Network Security Statements, Coursework Example

1) Do you think programmers should be allowed to develop server-side dynamic Web pages, given the dangers that are involved in their doing so?

Server Side dynamic web pages pose one the largest internet security threat. The server side dynamic web pages use CGI applications and SSI-enabled web pages, but are insecure because poorly written code produces holes, leaks, and back doors on a system that would otherwise be safe. The programmers should know that CGI applications and SSI pages create the three most common security risks such as information leaks, gives access to potentially dangerous system commands or applications, and may deplete system resources.

The information leaks provide the hacker with the information that provides them with the weapons that they could use to break into the server. This brings out the fact that dynamic server side pages pose a security threat to a system because the hacker gets access to information that should be hidden to the hacker. The Server Side dynamic web pages pose security threats where hackers use the commands to gain access to the services of the server that they could use for their own gain. Example is using HTML form based script; the hacker uses this information to send fraudulent messages to client get confidential information.

The other threat associated with the Server Side pages is that they lead to depletion of resources. This causes the available resources to be depleted making the system fully unresponsive. This is especially with programs written in C and C++ that lead to overflow of buffers. This leads to crashes that help the hackers to access the system. From the above, the programmers should be allowed to develop server side dynamic web pages because they allow the server to interact with the user. Allowing the programmers to program such scripts should be followed by debugging to remove any holes and leaks that will possibly give access to hackers. Poorly written scripts should not be allowed to run in the server.

2) Client-side scripting attacks usually require the client to visit a Web server with malicious content. How do you think attackers get users to visit such Web pages?

Client-server scripting attacks usually require clients to visit the Web Server pages with malicious content. The attackers get the users to visit the Web pages using the links and tricks to cause the user to click on them. The hackers design these links with a sense of urgency, threatening financial harm and embarrassment if the user fails to take the bit. Other means the hacker uses are flattering of users and sexual hints. Others use or pretend to be a friend with exciting information to share. Most hackers may forge emails from address to lie to users that they are from their trusted supplies. Some instances the hackers are known to break into an email account and send fraudulent information to the contacts of the hacked emails.

3) What three main topics would you select for a one-hour user training session on e-mail security? Do not create topics that are extremely broad to avoid being selective.

The three main topics that are selectable for a training session with the users for one hour on e-mail security are as below:

Spam and html bodies: this will include definition, problems that spam creates, and dangers in spam filtering. In addition, to be included is the danger in HTML email body messages, Email etiquette, and E-mail encryptions: SSL/TLS, end-to-end security, standards used on emails, and merits and demerits of each

4) What three main topics would you select for a one-hour training session for senior managers on e-mail security? This question requires you to be selective. Do not create topics that are extremely broad to avoid being selective.

The three main topics that I would select for training senior managers for one-hour training session on e-mail security. Policies: Email and internet policies, review of electronic mail and internet usage policies; Mail: Email risk factors, Junk mail, Mail viruses; Firewalls: firewall capabilities, intrusion detection, and email monitoring

5) An employee working at home complains that some of her messages to fellow employees at the firm’s headquarters site are not getting through. What might be the problem?

Firewall settings might hinder the flow of emails from braches to the headquarters. There could also be a case where the messages may be classified as junk emails or spam. Emails within the same company should have the highest priority so that there can be efficient communication in the firm. The issue regarding emails failure to go through should be communicated to the IT professional to check the firewall settings and policies in place to ensure no worms or viruses penetrate the system. The basic things are that users need education on how to use their emails and on how to handle the spams mails.

6) A company is warned by its credit card companies that it will be classified as a high-risk firm unless it immediately reduces the number of fraudulent purchases made by its e-commerce clients. Come up with a plan to avoid this outcome.

Information security concepts and access control policies include the plan to use in order to avoid being classified as a high-risk. The plan involves using experts in IT and internet protocols to enhance the integrity and confidentiality. The company should connect with the credit card owners to ensure that there is accountability and availability of the clients’ information. This will involve checking the information of the clients and ensuring that there is phone confirmation of the requested information to ensure that the credit cards are not involved in the information being. This will be a boosted security for the clients. A requirement on all clients’ security credentials to ensure that they have activated their secondary security check for all transactions. A connection with the Security firewall will check all clients’ transactions to advise the clients in cases of fraudulent activities when detected. The other course of action is audits on clients to check for frauds this will help to investigate the transactions reported as fraud.

The other area to check on the plan of action is the information assets to ensure that they are up-to-date to ensure that they are up to date. The flow of Information should also be checked to ensure that hackers do not access the information. The plan also involves checking the responsibilities of data owners, custodians, and users. It goes down to access policies that will enable the company to check the access of clients’ information. This will ensure that information is safeguarded and uncompromised.