Free Essay

Attack Prevention

In:

Submitted By eagledyami
Words 735
Pages 3
Attack Prevention Paper The article that was chosen for the review was Simple Cross-Site Attack Prevention by Florian Kerschbaum. This article covers what a cross-site attack is, how attackers use them and how vulnerable web applications can be. In this paper we will look at what the problem is as the original author sees it. We will also look at resolutions that could be done to prevent this kind of attacks. In this article the author explains how a simple cross-site attack can take place and goes on to explain what a solution for this problem is. This article starts out by explaining what a cross-site attack is and how they take place with some examples. According to Kerschbaum “A reflected cross-site scripting attack or cross-site request forgery attack occurs when a user follows a malicious link. This link has been tainted with some input that exploits vulnerability on the target web site, such that a script can execute in the security context of the user’s browser and the target web site” (Kerschbaum, n.d., para. 13). In this article the author clearly states the problem and the seriousness of the problem. The author covered the information from a technical perspective but was able to describe the problem in every day terms so that the end users could understand the issues and the solution to the issue that would resolve the problem. These examples are thing that we still see today from the fake e-mails that send a person out to a site for them to login. Once they login it takes them to the site that they thought they were going to but at the same time the script has sent their username and password to another site, which just gives the attacker your information to login to your account anytime they want to. One example that most people have seen or heard of is the fake emails from Ebay or Paypal that tells you that you need to login to check your account for one reason or another and gives you a link to go to the site. The only issue is the link that you see is not the site that you are going to but the web developers have coded the site in a way that the end user thinks they are on the site. Then when the end user logs in the fake site sends the end user to Ebay or Paypal and at the same time sends the username and password to another site to record the information. In the computer service field you hear about this all the time when an end user calls a help desk and tries to find out what has happened to his or her money that they had on Paypal. Most of the time Paypal cannot do anything about it except to have you change your password. Paypal also put out emails and messages on their website to let all end users know that Paypal will never send you a link to their website. If Paypal needs you to login they will just tell you to login in by going to their website this way they know that you are typing the web address into the browser to get to the site. The author gives a sound conclusion stating the problem and a description one how to resolve the issue. The author urges other companies of all sizes to use the same algorithm that his company uses to prevent these types of attacks from happening. When reading this article this author could see the relevant to today’s users and how these attacks are still happening. Everyone that reads this article should come away with knowledge of what cross-site attacks are and how to prevent them from happening. This author has since this article to a few of the end users that he knows that have be attacked by this kind of attack. One end user that this article was sent to could read the article and understand most of what the article was covering and could see where they were attacked before. This article would be a good article for any end user or company information technology department members to read.
References
Kerschbaum, F. (n.d.). Simple Cross-Site Attack Prevention. Retrieved from http://www.cs.bham.ac.uk/~tpc/cwi/Teaching/MASPPapers/XsiteAttacks.pdf

Similar Documents

Free Essay

Attack Prevention

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...

Words: 736 - Pages: 3

Free Essay

Cyber Attack Prevention

...Cyber-Attack Prevention As cyber-criminals become cleverer with the cybercrimes, more and more individuals are in danger of a cyber-attack. The threats become more intense and damaging as technology grows. Often times, home users think computing and surfing the Internet is safe when at home. It is a necessity to be aware of the prevention methods whether at home or at work. To further the comprehension of cyber-attack prevention, an article is chosen and an evaluation is the article. The evaluation of an article will include a stance on the quality of the material, selections of various aspects, descriptions of each aspect, reasons for an individual viewpoint, and an example. Article Summary Home users need to practice prevention methods when using the Internet at home. Cyber-criminals’ methods and targets have evolved (Damico, 2009). Several home users may not be aware that any connection to a network is networked activity and requires some measure of protection. According to the Damico (2009) article, a prevention system must identify and stop malicious attacks before they do damage and have a chance to infect a system. It is not only imperative to use prevention methods, but also it is imperative to understand prevention methods. Technology prevention methods will no longer be adequate to protect against the modern cyber-criminals of today. Material Quality The quality of the material is credible. The article is valid. The author uses more than one in-text citation...

Words: 722 - Pages: 3

Premium Essay

Attack Prevention Paprer

...Attack Prevention Paper Introduction Cyber-attacks which are exclusively performed for the only objective of information collecting vary from monitoring the activities which a user makes to copying vital documents included in a hard drive. While those which do harm generally involve monetary thievery and interruption of services. Cyber-attacks are a slowly growing situation which is based on technology. The secret to avoiding this kind of attack is in the applications and programs which one uses for protection which identifies and informs the user that an attack is certain generally known as Cyber Warfare. As stated in the 1st explanation. However dependence and reliance aren't the only items which technology provides. Or an effort to monitor the online moves of people without their permission as the sophistication of cyber criminals continues to increase; their methods and targets have also evolved. Instead of building the large Internet worms that have become so familiar, these criminals are now spending more time concentrating on wealth gathering crimes, including fraud and data theft. An online article from Cyber Media India Online Ltd., suggests that because home users often have the poorest security measures in place, they have become the most widely targeted group. Cyber Media states that 86% of all attacks are aimed at home users (2006). As attacks on home users increase, new techniques are surfacing, including the use...

