Describe a buffer overflow and the possible consequences of a buffer overflow occurring
A buffer overflow is a condition that occurs in any computer program when there is more input than the memory allocated for holding the data (Whitman & Mattord, 2003). The result is that another information is overwritten. Buffer overflow is a common technique used by attackers to exploit a system through crashing or inserting tailored code that enables them to control the system. Some possible consequences of a buffer overflow include data corruption, violations of memory access and termination of the program.
Explain what a cross-site scripting attack is and the goal of such an attack.
Describe some of the basic steps that should be taken when hardening an operating system.
Hardening an operating system involves taking measures to make it more resistant and resilient to common attacks. According to the Australian Defense Signals Directorate implementing the top strategies reduces cyber intrusion by 70% (Dhillon, 2007). Some of the recommended basic steps for hardening an operating system include patching the system and its applications with auto-update capabilities. Such an approach makes the system resilient to common attacks. Secondly, patching third party applications. This ensures they are not targeting. Admin privileges should be restricted to only users who need them and are verified. Lastly, approved application should be whitelisted to unmask intrusions easily.
Describe the three overall classes of security controls and three categories of controls that can be included within each security class.
Security controls, countermeasures or safeguards are measures used to reduce risk to information systems. The controls are classified into three classes as either management, technical or operational controls. Management controls involve policies, guidelines, planning and standards applied by an organization in the selection of technical and operational controls to minimize risks (Stallings, Brown, Bauer & Howard, 2008). Operational controls address the use and implementation of the standards and policies to ensure consistency. Lastly, technical controls imply the correct application of hardware and software to mitigate security threats.
Dhillon, G. (2007). Principles of information systems security. Hoboken, NJ: John Wiley & Sons.
Stallings, W., Brown, L., Bauer, M., & Howard, M. (2008). Computer security. Upper Saddle River, N.J.: Prentice Hall.
Stamp, M. (2006). Information security. Hoboken, N.J.: Wiley-Interscience.
Whitman, M., & Mattord, H. (2003). Principles of information security. Boston, Mass.: Thomson Course Technology.