CIS 502 WK 2 Assignment 1 - Web Server Application Attacks

Assignment 1: Web Server Application Attacks

Due Week 2 and worth 110 points

It is common knowledge that Web server application attacks have become common in today’s digital information sharing age. Understanding the implications and vulnerabilities of such attacks, as well as the manner in which we may safeguard against them is paramount, because our demands on e-Commerce and the Internet have increased exponentially. In this assignment, you will examine the response of both the U.S. government and non-government entities to such attacks.

To complete this assignment, use the document titled “Guidelines on Securing Public Web Servers”, located at http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf, to complete the assignment. Read the Network World article, “40% of U.S. government Web sites fail security test” also, located at http://www.networkworld.com/news/2012/031512-dnssec-survey-2012-257326.html.

Write a three to five (3-5) page paper in which you:

1. Examine      three (3) common Web application vulnerabilities and attacks, and      recommend corresponding mitigation strategies for each. Provide a      rationale for your response.
2. Using      Microsoft Visio or an open source alternative such as Dia, outline an      architectural design geared toward protecting Web servers from a commonly      known Denial of Service (DOS) attack. Note: The      graphically depicted solution is not included in the required page length.
3. Based      on your research from the Network World article, examine the potential      reasons why the security risks facing U.S. government Websites were not      always dealt with once they were identified and recognized as such.
4. Suggest      what you believe to be the best mitigation or defense mechanisms that      would help to combat the Domain Name System Security Extensions (DNSSEC)      concerns to which the article refers. Propose a plan that the U.S.      government could use in order to ensure that such mitigation takes place.      The plan should include, at a minimum, two (2) mitigation or defense      mechanisms.
5. Use      at least three (3) quality resources outside of the suggested resources in      this assignment. Note: Wikipedia and similar Websites do      not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be      typed, double spaced, using Times New Roman font (size 12), with one-inch      margins on all sides; citations and references must follow APA or      school-specific format. Check with your professor for any additional      instructions.
• Include      a cover page containing the title of the assignment, the student’s name,      the professor’s name, the course title, and the date. The cover page and      the reference page are not included in the required assignment page      length.
• Include      charts or diagrams created in Visio or an open source alternative such as      Dia. The completed diagrams / charts must be imported into the Word      document before the paper is submitted.

The specific course learning outcomes associated with this assignment are:

• Define      common and emerging security issues and management responsibilities.
• Evaluate      an organization’s security policies and risk management procedures, and      its ability to provide security countermeasures.
• Use      technology and information resources to research issues in security      management.
• Write      clearly and concisely about the theories of security management using      proper writing mechanics and technical style conventions

   n