Web Server Application Attacks - Assignment Example

This keeps the web application safe from malicious user inputs. Session Security Vulnerabilities. When session ID’s are sequential and persistent or when session tokens are not protected, one user may access another user’s data through assuming the other user’s identity. To mitigate this, session ID’s must be random and must expire when a user logs out of the session. Session tokens must be protected and invalidated when the user logs out. 3. Authentication Vulnerabilities When server does not authenticate a user before giving him access to a web application, he may gain access to sensitive information and mishandle it.

To counter this problem, the user must apply authentication rules like HTTPS. User must ask for authentication after specified intervals. Access control must also be implemented. Part 2 Protecting Web Servers from Denial of Service (DoS) Attacks Denial of Service (DoS) attacks prevent web servers from serving websites to genuine users. These attacks are, mostly, targeted toward professional websites run by political or other important organizations, in order to hinder their web presence to their clients and users (AppliCure Technologies, 2013).

However, small businesses are also not free of such threats. The websites cease to operate partially or fully. A DoS intrusion detection architectural design is a must-use in order to prevent such attacks. Mell, Marks & McLarnon (2000) have discussed this architecture in their article, in which intrusion detection software (IDS) components are hidden from the attacker. In case the attack is successful, IDS components are shifted from the attacked host to functional host, where they counter with the attack successfully.

This is done by by using mobile agent technology and network topology features. The communication between various IDS components is also restricted (Mell, Marks & McLarnon, 2000). Part 3 a. Basic motivation behind the attack on the Justice Department, as hackers themselves stated, was that they wanted to “release government data” (Zabarenko, 2013, para.1). They were also outraged over the death of the late computer prodigy Aaron Swartz, who had committed suicide on January 11 this year. He had been facing trial for stealing millions of online JSTOR articles. b. I would have used Ping of Death, as it is a dummy ICMP packet receiving fragments of ping, and resembles the real packet.

It becomes too big for the buffer once reassembled, which starts overflowing, and thus, the system hangs (Canavan, 2001, p.39). I would use this because there are freely available source code examples on the internet for Unix to create large ping packets. It is very easy to ditch the user through fake ping packet. c. Web server application attacks are not as easy as they may seem, because there are many different kinds of anti-virus softwares, intrusion detection softwares, and user input detection and encoding softwares that are being implemented nowadays.

These special softwares make it very hard for the attackers to succeed in their attacks. Part 4 To maintain a secure web presence, Federal government organizations need to maintain special mitigation strategies. Designing an information security policy is the first step towards the implementation of information security (Danchev 3). A security policy acts as a centralized crucial document that will help in eliminating the risk of security breaches by securing the confidential information stores from getting disclosed to unauthorized persons.

It defines the importance of a