Question

In: Computer Science

2. Examine various vulnerabilities of information system that lead to a successful footprinting and recommend the...

2. Examine various vulnerabilities of information system that lead to a successful footprinting and recommend the countermeasures for the same.

Solutions

Expert Solution

Footprinting refers to the process of collecting as much as information as possible about the target server or computer system to find ways to penetrate into that server/system.

Various vulnerabilities of information system that lead to footprinting:

1. Open access to all ports

2. All protocols are enabled on the system

3. Availability of un encrypted senitive data

4. No data validation of user entered data on a web site.

5. Remote access enabled on the server without authentication

Countermeasures which help to prevent footprinting are as follows:

1. We should disable unnecessary protocols for a server.


2. We must lock down ports with an appropriate firewall configuration.


3. We must use TCP/IP and IPSec filters for defense in depth.


4. We should configure IIS to prevent information disclosure through banner grabbing.


5. We should use an IDS that can be configured to pick up footprinting patterns and reject suspicious traffic.

6. We should encrypt and password-protect sensitive data. Data such as Web accessible e-mail
should be considered sensitive data and should be encrypted.

7. We should curtail unexpected input from the user. Some Web pages allow users to enter usernames and
passwords. These Web pages can be used maliciously by allowing the user to enter in
more than just a username. Username: jdoe; rm -rf / This might allow an attacker to
remove the root file system from a UNIX Server. Programmers should limit input
characters, and not accept invalid characters such as |; < > as possible input.


Related Solutions

Recommend various staffing technologies to enhance the performance and efficiency of the staffing system.
Recommend various staffing technologies to enhance the performance and efficiency of the staffing system.
For each scenario described, (1) identify the potential control issues/threats/vulnerabilities and (2) recommend applicable preventive, detective,...
For each scenario described, (1) identify the potential control issues/threats/vulnerabilities and (2) recommend applicable preventive, detective, and/or corrective control procedures. Please write your answers in well-developed, complete sentences. The VP of Sales, Carol, has sent you an email relating to her suspicions and would like for you to respond: I don’t want to sound paranoid, but it seems like we are getting beat out of our electronic contract bids by the same company each and every time. I don’t think...
For each scenario described, (1) identify the potential control issues/threats/vulnerabilities and (2) recommend applicable preventive, detective,...
For each scenario described, (1) identify the potential control issues/threats/vulnerabilities and (2) recommend applicable preventive, detective, and/or corrective control procedures. Please write your answers in well-developed, complete sentences. The VP of Sales, Brenda, has sent you an email relating to a recent IT incident and would like your response: I hate to tell you this, but one of my employees was traveling to meet a customer yesterday and left their computer in the back seat of the rental car. The...
1) Examine and describe the concept of a galaxy. 2) How are the various types of...
1) Examine and describe the concept of a galaxy. 2) How are the various types of galaxies similar and different? 3) Explain what a cosmic redshift is and how this provides evidence for the Big Bang Theory of the Universe?
Infections of various organ systems (urinary tract, skin, central nervous system, pulmonary system) may lead to...
Infections of various organ systems (urinary tract, skin, central nervous system, pulmonary system) may lead to the development of sepsis. The infections can be caused by both gram-positive and gram-negative bacteria. The sepsis is associated with the endotoxin from gram-negative bacteria and the superantigen toxins produced by gram-positive bacteria. Explain how release of the endotoxin leads to development of sepsis. Explain how superantigen toxins lead to development of sepsis. Explain how the sepsis, if severe enough, could result in septic...
2). What is an information system ? What are the parts of an information system ?
2). What is an information system ? What are the parts of an information system ?
What are the various options for acquiring a health care information system and the advantages and...
What are the various options for acquiring a health care information system and the advantages and disadvantages of each option? Discuss the key risks to a health care organization that fails to allocate sufficient support and resources to a newly implemented health care information system. Next, propose one (1) strategy to mitigate the risks in question. Provide a rationale to support your response
1. Demonstrate the use of an Eternal Blue attack on Windows system. 2. Recommend mitigation against...
1. Demonstrate the use of an Eternal Blue attack on Windows system. 2. Recommend mitigation against Eternal Blue attacks.
1. Define an information system, and list the components of the information system above? 2. Can...
1. Define an information system, and list the components of the information system above? 2. Can you make a functional decomposition to the information system above, and why? 3. Where is the automation boundary, and what part of the system is in and what part is out the automation?
1, examine the current scope of the US healthcare delivery system and its major stakeholders. 2,...
1, examine the current scope of the US healthcare delivery system and its major stakeholders. 2, consider the various national systems models as a framework for studying components of health services systems such as values, resources, processes and outcomes. 3, address the history of integration prevention component into the current system.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT