Bay Ridge Security Consulting (BRSC) provides security consulting services to a wide range of businesses, individuals, schools, and organizations. These clients have networks that range from small to large, consisting of both physical and virtualized hosts. Because of its reputation and increasing demand for its services, BRSC has partnered with a local school to hire students close to graduation to assist them on specific projects. This not only helps BRSC with their projects but also provides real-world experience to students who are interested in the security field.

Clean Up! (CU) is a service that provides cleaning services to offices as well as residential homes. Customers can enter information on CU's Web site to request a specific date for cleaning services, to register for special carpet cleaning services, and other features. Due to recent layoffs in CU's IT department because of lower-than-anticipated revenue, they have had difficulty maintaining Web application security on their servers. Recently, CU was the victim of a typical injection attack, and the president of the company is furious. He has demanded that the IT department hire someone to help them with the problem. CU has contacted BRSC, who in turn has hired you to help them.

One of CU's IT staff has contacted you, claiming that due to the layoffs the staff no longer has the expertise nor the time to properly secure the Web application servers. In fact, there are several security problems that could result in even more attacks. She has asked you to make this clear to the president. However, the BRSC management views CU as a customer and does not want to do anything that would jeopardize the account. This has put you in a difficult situation. To convince management that serious actions need to be taken, you need to:

1. List 3 possible injection attacks that could be launched on the CUs web application server as a result of this lack of security maintenance

2. Briefly explain how each of such attacks could be perpetrated on the web server

A second BRSC customer is considering the purchase of Bluetooth devices for its senior management employees. Before getting into such venture, this customer wants to understand how this technology works, as well as what they may up against, as a result of implementing this technology. As a security analyst, BRSC has asked you to work with this customer and your responsibilities include the following:

1. Describe the ad hoc networks used to link Bluetooth devices (2 points)

2. List 2 main attacks on such devices (1 point)

3. Explain each of above 2 main attacks

4. How do you prevent such attacks

Another BRSCs client is considering implementing virtualization, but they need to have a better understanding about this technology. BRSC has assigned you to this task and you are asked to:

1. List 3 benefits to hosts that run virtualization

2. Explain each of the benefits