Page 365 - StudyBook.pdf
P. 365

Communication Security: Web Based Services • Chapter 5  349

                 Exam Objectives

                 Frequently Asked Questions



                 The following Frequently Asked Questions, answered by the authors of this
                 book, are designed to both measure your understanding of the Exam Objectives
                 presented in this chapter, and to assist you with real-life implementation of
                 these concepts.


                 Q: Web servers are critical components in our network infrastructure.We want to
                    make sure that they are as safe as possible from attack since they will be pub-
                    licly accessible from the Internet.What is the number one issue regarding Web
                    services and how to fix them?
                 A: Service packs, hot fixes, and updates need to be applied to any system or appli-
                    cation, but to Web services in particular. It is very important to do this because
                    these systems are generally directly accessible from the Internet and because of
                    this, they are prone to more problems from possible attacks than other servers
                    on an internal network. Make sure you keep the fixes on these systems as cur-
                    rent as you possibly can.

                 Q: I am afraid of Web servers learning my identity and using it against me. I think
                    that if they have access to my cookies, they have access to my system. Is this
                    true?
                 A: No, it is not.A cookie is a kind of token or message that a Web site hands off
                    to a Web browser to help track a visitor between clicks.The browser stores the
                    message on the visitor’s local hard disk in a text file.The file contains informa-
                    tion that identifies the user and their preferences or previous activities at that
                    Web site.A Web server can gain valuable information about you, but although
                    it can read the cookie that does not mean that the Web server can necessarily
                    read the files on your hard disk.


                 Q: My Web browser is very old. I believe it may be IE version 4.0. Should I be
                    overly concerned about problems with exploits to my browser?

                 A: Yes, you should be. Earlier versions of popular Web browsers such as IE and
                    Netscape are known to have numerous vulnerabilities, which have been fixed
                    in later versions. Upgrading to the current version of IE is easy and costs




                                                                              www.syngress.com
   360   361   362   363   364   365   366   367   368   369   370