Assignment 1: Web Server Application Attacks
Due Week 2 and worth 110 points
It is common knowledge that Web server application attacks have become common in today’s digital information sharing age. Understanding the implications and vulnerabilities of such attacks, as well as the manner in which we may safeguard against them is paramount, because our demands on e-Commerce and the Internet have increased exponentially. In this assignment, you will examine the response of both the U.S. government and non-government entities to such attacks.
To complete this assignment, use the document titled “Guidelines on Securing Public Web Servers”, located at http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf, to complete the assignment. Read the Network World article, “40% of U.S. government Web sites fail security test” also, located at http://www.networkworld.com/news/2012/031512-dnssec-survey-2012-257326.html.
Write a three to five (3-5) page paper in which you:
- Examine three (3) common Web application vulnerabilities and attacks, and recommend corresponding mitigation strategies for each. Provide a rationale for your response.
- Using Microsoft Visio or an open source alternative such as Dia, outline an architectural design geared toward protecting Web servers from a commonly known Denial of Service (DOS) attack. Note: The graphically depicted solution is not included in the required page length.
- Based on your research from the Network World article, examine the potential reasons why the security risks facing U.S. government Websites were not always dealt with once they were identified and recognized as such.
- Suggest what you believe to be the best mitigation or defense mechanisms that would help to combat the Domain Name System Security Extensions (DNSSEC) concerns to which the article refers. Propose a plan that the U.S. government could use in order to ensure that such mitigation takes place. The plan should include, at a minimum, two (2) mitigation or defense mechanisms.
- Use at least three (3) quality resources outside of the suggested resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
- Include charts or diagrams created in Visio or an open source alternative such as Dia. The completed diagrams / charts must be imported into the Word document before the paper is submitted.
The specific course learning outcomes associated with this assignment are:
- Define common and emerging security issues and management responsibilities.
- Evaluate an organization’s security policies and risk management procedures, and its ability to provide security countermeasures.
- Use technology and information resources to research issues in security management.
- Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions.
Click here to view the grading rubric for this assignment.