Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-

ID: 3815295 • Letter: H

Question

https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

After reading the Word document titled "The Dangers of Hardcoded Credentials in Web cfg Files", write a post answering the following two questions. 1) This is a very widely known problem in cybersecurity, but an enormous number of websites are estimated to still be vulnerable. What do you think are the top 2 or 3 reasons that this is the case? 2) Pretend you are the manager of a large website production and management company. What 2 or 3 steps would you take to make sure that the websites your staff develops do not have this vulnerability? Please respond with your discussion post of at least 300 words

Explanation / Answer

Top vulnerabilitites that occur due to incorrect configurations on "web.config files" :

Incorrect configurations on "web.config files" leads web sites to application security holes such as
a) Session hijacking
b) Cross-Site Scripting attacks
c) Disclosure of private data to attackers.
d) In addition to this "Web.config files" were designed to be changed at any time. Any well-intentioned system admin could get hold of application security measures and open the Web site to attack just by modifying the configuration file. A single change to the "global Machine.config file" could affect the website.
e) Enabling cookieless authentication leads to session hijacking and problems with application security.
f) Another important reason for vulnerability is "failure to require SSL for authentication cookies" as web applications use the SSL protocol to encrypt data passed between the Web server and the client we must ensure that the attackers using network sniffers will not be able to interpret the exchanged data.
g) Storing login credentials in plaintext in a configuration file is not at all secure. Anyone having read access to the "Web.config file" could access the authenticated Web application and it is compromised.

Steps to prevent from vulnerabilities :

a) The most secure way to store login credentials is to remove the credentials element from "Web.config files" in production applications.
b) Reconfiguration of affected application can be done to avoid the use of weak ciphers.
c) Root user must not be able to login from a remote console because the login command is part of the authentication process to access a local account.
d) Use programs like "logcheck" and swatch to filter out the suspicious entries in the log files.
e) Disable all unessential services by using the "chkconfig off" command

Related Questions

https://www.math... p-ad @ Do Homewo..·? File Edit View Favorites Tools Help ?1,
Question #2909820
https://www.mathadl.com/Student/PlayerTest.aspx?testld-123933873&centerwin; yeså
Question #3127863
https://www.mathal.con/Student/Playert Horne 500474 MATH 152 Statistics Fall 201
Question #3069594
https://www.mathed.com/ statistics 5th Edition Teat est aspx?testlda 152372974 S
Question #3230440
https://www.mathl. ciples of Managerial Accounting Web Summer 20 est: Exam 2 Tim
Question #2397993
https://www.mathod.com/Student/Player Test.aspxttestid-175068295& centerwin yes
Question #3039972
https://www.mathodl.com/st Math 152 IN Statistics I (Summer 2018) Lorl Somers&1
Question #3369589
https://www.mathud.com/Student/PlayerHom ework.aspx?homeworkld-445141939&questio
Question #3316359

Navigate

Previous
https://www.ngdc.noaa.gov/mgg/image/crustalimages.html. Use this link to answer
Next
https://www.nngroup.com/articles/usability-101-introduction-to-usability/ 7. Sup

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.