Words: 951 - Pages: 4

Premium Essay

Attack Prevention Paper

...Attack Prevention Paper Introduction Cyber-attacks which are exclusively performed for the only objective of information collecting vary from monitoring the activities which a user makes to copying vital documents included in a hard drive. While those which do harm generally involve monetary thievery and interruption of services. Cyber-attacks are a slowly growing situation which is based on technology. The secret to avoiding this kind of attack is in the applications and programs which one uses for protection which identifies and informs the user that an attack is certain generally known as Cyber Warfare. As stated in the 1st explanation. However dependence and reliance aren't the only items which technology provides. Or an effort to monitor the online moves of people without their permission as the sophistication of cyber criminals continues to increase; their methods and targets have also evolved. Instead of building the large Internet worms that have become so familiar, these criminals are now spending more time concentrating on wealth gathering crimes, including fraud and data theft. An online article from Cyber Media India Online Ltd., suggests that because home users often have the poorest security measures in place, they have become the most widely targeted group. Cyber Media states that 86% of all attacks are aimed at home users (2006). As attacks on home users increase, new techniques are surfacing...

Words: 951 - Pages: 4

Premium Essay

Attack Prevention

...Attack Prevention Nicole Stone University of Phoenix Introduction to Information Systems Security Management CMGT/441 Anthony Seymour March 03, 2012 Attack Prevention The article that will be reviewed is entitled “Help Combat Cyber Attacks with These Steps” written by Chris Mead. This article covers many topics on how a business or government agency can be damaged by a cyber-attack and what should be done to prevent this from happening. Cyber-attacks can “inflict economic damage, disrupt a company’s operation and harm to its reputation” (Mead, 2011, para. 1). The different types of attacks are discussed such as; intellectual property theft, fraud, attacks upon infrastructure, and telecommunications. This article also stresses the importance of getting employees involved in the fight against these types of attacks by keeping all employees trained in information security policies and procedures. Some businesses may even require the assistance of the government in fighting off these attacks, and getting them involved if an attack does occur. Intellectual property theft is “robbing people of their ideas, inventions, and creative expressions—what’s called intellectual property—everything from trade secrets and proprietary products and parts to movies and music and software” (FBI, n.d., para. 1). The U.S is known for having cutting edge ideas, therefore making them vulnerable to these types of threats. That is why the FBI has made it a top priority to fight against...

Words: 998 - Pages: 4

Free Essay

Attack Prevention

...Attack Prevention Delontey Mango CMGT441 May 31, 2011 Robert Markovic Attack Prevention The following paper will try to answer and explain the importance of protection and address antivirus software’s that prevents viruses from attacking personal and corporation computers. Protecting personal and corporate computer at home or office is very important. It comes to the IT community that no matter how hard a client tries or do viruses will intrude his or her network one day. The importance of virus prevention is to save data and hardware. The software companies give clients tools and directions on how to prevent virus from attacking computers. Antivirus software can prevent some but not all viruses from attacking. The article states “It is a sort of “sleuth and burglar” game being played by antivirus and virus producers. The most and ever updated antivirus, shields you against all defined threats till that time. You can subscribe to auto update feature which works for you behind the screens giving the best possible protection when you go online” (Secureurpc, 2010). This protection software advises the client about suspicious files. When a client cannot catch or kill a worm know as a virus, this software will allow the client to quarantine and run a full scan of the network. Spyware prevention and pop up blockers helps in preventing viruses on a network. As soon as a client connects to the Internet spyware is the automated software that launches and display a report...

Words: 680 - Pages: 3

Premium Essay

Attack Prevention Article Evaluation

...Attack Prevention – Article Evaluation At every level of an organization’s structure there is a constant treat of attacks from numerous sources which can include but not limited to spyware, network policies, weak password, and personell lack of training. To analyze this attack rick prevention topic I chose an article from Information today by Phillip Britt titled “Data Security: an Ounce of Prevention”. This article captures the readers attention by using and example of a real incident in which a laptop was stolen from an individual who worked for Aetna and had about 38,000 personal files information from clients which included their social security numbers. With this example the author emphazises the need for stricter security measures and informs the readers how can they protect the information on their computers whether it is a personal computer or a laptop. The article highlight some of the major computer and system attack prevention methods in a condense but precise way from the top security experts. It advises the organizations to constanly educate the user about security issues with the machines and the information they manipulate on them. Recommends assigning security responsibility by someone in the firm or a third party vendor and establish and enforce user policies which include acceptable use of instant messaging, internet and other eqipment that may be available. A firewal it a must in the recommendation, since it will look for abnormal behavior in the...

