PHP Remote File Include (RFI) Essay

1. What is a PHP Remote rouse accept (RFI) contend, and why are these prevalent in todays Internet world? a. A Remote File include allows an aggressor to include a remote buck. This vulnerability is most often arrange on websites and is usually implemented through a script on the web server. 2. What country is the top host of SQL Injection and SQL Slammer contagious disease? Why cant the US Government do anything to forbid these injection attacks and infections? a. Peru.3. What does it mean to have a indemnity of Nondisclosure in an make-up? a. It means that certain information cant be make public under the companys policy. 4. What Trends were tracked when it came to Malicious code in 2009 by the Symantec account researched during this lab? a. Swifi, Interrupdate, Fostrem, Kuaiput, Mibling, Pilleuz, Ergrun, Bredolab, Changeup, Induc 5. What is Phishing? Describe what a true Phishing attack attempts to accomplish. a. Stealing online account information by posing as a leg itimate company. 6. What is the vigour Day Initiative? Do you destine this is valuable, and would you participate if you were the managing partner in a large firm? a. A program to reward security researchers for disclosing vulnerabilities. Yes. 7. What is a Server Side Include (SSI)? What are the ramifications if an SSI influence is successful? a. A Server Side Include is a ferment of adding content to an existing HTML page. 8. According to the Tipping stop Report researched in this lab how do SMB attacks measure up to HTTP attacks in the youthful past?a. There was almost a 60% shift from a SMB type attack, towards an HTTP-based attack. In addition, nearly 100% of the observed attacks are automated, botnet, or worm-based attacks. 9. According to the TippingPoint Report, what are almost of the PHP RFI payload effects DVLabs has detected this family? a. PHP Remote shoot-include attacks saw a steady overall downward trend, draw out for a massive spike in mid-year of 2010. 10. Explain the steps it takes to range a Malicious PDF Attack as described in the Tipping Point Report? a. tint 1 The attacker begins by using aright free attack software to create a malicious PDF accommodate that contains exploitation code. If this file away is opened on a dupe estimator with unpatched PDF reader software, this code will execute verifys of the attackers choosing. b. Step 2 The attacker loads the malicious PDF file 2 a third-party website. The attacker then loads the malicious PDF file on a publicly accessiblewebsite.c. STEP 3 The attacker now sends netmail to high-profile individual in the target organization, including corporate officers. This message contains a hyper sleeper to the attackers malicious PDF file on the external Web server. The e-mail message is finely tuned to each(prenominal) target individual with a pore effort to get the recipient to click on the link some other trusted site. The attacker does not include the malicious PDF file as an e-m ail attachment, because such attacks are more(prenominal) likely to be blocked by e-mail filters, anti-virus software, and other defenses of the target organization. d. Step4 The dupe in spite of appearance the targeted organization reads the e-mail, pulling down the attackers message with the link to the malicious PDF. The user reads the e-mail and clicks on the link. e. Step5 When the user on the victim machine clicks on the link in the e-mail message, the victims computer automatically gear upes a browser to fetch the malicious PDF file. When the file arrives at the victim computer, the browser automatically invokes the PDF reader program to process and display the malicious PDF file.f. Step6 When the PDF reader software processes the malicious PDF file for display, exploit code from the file executes on the victim machine. This code causes the system to launch an interactive command typeface the attacker can use to go over the victim machine. The exploit code also causes th e machine to make an outward connection back to the attacker through the enterprise firewall. Via this reverse shell connection, the attacker uses an outbound connection to gain inbound control of the victim machine. g. Step 7 With shell access of the victim machine, the attacker seek the system looking for sensitive files stored locally. After stealing some files from this premier(prenominal) conquered system, the attacker looks for evidence of other nearby machines. In particular, the attacker focuses on identifying mounted file shares the user has connected to on a file server. h. Step 8 After identifying a file server, the attacker uses the command shell to access the server with the credentials of the victim user who clicked on the link to the malicious PDF. The attacker then analyzes the file server, looking for more files from the target organization.i. Step9 Finally, with access to the file server, the attacker extracts a significant come in of sensitive documents, possi bly including the organizations trade secrets and business plans, in person Identifiable Information about customers and employees, or other important info the attacker could use or sell. 11. Whatis a Zero Day attack and how does this relate to an organizations vulnerability window? a. A Zero Day attack is an attack that exploits a security vulnerability the equivalent day it becomes public knowledge. This may cause an organization to have a wide vulnerability window since it is still unfamiliar of how to mitigate the thinkable intrusion. 12. How can you mitigate the risk from users and employees from clicking on an imbedded URL link or e-mail attachment from unknown sources? a. Create an Internet Usage polity stating against such actions. Another alternative or addition can be to block e-mail websites.13. When auditing an organization for accordance, what role does IT security policies and an IT security policy framework play in the compliance audit? a. The security apply to protect the company is changed and updated based on the policies that are in place. These policies mustiness include any and all parts of compliance requirements based on the type of organization. 14. When performing a security assessment, why is it a right-hand(a) idea to examine compliance in separate compartments like the heptad domains of a typical IT infrastructure? a. Its easier to manage the findings by each domain to minimize the chance of over-looking a compliance error. 15. True or False. Auditing for compliance and performing security assessments to achieve compliance requires a checklist of compliance requirements. a. True.