Retrieved from https://studentshare.org/information-technology/1490151-solve-the-questions
https://studentshare.org/information-technology/1490151-solve-the-questions.
2) The user is a critical part of phishing prevention. What are two elements that might give away an attempt to pose as a financial site? One of the two elements is when a user does not use the “HTTPS” in the URL. This means that the website is not secured. Another way that the website may deemed as fake is when the URL changes. Many phishing scammers attempt to conduct this attack by pasting their customized URL, which may have different ending such as .net. In order to take a preventive action against this type of attack, it is crucial to write the URL on the menu bar as it removes any discrepancy.
Another element that it very vital is that the URL might ask for you to upgrade the software. However, this is a deception itself as it tries to run a .exe file. In any notification of running a .exe, this might be a clear example of a fake website. 3) A browser can warn a user of a homeograph attack with a visual cue. Give an example describing a method that still allows the user to browse to a Chinese or Arabic site. Well, this case may be different. Arabic website utilizes right to left text so it may be clear that it’s a homographic attack.
However, taking a case of Spanish website versus an American website, the discrepancy is harder to resolve. 4) Based on the reading in the book an attacker (most of the time) must learn about the database in order to attack with SQL injection. How can information be gathered without insider knowledge? SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. SQL although is a very useful language, can be very vulnerable against security.
By conducting ad hoc queries, such as using a wildcard(*) symbol, hackers can obtain vital SSN or credit card numbers. Even if they acquire certain information, they have programs that can execute queries to utilize many permutations of a function to acquire the right combination of information. 5) Why isn’t input validation always done if it can mitigate the #1 cyber attack vector? Whose “job” is it? The problem with input validation is the fact that it can be utilized to conduct cyber attacks.
Input validation are result of bad programming errors To execute a buffer overflow attack, you merely dump as much data as possible into an input field. The attack is said to be successful when it returns an application error. Cross-site scripting attacks place malicious code, usually JavaScript, in locations where other users see it. Target fields in forms can be addresses, bulletin board comments, etc. 1) Why is DNS considered one of the “pillar” application layer protocols? DNS is a pillar because all applications depend on DNS to provide authenticated binding between a name and the IP address.
DNS also binds a name to unauthenticated IP addresss. Without DNS, SSL and TLS are not established and address authentication services verify the security sessions after the DNS connection. Without DNS< the foundation of networking is not solidified. 2) Briefly describe the process for a DNS query. The first step in a DNS query process is that it requests information. Once the process has begun, the computers searches the local DNS cache to look for the address. If the address is not found, it performs a DNS query.
Secondly, it asks the recursive DNS servers to contact ISP’s recursive DNS servers. Since Recursive servers have their own caches, and the information is
...Download file to see next pages Read More