Words: 448 - Pages: 2

Premium Essay

Health Promotions

...providing education to patients, but it requires providers and individuals to be assertive in making decisions. First, factors affecting the health care system must be recognized, then strategies for resolutions must be identified, finally individuals and communities must be active and take proper actions for solutions. Regardless of health conditions, health promotion is essential for acquiring and maintaining a better quality of life. Levels of Health Promotion The promotion of health includes preventing any discrepancies in healthy living. There are three levels of prevention involved in health promotion which include primary prevention, secondary prevention, and tertiary prevention. Each level of prevention has goals for promoting healthy lifestyles. Nurses will encounter many different implementation methods depending upon the level of health promotion. To begin with, “primary prevention precedes disease or dysfunction,” (Edelman & Mandle, 2010). The goal is to protect healthy people from becoming ill or developing a disease. A nurse’s responsibilities involving primary health promotion would include identifying those at risk, educating, and providing protection from injury or disease. An article concerning women’s heart health was reviewed to...

Words: 1085 - Pages: 5

Free Essay

Paper

...1. Fill out the table below according to the Forms of Prevention Review. (5) | Primary Prevention | Secondary Prevention | Tertiary Prevention | Description of Patient | Healthy showing no signs or risk factors | Has risk factors, showing early stages of disease, outwardly healthy but inwardly unhealthy | Has full blown disease with apparent signs and symptoms | Stage of Natural History of Disease | Pre-disease stage – no disease present | Asymptomatic/latent stage, showing no outward signs or symptoms | Symptomatic/disease stage showing outward signs and symptoms | Goal of Prevention | Prevent risk factors and retain healthy status | Aimed at preventing disease and reduce the risk factors already present | Preventing complications of disease/slow down or stop progression of disease |   2. Provide 3 clinical scenarios or examples of Primary Prevention interventions. (5) Each scenario should include all 3 criteria from the table above- description of patient, stage of natural history of disease and goal of prevention. 1. Patient is a 3-year old girl who is in the 65th percentile for height and weight, showing no signs of any illness. Mother vaccinates child with the MMV vaccine to prevent her from contracting the diseases before entering school. 2. Twenty-two year old healthy college senior is traveling to Haiti for a mission trip, and begins taking Malarone to prevent herself from contracting malaria while she is there. She continues to take the medication for...

Words: 648 - Pages: 3

Premium Essay

Respiratory Health

...be caused by bacteria, viruses, and other microbial organisms that invade the body. Pneumonia has the potential to be an advantageous disease in that it can attack when the body is infected by another microbial, such as a upper respiratory infection (Kid’s Health, 2011). Pneumonia can also be contracted by inhaling a liquid or chemical into the lungs (National Institutes of Health [NIH], 2014). Pneumonia may affect anyone from children to adults. This disease can be prevented and treated. Disease Prevention Type Pneumonia falls under more than one prevention type category. Primary prevention of pneumonia in the form of vaccines is an effective method among children and the elderly. The infant vaccine series of the pneumococcal vaccine, Prevnar, has been incorporated into the Centers for Disease Control and Prevention’s recommended immunizations for infants between ages two months and eighteen months (Centers for Disease Control and Prevention [CDC], 2014). Other vaccines also contribute to prevention including Hib, Flu, and Pertussis (CDC, 2014). Because they're at higher risk for serious complications, infants born prematurely may be given treatments that temporarily protect against RSV, which can lead to pneumonia in younger kids (Kid’s Health, 2011). Hand washing and proper cleaning habits are also primary prevention methods against pneumonia. Hand washing help prevent direct contamination from hand contact and is critical especially when in contact with someone with the...

Words: 845 - Pages: 4

Premium Essay

Literature Review

...nurses working in the community and public health specifically, can affect care and treatment of pts. Public health nurses (PHN) with appropriate skills can improve the health of communities and populations. Promoting health is complex and nurses require a range of knowledge, skills and experience to become competent health promoters. Nurses in this role can affect positive health outcomes and improve quality of life by increasing a patient’s knowledge of their condition and supporting them in self-management.        Nursing programs need to incorporate a greater emphasis on health promotion as there will be a greater need in the future for this type of work. PHN roles are evolving and a main focus is community health promotion and prevention, thus providing new opportunities and job diversity, PHN serve communities and are population-focused. Unique knowledge, competencies, and skills of the PHN are required for this role that encompasses organizing...

