Case Project 12-1: Web Server Security Analysis A challenge that faces the infor

Question

Case Project 12-1: Web Server Security Analysis A challenge that faces the information security community is to make sure their organizations’ top decision makers understand the importance of effective security policies. Understandably, managers who are responsible for an organiza- tion’s financial stability want to ensure that investments in “nonrevenue” activi- ties are necessary and effective. In many ways, the field of information security is in its infancy; practitioners do not have a long history of research that indicates the most effec- tive security countermeasures against specific threats. Also, the threats are constantly changing. As new generations of information security workers secure digital assets, they will also need to create a solid body of research-based evidence to support the practices they recommend. In this project, you read and summarize a research project that addresses Web server security. Go to www.sans.org/reading_room/whitepapers/webservers/comparative-study- attacks-corporate-iis-apache-web-servers_33734. Read the entire article, including the appendices. Answer the following questions:

1. What was the purpose of the research project?

2. What did the research demonstrate about the relative security of the IIS and Apache software?

3. What do you think detracted from the credibility of the report?

4. What were the main findings of the study?

5. What did the results of the study imply about the frequency of automated attacks versus the frequency of manually controlled attacks against Web servers?

6. Based on the results of the study, what policies and procedures would you recommend for Web server security?

7. Based on this study, which operating system is easier to attack: Windows or Linux?

Explanation / Answer

1.purpose of the research project is very clear and a single purposeis to investigate a single factor, that is , the Web server software as a vector for attack.how attacks are being done on using web servers and we face many security issues like data stealing , data manupulation etc.

2. IIS and Apache with attackers spending more time on IIS high level attacks (2097.0 seconds) than Apache high level attacks (1272.9 seconds).hence research demonstrate security is high in IIS based system . as attackers have to spent more time to break its security.

4.main findings are :It is clear that an attacker will avoid Linux servers that are not obscured, This study has shown that attackers are not much attracted to linux based systems .

5.automatically control attack frequency is high as mostly threats or vulnerabilities are known but for un expeced threats manually controlled attacks methods are used while using web .for manintaing the securities.on web servers.

6. policies & procedures for web server securities can be :

7. Based on study , operating system which is easier to attack is windows .as linux is version of unix operating system it provide high level of security as compare to windows .

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.