How would you protect from this type of attack?
The GET method should never be used when sensitive data such as credit card is being sent to a CGI program. This is because any GET command will appear in the URL, and will be logged by any servers. For example, let’s say that you’ve entered your credit card information into a form that uses the GET method. The URL may appear like this:
https://www.xsecurity-bank.com/creditcard.asp?cardnumber=453453433532234
The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information.
How would you protect from this type of attack?
Which port number Steve should scan?
Steve scans the network for SNMP enabled devices. Which port number Steve should scan?
What type of attack is Henry using?
Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of attack is Henry using?
What is the range of packet sequence numbers that would be accepted by the server?
You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three-way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250. What is the range of packet sequence numbers that would be accepted by the server?
What tool has Gerald's attacker used to cover their tracks?
Gerald, the Systems Administrator for Hyped Enterprises, has just discovered that his network has been breached by an outside attacker.After performing routine maintenance on his servers, he discovers numerous remote tools were installed that no one claims to have knowledge of in his department.
Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high- level port that was not closed.Gerald traces the IP address he found in the IDS log to a proxy server in Brazil.
Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland.Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China.
What tool has Gerald’s attacker used to cover their tracks?
What do you think is the main reason we have seen such a huge increase in hacking attempts over the past years
Statistics from cert.org and other leading security organizations have clearly shown a steady increase in the number of hacking incidents against companies. What do you think is the main reason we have seen such a huge increase in hacking attempts over the past years?
A program that defends against a port scanner will attempt to:
A program that defends against a port scanner will attempt to:
Fingerprinting an Operating System helps a cracker because:
Fingerprinting an Operating System helps a cracker because:
Which of the following features makes this possible?
SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. Hackers have used this protocol for a long time to gather great amount of information about remote hosts. Which of the following features makes this possible?
Which programming language is NOT vulnerable to buffer overflow attacks?
Which programming language is NOT vulnerable to buffer overflow attacks?