Security Settings Flashcards

1
Q

Directory Browsing

A
  • Open IIS Manager through the Server Manager
  • Expand Host
  • Expand Sites
  • Select Default Website
  • Select Directory Browsing
  • Select Disable (If the option is Enable, directory browsing is already disabled.)
  • Select Apply
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Ping Flood

A
  • Open Firewall
  • In the Inbound/Outbound security rules disable any protocol relating to ICMP echo requests
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Logs

A
  • Open IIS Manager through the Server Manager
  • Expand Host
  • Expand Sites
  • Select Default Website
  • Select Logging
  • Change the Logging directory
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

FTP

A
  • Open the Remove Roles and Features Wizard through the Server manager
  • Select Server Roles
  • Expand Web Server (IIS)
  • Deselect FTP Server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Loose Lipped Errors

A
  • Open IIS Manager through the Server Manager
  • Expand Host
  • Expand Sites
  • Select Default Website
  • Select Error Pages
  • Select Edit Feature Settings…
  • Select Custom
  • Select Okay
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SQL Injection

A

The “striplashes()” function removes backslashes. The “mysql_real_escape_string()” function removes special characters from a string used for an SQL statement. Conditional statements determine that the string is the desired data, clarifying that there is no code in the string.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

XSS Reflected

A

The JavaScript function “htmlspecialchars()” turns special characters that would normally run a malicious function into normal characters that are read as part of a string.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

XSS Stored

A

The JavaScript function “striplashes()” removes backslashes; the “mysql_real_escape_string()” function removes special characters from a string used for an SQL statement; and “htmlspecialchars” turns special characters that would normally run a malicious function into normal characters that are read as part of a string.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Command Execution

A

If necessary, separate data into smaller sections and make sure it is what’s desired.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

General Web/Server Prevention

A
  • Use the JavaScript function to “striplashes()” to remove backslashes from a variable.
  • Use the JavaScript function “mysql_real_escape_string()” to remove special characters from a string used for an SQL statement.
  • Use the JavaScript function “htmlspecialchars” to turn special characters that would normally run a malicious function into normal characters that are read as part of a string.
  • Use the JavaScript function “is_numeric()” to make sure data that is supposed to be numeric only contains numbers.
  • You can break apart a variable into smaller chunks during sanitization.
  • Use conditional statements to clarify that a variable is what it is intended to be.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly