1)Considering the flow diagram provided in section 3.5, list two good network security controls that are included in the design?

2) Consider the vulnerability statements (risk scenarios) listed in section 4. Reflect on the password related statement, and possible mitigations?

3.5 Flow Diagram The following diagram shows the in-scope technology components reviewed as part of the MVROS. Interface to PayLink MVR Database Internet OTT Border Router Internet Firewall MVR Website Internal Firewall MVR Application Server 4. Vulnerability Statement The following potential vulnerabilities were identified: Vulnerability Description Cross-site scripting The web application can be used as a mechanism to transport an attack to an end user's browser. A successful attack can disclose the end user's session token, attack the local machine, or spoof content to fool the user. SQL injection Information from web requests is not validated before being used by a web application. Attackers can use these flaws to attack backend components through a web application. Password strength Passwords used by the web application are inappropriately formulated. Attackers could guess the password of a user to gain access to the system. Unnecessary The web server and application server have services unnecessary services running such as telnet, snmp and anonymous ftp