Академический Документы
Профессиональный Документы
Культура Документы
1: Internet,
Data, and Data Breach
a) Some of the greatest risk’s businesses face when connecting to the Web
is packet sniffing and spyware. The reason why is because hackers try
to exploit websites all the times and steal customer information such as
credit cards, banks, personal information.
3. Why might connecting your web servers and web applications to the Internet
be like opening Pandora’s Box?
1
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet,
Data, and Data Breach
changes. As soon as a potential hacker has found a computer with such
a connection, the attacker will be able to return to it if it is using the same
IP address, placing it at greater risk of malicious intrusion.
2
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet, Data,
and Data Breach
4. What does the Skipfish application do, and why is it a good security tool for
web servers and web application testing?
a) Skipfish is a reconnaissance tools and its often used to crawl website
directories and producing a sitemap of the targeted websites. It is a good
security tool because it can perform security and vulnerability test.
5. What is tcpdump, and why is it a good tool for testing the Ubuntu Linux web
server and web application security?
a) Tcpdump is a common command line packet capture and analyzer tool
that enables security administrators to capture live TCP/IP packets and
review them later. It is good because it allows you to see if there is any
malicious activity on your network.
6. What does the Firefox Live HTTP Headers plug-in application do, and why is
this a good tool for web server and web application security testing?
a) The Live HTTP Header add-on allows users to view the HTTP header of
any page to assist in debugging web applications, detecting the type of
web server, and verifying what cookies, if there are any, are being sent.
Firefox Live HTTP headers is a good tool for conducting penetration test
because it can help in tracking rogue javascript code on servers.
14. What does use the -h switch for tcpdump and skipfish do?
a) Tcpdump -h and skipfish are used to open the online help manual for this
tool and verify that it is installed on the server. In Skipfish-h; you can
customize your HTTP requests, by using the -h option to insert any
additional, non-standard headers including an arbitrary User-Agent value.
15. What information can you determine from the ifconfig -a command?
a) ifconfig -a command, Is a command we use it to determine information of all
active or inactive network interfaces on server including Ethernet (eth1) and
local loopback (lo). The IP address of the web server is displayed after the
abbreviation inet addr in the eth1 section of the results. Eth1 is the internal
3
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet, Data,
and Data Breach
lab interface used to access TargetLinux01
4
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet, Data,
and Data Breach
Dogpile.com
Yes
InstantCheckmate.com
No
AlltheInternet.com
Yes
WhitePages.com
Yes
ZabaSearch.com
No
Your local government website
No
Facebook
Yes
LinkedIn
Yes
Twitter
No
2. Was there enough personal information returned that could potentially be used for
identity theft? Explain why or why not.
a) No because Not an enough of my personal information came up from those
websites. Basically, just my names and age and some my old address.
5
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet, Data,
and Data Breach
3. How can identity thieves take advantage of social networking users to steal
personal information?
a) Identity thieves can take advantage of social networking users to steal
personal information because they can pretend to be a friend or
someone you know that could ask for your personal information without
you been questioned.
5. What is a security feature you should always look for in any website that will ask
for personal information to share with others?
a) A feature that you should look for is that they are secured
through security certificates such as SSL and now TLS.
6. What implications can the social networking sites have for job applicants?
a) The implications can be that recruiters may use the social media profiles to get
an idea of your character and your personality.
6
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet, Data,
and Data Breach
7. What is the risk of combining your family and personal friends with your business
contacts and associates?
a) The risk of combining your family and personal friends with your
business because you be by posting things you wouldn't want
business contacts and associates to see.
8. What type of personal information could an attacker obtain from a user profile on
LinkedIn.com that he or she could use for identity theft?
a) Contact information and business associates as well as job information.
7
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet, Data,
and Data Breach
11. What are some options if you wish to continue using Twitter.com, but need to
protect the information you send from public view?
a) You can choose the option mute an account and unmute it any time if you
wish to continue using Twitter.com to protect the information you send
from public view.
b) Sensitive media: You can adjust your settings so that only people you
know can see what you post instead of anyone and everyone.
12. List the type of information you can obtain from a background search on sites such
as InstantCheckmate.com.
a) You can obtain a person's available public record information, email
addresses, phone numbers, mailing addresses, social media profiles, criminal
records, and more.
8
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet, Data,
and Data Breach
9
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet, Data,
and Data Breach
2. What is the purpose of performing ongoing website traffic analysis and web
trending analysis on production web servers and websites?
a) The purpose is to collect data that can be processed to produce web
traffic reports.
3. How can tcpdump be used as a critical web server tool for conducting ongoing
traffic monitoring and traffic analysis?
a) To define filtering rules so that you get exactly the traffic you want to see.
10
CYB 510. This Word Doc includes 3 assessment worksheets for Week 3 Lab 3.1: Internet,
Data, and Data Breach
4. According to the Live HTTP Headers add-on, what is the user-agent used by
the client browser?
a) It refers to the yourname_S1_SmithyHeader.txt file
a) The webtrends tool allows users to enhance their web analysis reports by
giving them complete control over the data used to
generate Webtrends reports
11