ITS 4050 - Internet and Web Security

Review for First Test

The following questions are provided to help you study for the first test. Do not expect to see these exact questions on the test.

1. History review: what is the significance of the Jacquard loom, with regard to computers and manufacturing?
   
   
2. Compare these features of an e-commerce site: catalog, shopping cart, transaction processing, fulfillment system. What are the difference between them?
   
   
3. Assuming we have a reason to use devices that belong to the Internet of Things, what are some of the security concerns that they create?
   
   
4. What does the requirement to make a customer's e-commerce site "highly available" mean, in terms of a realistic design for it?
   
   
5. Why should anything about commerce posted on the Internet have an expiration data on it? (example: sales announcements)
   
   
6. What are the three stages covered in the text regarding Customer Life-cycle Management? In which phases do sales actually take place?
   
   
7. List the four major steps in a payment card transaction from about page 40 in the text. Which step actually includes the approval or denial of the purchase? Who does the entity in this step communicate with?
   
   
8. Why do we recommend that connection to e-commerce sites, and others, be made with HTTPS, not HTTP?
   
   
9. Do you have a policy you favor about passwords you use on websites where you buy things? Do you have a different attitude as a professional being consulted about it by a vendor?
   
   
10. In social engineering,
    • what is meant by a pretext?
    • what should be your reaction to an urgent email from a bank you don't use? what about from your own bank?
    • why did the visher in the video I provided add background noise from a crying baby to her call to her victim's cell phone company?

     

11. What does the OWASP provide on their web site?
    
    
12. What is a ping flood attack? What should be a reasonable defense against it?
    
    
13. Why might an attack on a DNS service be effective on more victims than just the intended target?
    
    
14. What is the difference between internal and external hosting? Why might either be a good choice in some cases?
    
    
15. If we create a set of customer forums for our e-commerce site, what some potential drawbacks to doing so?
    What about using feedback forms that we post or email to our customers?
    What about online surveys, such as those on Survey Monkey?
    
    
16. What is the OWASP threat called Security Misconfiguration about? How do you address it?
    
    
17. If most of the people on our e-commerce site are actual customers, why is data validation a priority?
    
    
18. On a malicious web site, when would you expect a script embedded in a web page to run?
    
    
19. What are some of the defensive layers mentioned in chapter 7? What perimeter does the text mean, regarding perimeter security?
    
    
20. What is the point of Secure Sockets Layer? How does the user know it is in use?
    
    
21. What is an example of rule-based access control? How is it different from role-based access control?