Cyber Defense in Web-Based Attacks: Protecting Against Cyber Threats

Verified

Added on 2022/09/07

AI Summary

This report delves into the critical aspects of cyber defense within the context of web-based attacks. It begins by addressing methods to minimize user vulnerability to phishing and malicious links, emphasizing user awareness of suspicious emails and the importance of verifying links and attachments. The report then explores strategies for handling disguised web pages and preventing redirection to unexpected sites, highlighting the vulnerabilities associated with browser configurations, such as ActiveX and Java applets, and the risks posed by plug-ins and cookies. Furthermore, it emphasizes the significance of ensuring that third-party software incorporates mechanisms for receiving security updates, outlining key considerations such as component maintenance, supplier controls, and vulnerability response processes. Finally, the report provides guidance on how to securely configure web browsers, including the importance of privacy settings, browser updates, and cautious installation of plug-ins and extensions. The report references a variety of academic sources to support its claims.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CYBER DEFENCE IN WEB-BASED ATTACKS
CYBER DEFENCE IN WEB-BASED ATTACKS
Name of the Student
Name of the university
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CYBER DEFENCE IN WEB-BASED ATTACKS
How would you minimize users clicking on links without considering the risks of their
actions?
User should be aware of the fact that if they are receiving any email requesting for
confidential or personal information then that should be treated as suspicious. Sender’s email
address should be checked even if it looks legitimate. Next is checking the attachments or
links for downloading or viewing any data because there can be malware which may affect
the user’s PC. When user is having any doubt he should hover over the URL or hyperlink and
get more details about it before clicking on it (Zheng, Lu & Xu, 2017). If he receives any
weird email from a known person also, that should not be opened unless sure about it being
malware free since there is chances the account has been hacked. Typos, spelling, syntax and
grammatical errors can be considered as red flag. At any point of time if there are any kind of
doubts regarding any email then it is always advisable to contact the sender and confirm. The
mails from unknown users and with doubtful content should never be clicked on as this can
be trap of the cyber criminal to spoof into the mail id of the users and gather essential details.
It is necessary that users are aware of different ways in which the cyber criminals can attacks
their data so that they are careful while handling their personal accounts and sensitive
informations. Security software should be installed which helps in the detection and blockage
of fake websites and user should use unique password for all the websites (Kalutarage et al.,
2015). All of the above precautions can help in protecting a user from phishing attacks and
minimize users clicking on irrelevant links.
How would you address Web page addresses that are disguised or take you to an
unexpected site?
There can be disguised web pages which can lead users to different websites. Many
web browser configurations are done for providing increase in the functionality meanwhile

2CYBER DEFENCE IN WEB-BASED ATTACKS
decreasing the security. Software packages and computer systems comprise of additional
software which makes the system more vulnerable. Some features of a web browser if
enabled can pose a security threat and most of time the vendors enable those by default which
increases the risk to the system. Exploitation of the client-side system is done by the attackers
by utilizing various vulnerabilities for stealing the information from the system, destructing
the files and using the computer to attack other systems (Vykopal et al., 2017). Hackers are
involved in creating of malicious webpage which installs Trojan spyware for stealing the
information. Some features of the web browsers which have certain risks associated with it
are as follows:
ActiveX technology in MS Internet explorer has components which can provide it as an
object that is downloadable and this in turn provides with extra functionalities but also
introduces vulnerabilities if proper implementation is not done.
Java is a programming language used for developing contents which are active, for various
websites. The execution of Java applets occurs within a sandbox, however certain
deployments of the JVM consists of vulnerabilities which allows an applet for bypassing the
restrictions (Zhuang, Bardas, DeLoach & Ou, 2015)
Plug-ins consists of programming flaws like buffer overflows or some flaws in the design
which can be a vulnerability to the system. If cookies are used for authentication in the
websites then a hacker is able to get unauthorized access and the cookies which are persistent
can pose a greater risk since they stay in the system for a longer duration.
How would you ensure that third-party software has a mechanism for receiving
security updates?
Third Party components are highly used in software development and these include
open source as well as commercial off-the-shelf software components. A component which is

