Describe
a buffer overflow and the possible consequences of a buffer overflow occurring
A
buffer overflow is a condition that occurs in any computer program when there
is more input than the memory allocated for holding the data (Whitman &
Mattord, 2003). The result is that another information is overwritten. Buffer
overflow is a common technique used by attackers to exploit a system through
crashing or inserting tailored code that enables them to control the system.
Some possible consequences of a buffer overflow include data corruption,
violations of memory access and termination of the program.
Explain
what a cross-site scripting attack is and the goal of such an attack.
A
cross-site scripting attack is a form of a security vulnerability for computer
information systems where input provided by one user in a program is used as
the output to another user. The attacks are implemented in web applications and
thus known as XSS attacks. Script code is included in the HTML content of a
browse that is displayed to the user. Some common scripts used to carry out the
attack are JavaScript, Ajax, Flash, VBScript and ActiveX (Stamp, 2006). The
goal of cross-site scripting attacks is to exploit the security checks in the
browser and gain access to private and privileged information that may be
sensitive and of high value belonging to another website.
Describe
some of the basic steps that should be taken when hardening an operating
system.
Hardening
an operating system involves taking measures to make it more resistant and
resilient to common attacks. According to the Australian Defense Signals
Directorate implementing the top strategies reduces cyber intrusion by 70%
(Dhillon, 2007). Some of the recommended basic steps for hardening an operating
system include patching the system and its applications with auto-update
capabilities. Such an approach makes the system resilient to common attacks.
Secondly, patching third party applications. This ensures they are not
targeting. Admin privileges should be restricted to only users who need them
and are verified. Lastly, approved application should be whitelisted to unmask
intrusions easily.
Describe
the three overall classes of security controls and three categories of controls
that can be included within each security class.
Security
controls, countermeasures or safeguards are measures used to reduce risk to information
systems. The controls are classified into three classes as either management,
technical or operational controls. Management controls involve policies,
guidelines, planning and standards applied by an organization in the selection
of technical and operational controls to minimize risks (Stallings, Brown,
Bauer & Howard, 2008). Operational
controls address the use and implementation of the standards and policies to
ensure consistency. Lastly, technical controls imply the correct application of
hardware and software to mitigate security threats.
References
Dhillon, G.
(2007). Principles of information systems security. Hoboken, NJ:
John Wiley & Sons.
Stallings, W., Brown,
L., Bauer, M., & Howard, M. (2008). Computer security. Upper
Saddle River, N.J.: Prentice Hall.
Stamp, M. (2006). Information
security. Hoboken, N.J.: Wiley-Interscience.
Whitman, M., &
Mattord, H. (2003). Principles of information security. Boston,
Mass.: Thomson Course Technology.
5 comments
There is so much in this article that I would never have thought of on my own. Your content gives readers things to think about in an interesting way. end of tenancy cleaning Wallington sm6
This is important, though it's necessary to help you head over to it weblink: боядисване на апартаменти софия
I might suggest solely beneficial in addition to trusted facts, and so find it: система за управление на опашки
Hi there, I discovered your blog per Google bit searching for such kinda educational advise moreover your inform beholds very remarkable for me. сайт за чаши
For this web site, you will see our account, remember to go through this info. магазин за подаръци бургас
EmoticonEmoticon