Answer the following questions Part 1 Describe in about a pa

Answer the following questions

Part 1: Describe, in about a paragraph, at least one defense against buffer overflow attacks. Your description should tell why the defense is effective. A single sentence will not do as an answer. In a separate paragraph, explain why buffer overflow vulnerabilities remain common. Give at least two reasons.

Part 2: Distinguish among packet filtering firewalls, stateful inspection firewalls, and proxy firewalls. A thorough answer will require at least a paragraph for each type of firewall.

Acme Corporation wants to be sure employees surfing the web aren\'t victimized through drive-by downloads. Which type of firewall should Acme use? Explain why your answer is correct.

Solution

Part 1:

Buffer vulnerability attacks:

   Buffer overflow have been the most frequent form of safety susceptibility for the last ten years. what is more, buffer overflow vulnerabilities control the area of distant network diffusion vulnerabilities, where an nameless Internet user seek to gain partial or whole control of a host. If buffer run over vulnerabilities might be efficiently eliminate, a very large piece of the most serious safety threats would also be eliminate.

Defending Against Buffer Overflows:

   There are four basic mechanism of protection against shock absorber overflow attack ie.,writing correct programs,

    enlist the help of the in service system to make storage space areas for buffers non-executable

     improved compilers that perform limits checking; and performing reliability checks on code pointers previous to dereferencing them.

   If we take Code stick integrity examination seeks to detect so as to a code pointer has been ruined before it is de-referenced .Code baton honesty checking has the difficulty relative to bounds examination that it does not completely solve the shock absorber overflow difficulty, overflow that affect plan state mechanism other than code pointer will still succeed. However, it has considerable advantages in terms of presentation, compatibility with obtainable code, and completion effort.

   The shock absorber overflow leftovers the crown precious stone of attack, and it is likely to stay so for years to come. Part of this has to do with the ordinary existence of vulnerabilities leading to shock absorber overflow. If holes are present, the will be broken. Languages that have outdated reminiscence management ability such as C and C++ make defense overflows more common than they should be. As long as developers remain ignorant of the safety ramification of using certain everyday records functions and scheme calls, the defense overflow vulnerabilities remain ordinary.

Part 2:

Packet Filtering Firewall:

This is one of the fundamental firewalls. It is one of the most basic type of firewalls. This firewall screen anything that comes into the inner network. It also check anything that go into the outside network. This firewall is also called showing router. It filters maleficent packet by checking the packets that enter the network and allow only those allowable by the firewall rule to enter the network. It checks the packet header and determines if they should be allowed into the internal network. If it remembers the packet header information, the firewall is called stateful small package firewall. Otherwise it is called stateless/static packet firewall. This firewall is usually used to reduce load on a stateful examination firewall.

Stateful Inspection firewall:

Stateful examination firewall is an upgrading on static packet filter firewall. It is also called dynamic packet filter. While packet filtering check the packet subtitle, this firewall checks the packet to the request layer. It minutes IP address and port number in order. It provides tighter safety than packet filter firewall. It monitor both inward and outgoing packets. It maintain a state table that monitor all open relations in a firewall. This is not done in small package filtering firewall. This firewall is frequently built behind a packet filter firewall.

Proxy firewall:

This firewall monitor incoming set of connections traffic using deep packet and stateful inspection. This firewall prevents systems from having direct contact with the network. Due to the addtional associations that have to be shaped for every friendly and inward bound packet, the presentation is slower at what time compare to the other firewalls. But this firewall is also considered to be more safe than packet filter firewalls.

In order to stop drive-by download, the best firewall is stateful inspection firewall. This firewall inspect packets to the application layer. Any outgoing packet that requests incoming packets is tracked over a era of time. Only those inward bound packet that satisfy explicit conditions set by the system manager are allowed to enter the inner network. This will show useful in prevent drive-by downloads.