Preview

Unit5Dis1

Good Essays
Open Document
Open Document
314 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Unit5Dis1
Vulnerabilities
1. Apache /2.2.8 is out of date

2. Number of sections in the version string differ from those in the database, the server reports: 5.2.4.45.2.117.98.117.110.116.117.5.10 while the database has: 5.2.8

3. PHP/5.2.4-2ubuntu5.10 appears to be outdated

4. /config/: Configuration information may be available remotely.

5. /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.

What risks do they create?
1. Since version is out of date newer version could contain security patches needed to keep system safe. Also could correct security vulnerabilities in older version.
2. Since version is out of date newer version could contain security patches needed to keep system safe. Also could correct security vulnerabilities in older version.
3. Since version is out of date newer version could contain security patches needed to keep system safe. Also could correct security vulnerabilities in older version.
4. Config file is available remotely therefore someone could use this file to change configuration and gain access to the system.
5. Hacker could use this vulnerability to gain access to the system.

How can they be remediated?
1. Update the version.
2. Update the version.
3. Update the version.
4. Ensure that the config file is located behind the firewall.
5. The query strings need to be blocked or block the requests.
What practices should be used to prevent similar vulnerabilities?
All systems should be updated and patched regularly. Set up a regular scan schedule to ensure all systems are up to date.
What protective measures could be used if applications or servers could not be fixed?
If the applications cannot be patched or updated then alternative applications should be used and the vulnerable ones taken down. The servers should be taken down if not needed. Ensure that the servers/applications are isolated behind firewalls if they cannot be

You May Also Find These Documents Helpful

  • Good Essays

    Nt1330 Unit 1 Case Study

    • 776 Words
    • 4 Pages

    Managing, maintaining, and modifying applications is easier, since only the web application on the server-side needs to be updated.…

    • 776 Words
    • 4 Pages
    Good Essays
  • Good Essays

    6) Both version has a different look. When we installed lotus 7 then it automatically save in…

    • 528 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    What type of system do you currently use and are they up-to-date on security patches and upgrades?…

    • 306 Words
    • 1 Page
    Satisfactory Essays
  • Powerful Essays

    IS3340-Unit 2-Assignment 2

    • 1549 Words
    • 6 Pages

    ii. The legacy system must be upgraded to support the requirements of this paragraph as soon as administratively possible.…

    • 1549 Words
    • 6 Pages
    Powerful Essays
  • Good Essays

    is4680 lab #2

    • 630 Words
    • 2 Pages

    Windows Hardening Defense, starts with the basics, Log in with least amount of privileges. Always use Firewall and AV. Monitor channels for security advisories and alerts. Know your system(s). Patch early and patch often, Unpatched Systems are the lowest of low hanging fruit. Have a patch policy documented and stick with it. Review patches as they are released and determine criticality based on the exploit, threat footprint for your system(s), and whether or not there is a POC or fully weapon exploit in the wild. When possible, test patches before rolling out in production on servers. Most clients should have automatic updates enabled for the OS and any application listening on a socket or used with untrusted data (java, adobe, browsers, etc...) Servers should be updated during maintenance windows if possible and depending on criticality (of threat and server).…

    • 630 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Nt2580 Project 1

    • 492 Words
    • 2 Pages

    For the systems/application domain, we must lessen chances for attacks on our servers. This shall be done by figuring out which ports and services are not being used and shutting them off. This gives hackers less ways onto our system. Also needed is to make sure all servers have the latest patches and updates. These updates provide the latest security patches with less likelihood of vulnerabilities.…

    • 492 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Unit 9 Exercise 1

    • 225 Words
    • 1 Page

    c. Under Upgrades Tab - You can choose GPO’s which this can upgrade over. For example older versions of Acrobat and also gives you the ability to either uninstall then install the new product or just do an upgrade.…

    • 225 Words
    • 1 Page
    Satisfactory Essays
  • Good Essays

    Network eavesdropping, configuration file sniffing, attacker can read sensitive data out of memory or from local files…

    • 1000 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    Nt280 Week 1 Homework

    • 359 Words
    • 2 Pages

    H. Define a strict zero-day vulnerability window definition. Update devices with the security fixes and software patches right away.…

    • 359 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    IS4680 Lab 4 Q&A

    • 1180 Words
    • 4 Pages

    1. What is a PHP Remote File Include (RFI) attack, and why are these prevalent in today’s Internet world?…

    • 1180 Words
    • 4 Pages
    Powerful Essays
  • Good Essays

    Nt1330 Unit 7 Essay

    • 301 Words
    • 2 Pages

    Another reason for keeping a computer operating system updated is to provide increased productivity. When a software program evolves from one version to another, it becomes more streamlined, user-friendly, and increases intuitive to put to work. A major part of a business expenses are the employees and having upgraded software are synonymous with investing in employee productivity. As companies grow, hardware and software must grow with them to face increasing demands of productivity (Garger & Kosur, 2010). Outdated software is also much more expensive to maintain than the newer versions, by overloading help desk personnel with software related…

    • 301 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Scenario Three

    • 791 Words
    • 4 Pages

    Proper operating system patching would have to be done as well to reduce the risk of software vulnerabilities. Patching could be done from an internal update server like Microsoft’s WSUS server so that a connected system would contact the internal server at a scheduled time and pull down the appropriate updates it needs for the software that is installed. There are also many third party tools, like GFI’s LanGuard, that can be used to scan systems for vulnerabilities and patches and install them on demand without having to wait for a scheduled time to download (GFI, 2012).…

    • 791 Words
    • 4 Pages
    Good Essays
  • Good Essays

    Below are some reasons for upgrading to Windows Server 2008 R2 with service Pack 1(SP1). As we go through each one of the issues stated above we address the concerns and exploit Windows Server 2008. With the new technology of today and the improvements with Windows Server 2008, not only is Windows Server 2008 an OSI, but much more than that. So let us take a look at some of the good reasons for upgrading.…

    • 1230 Words
    • 5 Pages
    Good Essays
  • Satisfactory Essays

    Lab 9

    • 1001 Words
    • 3 Pages

    1. What are some common risks, and vulnerabilities commonly found in the System/Application Domain that must be mitigated with proper security countermeasures?…

    • 1001 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    When remote users do not have recent patches or updates, the system administrator should set up group policies such as, forcing updates to install right away. Rather than having the users restart the systems themselves, squandering the companies and users time, but at the same time safe guarding what goes in and out of the network.…

    • 588 Words
    • 3 Pages
    Good Essays