Problem
A. How does placing a Web server in a DMZ protect it from network-borne threats?
B. What are the five classes of attack possible on a Web server?
C. If cookies are so dangerous, why don't valid Web servers discontinue their use?
D. Can a Web-server session ID be stolen over the Internet?
E. Give a valid reason for why servers might be configured to collect information about their visitors.
Answer the following questions with True or False
• Wget is a tool that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet. True or False?
• Namedroppers is a tool that can be used to capture Web server information and possible vulnerabilities in a Web site's pages, which could allow exploits such as SQL injection and buffer overflows. True or False?
• Some cookies can cause security issues because unscrupulous people might store personal information in cookies that can be used to attack a computer or server. True or False?
• To limit the amount of information your company makes public, you should have a good understanding of what a competitor would do to discover confidential information. True or False?
• Network attacks often begin by gathering information from a company's Web site. True or False?
• The HTTP CONNECT method starts a remote Application-layer loopback of the request message.
Match each term with the correct statement below.
i. HTTP 400 Bad Request
ii. HTTP 403 Forbidden
iii. HTTP 404 Not Found
iv. HTTP 405 Method Not Allowed
v. HTTP 408 Request Timeout
vi. HTTP 500 Internal Server Error
vii. HTTP 502 Bad Gateway
viii. HTTP 503 Service Unavailable
I. Request not understood by server
II. Server received invalid response from upstream server
III. Request not allowed for the resource
IV. Server is unavailable due to maintenance or overload
V. Request could not be fulfilled by server
VI. Request not made by client in allotted time
VII. Server understands request but refuses to comply
VIII. Unable to match request.