus companies would write updates and software vendors will patch their code so they made sure their malicious web sites were loaded with a variety of exploit codes.

3. What does it mean to have a policy of Nondisclosure in an

You May Also Find These Documents Helpful

  • Good Essays

    Is3350 Unit 5

    • 880 Words
    • 4 Pages

    Electricity at work Regulations 1989. This legislation places the4 responsibility of electrical item on to the employer.…

    • 880 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    We are looking for the item Brake Set, Luffing Mechanism, GUL. Please kindly quote for the following item.…

    • 67 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    IS3445 Project part 1

    • 317 Words
    • 1 Page

    First off e-commerce is one of the best things for business whether you have your whole business through the web or partly. If you have a physical store, you are limited by the area that you can sell your product or offer service. An ecommerce website opens your business to the world. In addition to these two drivers,online retail is also driven by traffic from search engines. One of the most important positives of ecommerce is the lowered cost. A part of these lowered costs could be passed on to customers in the form of discounted prices. Advertising and marketing is global and you get a better buying market. For personnel use the automation of checkout, billing, payments, inventory management, and other operational processes, lowers the number of employees required to run an ecommerce setup. last but not least Real estate, the store does not need a prominent physical location. you can Locate the Product Quicker, eliminate travel time and cost, provide comparison shopping, also cross reference deals, bargains, coupons, and group buying.if you do open a e-business vulnerabilities that need to be taken into account if you decide to create an e-commerce site is security internal and external. Hackers attempting to steal customer information or disrupt the site or server containing customer information that is stolen. Also Imposters can mirror your ecommerce site to steal customer's money. authorized administrators/users of an ecommerce website downloading hidden active content need to watch the attacks on ecommerce system. Scans should be frequently done on your server. this will help identify any malicious programs that may be running worms, viruses or Trojan horses. Limited user access will ensure that you know exactly who has access to your ecommerce system and assign each user with unique access authentication method.…

    • 317 Words
    • 1 Page
    Satisfactory Essays
  • Powerful Essays

    Privileged Users will be presented the ROB for Users with Privileged Access to Information Systems. Non-Privileged Users are required to select the appropriate ROB at first login per database prior to receiving access to the application. If a user elects to decline the ROB, access to…

    • 1211 Words
    • 5 Pages
    Powerful Essays
  • Good Essays

    IS4560 Unit 3 Assign 1

    • 779 Words
    • 3 Pages

    systems from the network diagram. A security control is any mechanism that you put in…

    • 779 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    I was able to review the duplicate KG’s and resolve them. There were several different issues that cause the duplication.…

    • 64 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    In this assignment we are asked to identify the major threats and security concepts from a whitepaper located on the internet: http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf. This report stated that: “There are a number of recent and growing trends in the threat activity landscape that were observed by Symantec in 2009.” These threats are identified as:…

    • 275 Words
    • 1 Page
    Satisfactory Essays
  • Good Essays

    is4680 lab #2

    • 630 Words
    • 2 Pages

    Windows Hardening Defense, starts with the basics, Log in with least amount of privileges. Always use Firewall and AV. Monitor channels for security advisories and alerts. Know your system(s). Patch early and patch often, Unpatched Systems are the lowest of low hanging fruit. Have a patch policy documented and stick with it. Review patches as they are released and determine criticality based on the exploit, threat footprint for your system(s), and whether or not there is a POC or fully weapon exploit in the wild. When possible, test patches before rolling out in production on servers. Most clients should have automatic updates enabled for the OS and any application listening on a socket or used with untrusted data (java, adobe, browsers, etc...) Servers should be updated during maintenance windows if possible and depending on criticality (of threat and server).…

    • 630 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Is3350 Unit 1 Assignment

    • 1325 Words
    • 6 Pages

    In all, Figure 4 shows a calculation of 64% accuracy rate for correct answers given in his small reading group. I could tell that Michael felt like he was on a roll, and he made a surprising request that none of his peers groaned about. “Can we finish by ourselves?” The teacher gave consent for the class to finish independently, and they did. As an added bonus, the reading specialist shared an entire sheet of heart stickers made by her husband to celebrate Valentine’s Day early. Michael happily received his reward while trying to estimate the total stickers on the sheet (see Figure 5). When he saw the red heart, he stated, “I don’t want the heart to camouflage on my red sweater.” Therefore, Michael placed the heart on his white collar (see Figure 6).…

    • 1325 Words
    • 6 Pages
    Good Essays
  • Satisfactory Essays

    Is3350 Unit 1 Assignment

    • 653 Words
    • 3 Pages

    1. Once I have completed my current courses I will apply for TPP mathematics level C or enrol in an Accounting degree.…

    • 653 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    Is317 Lab #3 Questions

    • 430 Words
    • 2 Pages

    4. What is the purpose of the traceroute command? What useful information does traceroute provide? How can this information be used to attack the targeted website?…

    • 430 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Lab 4 Is4680

    • 465 Words
    • 2 Pages

    1. What is a PHP Remote File Include (RFI) attack, and why are these prevalent in Today’s Internet world? RFI stands for Remote File Inclusion that allows the attacker to upload a custom Coded/malicious file on a website or server using a script. This vulnerability Exploits the poor validation checks in websites and can eventually lead to code Execution on server or code execution on website (XSS attack using JavaScript). RFI is a common vulnerability and all website hacking is not entirely focused on SQL injection. Using RFI you can deface the websites, get access to the server and do almost anything. What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one; some BASH might come handy as most of servers today are hosted on Linux.…

    • 465 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    Nt1330 Unit 1 Essay

    • 601 Words
    • 3 Pages

    The number two web based attack of 2009 was the Microsoft Internet Explorer ADODB.Stream Object file installation weakness. This exploit accounted for 18% of the total number of web based exploits for the year.This vulnerability allows hackers to install malicious files on a vulnerable computer when a user visits a website hosting an exploit. In…

    • 601 Words
    • 3 Pages
    Better Essays
  • Good Essays

    fbi cases

    • 3323 Words
    • 14 Pages

    Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the…

    • 3323 Words
    • 14 Pages
    Good Essays
  • Satisfactory Essays

    Violating my copyright privileges is definitely not a good thing. I am all for sharing music. If music was not shared, some of the smaller acts would never be recognized. As for my scenario my employment and income is based off of music sales. In this case I am not okay with it.…

    • 250 Words
    • 1 Page
    Satisfactory Essays