Introduction to Ethical Hacking
Temple University

Week 12 Reading Summary, Question, and recent Cyber Security News…

Published November 11, 2015 | By Paul V. Ihlenfeld
  1. Summarize one key point from each assigned reading…

1A. Regarding “web services security” info (other outside component web app services providing info to larger web sites all previously operating over non-secure HTTP), can be vulnerable to following cyber attacks: DoS, spoofing, firewall bypass, etc.  One excellent way to protect HTTP traffic is to employ encrypted transport links with SSL/TLS over HTTPS.

1B. Regarding “XML web services & web application security” info (highly distributed, inter-operable, easy-to-use, and very customizable web components all previously running over HTTP) were vulnerable due to initial poor infrastructure designs & implementations with less secure standards.  IPSec is one security technology that can be used to secure XML web service applications whenever common end points are known initially (example here would be working with 3rd party online vendors within larger online organizations.)

  1. Question to classmates (facilitates discussion) from assigned reading…

Which “web services” technology have been most vulnerable to cyber attacks, and how to best provide security for these web services?

*Answers: The poorly designed & implemented web services applications which also initially did not include encrypted end-to-end links. For more info on “ten ways to secure web services”, review info from the following tech site…

www.zdnet.com/article/ten-ways-to-secure-web-services/

… “secure the transport layer HTTP (SSL/TLS over HTTPS), IPSec, firewall filtering, etc.”

  1. Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately

“US government has shown its mandate on backing HTTPS across its Federal websites and web services (reported on eHackingNews.com on 6/19/2015)…

www.ehackingnews.com/2015/06/us-government-is-moving-to-https.html

… as it will make the access safer for anyone using the government sites… according to the US Chief Information Officer, HTTPS only assures the reliability of the connection between two systems (not designed to protect web servers from being hacked)… an HTTPS-only standard will help to create a stronger privacy standard government-wide (data browser identity, website content, search terms, and other user-submitted information)… US government is moving to HTTPS everywhere on all public gov sites by 12/31/2016.”

Posted in | Tagged , ,

Leave a Reply

Your email address will not be published. Required fields are marked *