Academic Writing - response tcp security

short response to these two statements: 1. TCP-IP Security One of the more interesting TCP-IP vulnerabilities is its ability to guarantee the location of where a packet is coming from. RIP is an essential component of a TCP/IP network. RIP is the Routing Information Protocol which is used to distribute routing information within networks, such as shortest-paths, and advertising routes out from the local network, (CHAMBERS, DOLSKE, & IYER, n.d.). The flaw in RIP is that it doesn’t have built in authentication much like TCP/IP. This attack is significant because RIP attacks change where the data may go to unlike common attacks that change where data has come from. When an attacker is able to compromise RIP addresses and send them from anywhere in the world this poses a huge security flaw. Attackers can forge RIP packets claiming that they are another host and they have the fastest route or path out of the network. This is troubling as there is a higher level DDOS attack that uses the RIPv1 protocol called Reflection Amplification Attacks. (Mimoso, 2015) says, “Reflection attacks happen when an attacker forges its victim’s IP addresses in order to establish the victim’s systems as the source of requests sent to a massive number of machines.” Because the attacker is in control of the RIP it can send many requests on behalf of a network. The recipients of the request issue an overwhelming flood of responses back to the victim’s network thus crashing that network, (Mimoso, 2015). I chose this vulnerability because it’s very current in the landscape of DDOS attacks and Threat post by Kapersky Labs suggest that this is only going to grow into the coming years. The easiest way to stop this is to use routers with RIPv2 and above. Unfortunately, a large number of the routers that have been compromised using this deprecated technology comes from AT&T and BellSouth and they are regularly distributed in the United States. 2, Cross site scripting (XSS) is a common web application injection vulnerability. Cross site scripting is used to impersonate users and bypass access controls. Hackers inject malicious code on the client side web applications to gather data from users. Hyperlink is usually the method used to gather the information that contains malicious content within it (Incapsula). To make it look less suspicious to the user, the hacker will encode the malicious part of the link in HEX. XSS differs from other web attacks such as SQL injection, in that it does not directly target the application itself. Instead risk is to the web application users. By hijacking a logged in users session, the hacker can change the password and if the administrators session is hacked, the hacker will have full admin privileges of that web application (Netsparker). After collecting data from the web application, the malicious code sends a results page to the hacker but in a manner that appears legitimate to the user. Attackers often inject ActiveX, HTML, Flash, JavaScript or VBScript into vulnerable applications. This form of attack can best be detected by using a web application firewall (WAF). Although WAF's use various methods to counter attacks, most use signature based filtering in blocking and recognizing attacks to and from HTTP web applications. Websites using SSL (https) encryption are no more safe than sites not encrypted. The attacks would work in the same manner except its taking place in an encrypted connection. Unlike network firewalls, with customization, WAF can prevent XSS, SQL injection, session jacking and buffer overflows by inspecting every HTML, HTTPS, SOAP and XML-RPC data packet (cgisecurity). Websites using SSL (https) encryption are no more safe than sites not encrypted. The attacks would work in the same manner except its taking place in an encrypted connection. APA FORMAT and use of resources