Computer Science

Describe a buffer overflow and the possible consequences of a buffer overflow occurring
A buffer overflow is a condition that occurs in any computer program when there is more input than the memory allocated for holding the data (Whitman & Mattord, 2003). The result is that another information is overwritten. Buffer overflow is a common technique used by attackers to exploit a system through crashing or inserting tailored code that enables them to control the system. Some possible consequences of a buffer overflow include data corruption, violations of memory access and termination of the program.
Explain what a cross-site scripting attack is and the goal of such an attack.
A cross-site scripting attack is a form of a security vulnerability for computer information systems where input provided by one user in a program is used as the output to another user. The attacks are implemented in web applications and thus known as XSS attacks. Script code is included in the HTML content of a browse that is displayed to the user. Some common scripts used to carry out the attack are JavaScript, Ajax, Flash, VBScript and ActiveX (Stamp, 2006). The goal of cross-site scripting attacks is to exploit the security checks in the browser and gain access to private and privileged information that may be sensitive and of high value belonging to another website.
Describe some of the basic steps that should be taken when hardening an operating system.
Hardening an operating system involves taking measures to make it more resistant and resilient to common attacks. According to the Australian Defense Signals Directorate implementing the top strategies reduces cyber intrusion by 70% (Dhillon, 2007). Some of the recommended basic steps for hardening an operating system include patching the system and its applications with auto-update capabilities. Such an approach makes the system resilient to common attacks. Secondly, patching third party applications. This ensures they are not targeting. Admin privileges should be restricted to only users who need them and are verified. Lastly, approved application should be whitelisted to unmask intrusions easily.
Describe the three overall classes of security controls and three categories of controls that can be included within each security class.
Security controls, countermeasures or safeguards are measures used to reduce risk to information systems. The controls are classified into three classes as either management, technical or operational controls. Management controls involve policies, guidelines, planning and standards applied by an organization in the selection of technical and operational controls to minimize risks (Stallings, Brown, Bauer & Howard, 2008).  Operational controls address the use and implementation of the standards and policies to ensure consistency. Lastly, technical controls imply the correct application of hardware and software to mitigate security threats.
References
Dhillon, G. (2007). Principles of information systems security. Hoboken, NJ: John Wiley & Sons.
Stallings, W., Brown, L., Bauer, M., & Howard, M. (2008). Computer security. Upper Saddle River, N.J.: Prentice Hall.
Stamp, M. (2006). Information security. Hoboken, N.J.: Wiley-Interscience.

Whitman, M., & Mattord, H. (2003). Principles of information security. Boston, Mass.: Thomson Course Technology.


EmoticonEmoticon