Web Server Application Attacks Assignment Example | Topics and Well Written Essays - 750 words

Web Server screening Attacks - Assignment ExampleThis keeps the web application safe from malicious drug exploiter gossips. Session Security Vulnerabilities. When school term IDs are sequential and persistent or when session tokens are not protected, one substance abuser may access another users data through assuming the other users identity. To mitigate this, session IDs must be random and must expire when a user logs out of the session. Session tokens must be protected and invalidated when the user logs out. 3. Authentication Vulnerabilities When boniface does not authenticate a user before giving him access to a web application, he may gain access to sensitive information and mishandle it. To counter this problem, the user must arrest authentication rules like HTTPS. User must ask for authentication after specified intervals. Access keep in line must in addition be implemented. Part 2 Protecting Web Servers from vindication of Service (DoS) Attacks Denial of Service (DoS ) attacks prevent web servers from serving websites to genuine users. These attacks are, mostly, targeted toward professional websites run by political or other important organizations, in order to hinder their web presence to their clients and users (AppliCure Technologies, 2013). However, small businesses are also not free of such threats. The websites cease to operate partially or fully. A DoS rape detection architectural design is a must-use in order to prevent such attacks. Mell, Marks & McLarnon (2000) feel discussed this architecture in their article, in which intrusion detection software (IDS) components are hidden from the attacker. In look the attack is successful, IDS components are shifted from the attacked host to functional host, where they counter with the attack successfully. This is done by by utilize mobile agent technology and network topology features. The communication between various IDS components is also confine (Mell, Marks & McLarnon, 2000). Part 3 a. Basic motivation behind the attack on the Justice Department, as hackers themselves stated, was that they wanted to release government data (Zabarenko, 2013, para.1). They were also outraged over the death of the late information processing system prodigy Aaron Swartz, who had committed suicide on January 11 this year. He had been facing trial for stealing millions of online JSTOR articles. b. I would have used Ping of Death, as it is a dummy ICMP packet receiving fragments of ping, and resembles the real packet. It becomes too gravid for the buffer once reassembled, which starts overflowing, and thus, the system hangs (Canavan, 2001, p.39). I would use this because there are freely available source code examples on the internet for Unix to create large ping packets. It is very blowsy to ditch the user through fake ping packet. c. Web server application attacks are not as easy as they may seem, because there are many different kinds of anti-virus softwares, intrusion detection s oftwares, and user input detection and encoding softwares that are being implemented nowadays. These special softwares make it very hard for the attackers to trace in their attacks. Part 4 To maintain a secure web presence, Federal government organizations neediness to maintain special mitigation strategies. Designing an information security policy is the first step towards the carrying into action of information security (Danchev 3). A security policy acts as a centralized crucial scroll that will help in eliminating the risk of security breaches by securing the confidential information stores from getting disclose to unauthorized persons. It defines the importance of a