Words: 939 - Pages: 4

Free Essay

Crowdstrike Matewr

... TRADITIONAL SECURITY SOLUTIONS ARE NOT ENOUGH Your current security measures only solve part of the problem. They are focused on detecting malware, but advanced attacks now rely on sophisticated techniques that go beyond malware. YOUR SECURITY SYSTEMS CAN’T STOP WHAT THEY CAN’T SEE. WHY CURRENT TECHNIQUES ARE FAILING: Traditional approaches only address the 40 percent of breaches that use malware They don’t enable proactive hunting to find and block adversary activity Most security tools only address part of the cyber ‘kill-chain’ When existing approaches fail, they provide no visibility, resulting in ‘silent failure’ IT’S TIME FOR A NEW APPROACH FALCON: THE BREACH PREVENTION PLATFORM Cloud Delivered NEXT-GEN AV EDR MANAGED HUNTING Continous Breach Prevention CrowdStrike has revolutionized endpoint protection by combining three crucial elements: next-gen AV, endpoint detection and response (EDR), and a 24/7 - managed hunting service — all powered by intelligence and uniquely delivered via the cloud in a single integrated solution. Falcon uses the patented CrowdStrike Threat Graph™ to analyze and correlate billions of events in real time, providing continous breach prevention and five-second visibility across all endpoints. WHY CROWDSTRIKE? Prevent Attacks – Both Malware and Malware-free – that Your Existing Security Tools Can’t Stop 5-Second Visibility to Discover and Investigate Current and Historic Endpoint Activity ...

Words: 535 - Pages: 3

Premium Essay

Unit 4 Discussion 1 Is 3230

...information assets such as customer data, birth dates, ethnicities, learning disabilities, as well as test performance data, the risk of a data breach is very likely than ever before. To monitor and protect information from hackers, malicious and well-meaning insiders, EducationS will need to select solutions based on an operational model for security that is risk-based and content-aware. Stop incursion by targeted attacks- To prevent incursions, it is necessary to shut down each of these avenues into the organization’s information assets. Core systems protection, IT compliance controls assessment automation, and endpoint management, in addition to endpoint, Web, and messaging security solutions, should be combined to stop targeted attacks. (Why) Because the top four means of hacker incursion into a company’s network are through exploiting system vulnerabilities, default password violations, SQL injections, and targeted malware attacks  Identify threats by correlating real-time alerts with global intelligence- To help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. (Why) The value of such real-time alerts is much greater when the information they provide can be correlated in real time with current research and analysis of the worldwide threat environment.  Proactively protect information- You must accurately identify and proactively protect your most sensitive information...

Words: 460 - Pages: 2

Premium Essay

Health Promotion

...Health Promotion Review of Literature Introduction Optimum health is an important resource for personal, social and economic development. The goal of achieving optimum health for all is only imaginable by the joint effort of not only the health sector but also government and non-governmental organizations, media and for the most part individuals and the community. Health promotion emphases on accomplishing parity in health and its deed targets at dropping variances in present-day health status and safeguarding equal opportunities and resources to empower all individuals to attain their fullest wellbeing. The focus of health promotion has flourished from disease prevention to promoting wellness and improving living standards. According to World Health Organization “health promotion is the process of enabling people to increase control over, and to improve, their health. It moves beyond a focus on individual behavior towards a wide range of social and environmental interventions”. The chief objective is to increase health awareness among individuals, families and community through providing of information and health education thereby making them responsible for their own health, the health of others in the community and be responsible conserving the natural environment around them. Nurses are involved in promoting health whether in a hospital or in the community. They play an active part in all phases of care, to inspire and aid an increasing state of wellbeing...

Words: 2241 - Pages: 9

Premium Essay

Health Promotion

...Running head: HEALTH PROMOTION 1 Levels of Health Promotion Latha Verson Grand Canyon University Health promotion, also known as prevention, has always been prevalent in health care. It has always been considered better to stop an illness from occurring rather than treating it once it has. But that is not the extent of health promotion. Health promotion is the provision of information and education of individuals and families (Unknown, 2012). As stated by the World Health Organization, health promotion seeks to give an individual control over their health. In health promotion, the actions taken are not limited to just individuals, but also extends to the community, environment etc (Unknown, 2012). Prevention also involves taking control of the determinants of health like the community, economics, environment (Unknown, 2012). Every state, county, town, has its own different approaches to health promotion. But mainly, they revolve around improving personal health, clean environment, strong community and better personal skills (Unknown, 2012). Health promotion is extremely important in the nursing field. Nurses are usually the primary care givers in a medical setting and have direct contact with the patients. Nurses can spread the message that prevention is better than the cure. They can bring across the point that prevention is more cost effective and can provide a better life for patients. They can help to prevent diseases from occurring and spreading and can advocate...

Words: 1152 - Pages: 5