3CYBER DEFENCE IN WEB-BASED ATTACKS
well-maintained can have quick vulnerability identification and remediation. Enterprises
which make use of third party software are required to know about the responsibilities of the
suppliers of their software as well as for about the maintenance (Zhang et al., 2015). The
following should be considered for ensuring that third party software has the mechanism for
receiving security updates:
--Component has regular maintenance and updated at proper intervals
--Any controls that a supplier has for protecting against changes/updates that are un-approved
--Lifetime of the component
--The process by which security response is managed by the third-party software
--The period of existence of the component and the time of its last release
--The usage of the software publicly and within the organization
All organizations must have a process for discovery and response to new vulnerabilities. For
most of them there is a PSIRT that is product security incident response team which has
different methods for monitoring and receiving reports of the vulnerabilities for third party
software or components and the organization’s product (Dondo, 2016). It is required on the
part of every organization to keep a data recovery plan ready in hand so that in any situations
this can be applied and the loss can be reduced to at least some extent.
How would you ensure users know how to configure their web browsers securely?
It can be ensured that the users are configuring their web browsers securely if they
have done the following:
Configured the browser’s privacy and security settings—These settings should be reviewed
and it should be ensured which features are enabled or disabled (Tang, Pham, Chinen, &
Beuran,c2017). Privacy settings should be properly adjusted by a user so that they do not fall
a victim to the cyber criminals.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CYBER DEFENCE IN WEB-BASED ATTACKS
Browser should always be up-to-date—The released browser updates should be installed to
plug the security holes in the system. It is common in people to ignore the software updates
which leave them vulnerable to the attacks of the cyber criminals.
Signing up for alerts—Enabling of Google alerts for the browser helps to get notifications for
any security updates or issues or unauthorized logins
Plug-ins should be installed very cautiously—It was a recent discovery that chrome
extensions were able to change the ownership without any notifications to the users so plug-
ins or extensions can be very risky if not installed cautiously (Jung, Kim, Choo & ByungUk,
2015).
When any type of software is installed some unnecessary programs can slip with that into the
system so it is always necessary to have antivirus software installed in the system and it
serves as the best way for ensuring that our browser is safe from any kind of malware or
hijack.

5CYBER DEFENCE IN WEB-BASED ATTACKS
References
Dondo, M. (2016). A technique to identify indicators for predicting web-based threat activity.
Jung, J. H., Kim, H. K., Choo, H. L., & ByungUk, L. (2015). The protection technology of
script-based cyber attack. Journal of Communication and Computer, 12, 91-99.
Kalutarage, H., Shaikh, S., Lee, B. S., Lee, C., & Kiat, Y. C. (2015, October). Early warning
systems for cyber defence. In International Workshop on Open Problems in Network
Security (pp. 29-42). Springer, Cham.
Tang, D., Pham, C., Chinen, K. I., & Beuran, R. (2017, November). Interactive cybersecurity
defense training inspired by web-based learning theory. In 2017 IEEE 9th
International Conference on Engineering Education (ICEED) (pp. 90-95). IEEE.
Vykopal, J., Vizváry, M., Oslejsek, R., Celeda, P., & Tovarnak, D. (2017, October). Lessons
learned from complex hands-on defence exercises in a cyber range. In 2017 IEEE
Frontiers in Education Conference (FIE) (pp. 1-8). IEEE.
Zhang, H., Wei, S., Ge, L., Shen, D., Yu, W., Blasch, E. P., ... & Chen, G. (2015, May).
Towards an integrated defense system for cyber security situation awareness
experiment. In Sensors and Systems for Space Applications VIII (Vol. 9469, p.
946908). International Society for Optics and Photonics.
Zheng, R., Lu, W., & Xu, S. (2017). Preventive and reactive cyber defense dynamics is
globally stable. IEEE Transactions on Network Science and Engineering, 5(2), 156-
170.
Zhuang, R., Bardas, A. G., DeLoach, S. A., & Ou, X. (2015, October). A theory of cyber
attacks: A step towards analyzing MTD systems. In Proceedings of the Second ACM
Workshop on Moving Target Defense (pp. 11-20).