case18soln

case18soln - ESD264/1.264 Lecture 18 case studies Fall,...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
ESD264/1.264 Lecture 18 case studies Fall, 2006 3. Network attack and defense Many (most?) companies guard against network attacks by using firewalls and SSL encryption on their financial traffic on the World Wide Web. Use the ‘Top vulnerabilities’ slide from lecture 18, which is more up to date than Anderson’s list in chapter 18, as one of the sources of information to answer this question. a. List at least four significant risks that this strategy does not address. 1. Weak passwords. 2. Program bugs, particularly stack overflows: Operating systems (Windows, Linux) Middleware (Microsoft COM, ActiveX in particular; Windows libraries) Office suites (MS Office, Outlook, but others also) Applications (including antivirus software) Web software (Internet Explorer, PHP) Databases (SQL injection) 3. Instant messaging, P2P networks, media players: programs likely not authorized to be on corporate or organization machines, introducing viruses, worms, etc. (Your firewall may block some of
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/06/2011 for the course ESD 1.264j taught by Professor Georgekocur during the Fall '06 term at MIT.

Page1 / 2

case18soln - ESD264/1.264 Lecture 18 case studies Fall,...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online