UB University of Baltimore
Merrick School of Business


INSS 453/753 - Internet and Network Security

Mini-project 6: testing Internet users

All mini-projects are due on Sundays by 11 PM.

This project can be done using the PCs of members of the group, or one PC in the MISLAB.

  1. Read the references (see this class slide) on CGI vulnerabilities and identify the top five issues related to CGI security.

  2. Use one of the CGI scanner tools available at PacketStorm, e.g. CGI Scanner, and check the MIS web server for vulnerabilities, including the ones you identified above.

  3. Read this article on ASP security issues accessing SQL server, and this other on using ACCESS with ASP. Finally, read this article on IIS and SQL security. Summarize and explain the issues of security of IIS, ASP and data bases.

  4. Install Internet Explorer 7.0 and using the information seen in class (see this slide) restrict or disable ActiveX and scripting in the Internet zone. Then, include some of your favorite sites which use scripts (e.g. Microsoft update) in your Trusted Sites zone. Show me the final results.

  5. Be sure to be using the latest versions of Firefox and Internet Explorer with patches (show me the about). Browse and show me some of your cookies using a Firefox tool. Set the cookie status very conservatively in IE and show me.

  6. Explain the IE's cross-domain security model and why the IFRAME tag poses a security risk in IE.

  7. Send an e-mail for one of the group members from alien@extra.terrestrial.edu using netcat. Include copies of the original document (text), the screen capture of the nc command, and of the received message. Hint: see the in class example. This will only work if a mail server does not require authentication.

  8. Explain how can you protect users of Outlook/OE from address book worms. Give example in a demonstration machine with OE. You can use a home or a MIS Lab PC for the demonstration. Why is important to disable "Safe for Scripting" in OE?

  9. Open Firefox or Internet Explorer in Windows, and post your group project report in the Mini-project 6 entry of the Assignments folder of one of the group members in WebTycho.

This page is maintained by Al Bento who can be reached at abento@ubalt.edu This page was last updated on November 25, 2007. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.