Answer the following questions. Each question response should be at .docx
- 1. Answer the following questions. Each question response should be at least 1 page, and answer each question fully. Question 1: Topic: Common Software Vulnerabilities Most cyber-attacks happen because vulnerabilities in system or application software. Buffer Overflow, SQL Injection, Code/OS Command Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery and Race Conditions are very common vulnerabilities. (Refer to both NIST/DHS and MITRE databases of common vulnerabilities (http://nvd.nist.gov/cwe.cfm; http://cwe.mitre.org/top25/).) For this conference, explain what a specific vulnerability is, describe a famous attack that leveraged it (For example, the Morris worm leveraged the buffer overflow vulnerability), and how it can be prevented/minimized. Question 2: Topic: Database Security In this session, you learnt a lot about database security. We will focus three topics for this conference: (1) Inference in ordinary databases or statistical databases, (2) database privacy (through encryption), and (3) cloud security. Please pick one of these three topics and explain in your own words what the problem or issue is, how the issue is being addressed and some of the concerns with the solutions being proposed. Question 3: Topic: Attacks on Networks In this conference, we will focus on typical attacks in the Internet affecting confidentiality, integrity and availability at various layers: Layer 1: Physical; Layer 2: Link; Layer 3: Network; Layer 4: Transport, and Layer 5: Application. (This is IP Layering; in IP layering, roughly Session, Presentation and Application of the OSI layers are combined into a single
- 2. Application layer). Pick one layer and describe typical attacks in that layer and the controls that are employed in the layer to minimize the attack or vulnerability that leads to the attack. For example, in the link and network layers, there can be packet sniffing attacks, in the IP (network layer), there could be spoofing attacks, and in various layers, there could be denial of service attacks. Be as specific and as complete as possible and cite your reference materials in your response.