Writing Problem: Defender of the Web

tl;dr

Research methods and defenses against cyberattacks.

Academic Honesty

This course’s philosophy on academic honesty is best stated as "be reasonable." The course recognizes that interactions with classmates and others can facilitate mastery of the course’s material. However, there remains a line between enlisting the help of another and submitting the work of another. This policy characterizes both sides of that line.

The essence of all work that you submit to this course must be your own. Collaboration on problems is not permitted (unless explicitly stated otherwise) except to the extent that you may ask classmates and others for help so long as that help does not reduce to another doing your work for you. Generally speaking, when asking for help, you may show your code or writing to others, but you may not view theirs, so long as you and they respect this policy’s other constraints. Collaboration on quizzes and tests is not permitted at all. Collaboration on the final project is permitted to the extent prescribed by its specification.

Below are rules of thumb that (inexhaustively) characterize acts that the course considers reasonable and not reasonable. If in doubt as to whether some act is reasonable, do not commit it until you solicit and receive approval in writing from your instructor. If a violation of this policy is suspected and confirmed, your instructor reserves the right to impose local sanctions on top of any disciplinary outcome that may include an unsatisfactory or failing grade for work submitted or for the course itself.

Reasonable

  • Communicating with classmates about problems in English (or some other spoken language).

  • Discussing the course’s material with others in order to understand it better.

  • Helping a classmate identify a bug in his or her code, such as by viewing, compiling, or running his or her code, even on your own computer.

  • Incorporating snippets of code that you find online or elsewhere into your own code, provided that those snippets are not themselves solutions to assigned problems and that you cite the snippets' origins.

  • Reviewing past years' quizzes, tests, and solutions thereto.

  • Sending or showing code that you’ve written to someone, possibly a classmate, so that he or she might help you identify and fix a bug.

  • Sharing snippets of your own solutions to problems online so that others might help you identify and fix a bug or other issue.

  • Turning to the web or elsewhere for instruction beyond the course’s own, for references, and for solutions to technical difficulties, but not for outright solutions to problems or your own final project.

  • Whiteboarding solutions to problems with others using diagrams or pseudocode but not actual code.

  • Working with (and even paying) a tutor to help you with the course, provided the tutor does not do your work for you.

Not Reasonable

  • Accessing a solution to some problem prior to (re-)submitting your own.

  • Asking a classmate to see his or her solution to a problem before (re-)submitting your own.

  • Decompiling, deobfuscating, or disassembling the staff’s solutions to problems.

  • Failing to cite (as with comments) the origins of code, writing, or techniques that you discover outside of the course’s own lessons and integrate into your own work, even while respecting this policy’s other constraints.

  • Giving or showing to a classmate a solution to a problem when it is he or she, and not you, who is struggling to solve it.

  • Looking at another individual’s work during a quiz or test.

  • Paying or offering to pay an individual for work that you may submit as (part of) your own.

  • Providing or making available solutions to problems to individuals who might take this course in the future.

  • Searching for, soliciting, or viewing a quiz’s questions or answers prior to taking the quiz.

  • Searching for or soliciting outright solutions to problems online or elsewhere.

  • Splitting a problem’s workload with another individual and combining your work (unless explicitly authorized by the problem itself).

  • Submitting (after possibly modifying) the work of another individual beyond allowed snippets.

  • Submitting the same or similar work to this course that you have submitted or will submit to another.

  • Using resources during a quiz beyond those explicitly allowed in the quiz’s instructions.

  • Viewing another’s solution to a problem and basing your own solution on it.

Cyberwars

As we’ve seen, it’s an ongoing battle to try to prevent cyberattacks over networks and on the Internet. Bad guys are coming up with new ways to hack into supposedly secure systems at all hours of the day, while simultaneously trying old methods again and again to catch even a second of system failure. Though we’d like to believe all our data is safe, the reality is that a lot of it may be at risk - unless the good guys can catch the vulnerabilities first.

Some of the major types of cyberattacks include:

  • Code Injection

  • Viruses

  • SSL Encryption Attacks

  • Spoofing (DNS or MAC, for example)

  • Denial-of-Service Attacks

  • Floods (a subset of denial-of-service attacks)

While these attacks are generally eventually caught and defended against, much of the time they are caught too late to prevent significant damage to personal privacy and financial security. In addition, some are not publicized to a large degree, preventing other potentially vulnerable companies from becoming aware of the problem and fixing it before they too fall victim to an attack.

Be a Defender

In this writing problem, we want you to delve deeper into one particular cyberattack you’ve not yet discussed in class. Research it and figure out exactly how it works, who it targets, and the damage it causes. How can we prevent ourselves from falling victim to that particular attack? Open a text editor and create a file called ‘defender’ (be sure that the file extension is either .doc, .docx, .pdf, or .txt). This problem should be between 750-1,000 words. In your writing, you should cover the following:

  • What is the name of the attack? What type of attack is it?

  • Where did it come from? Who created it (if known), and why?

  • How did we find out about it - how was it caught?

  • What types of companies or individuals does it target?

  • How does it work? What components of the network does it attack, and from which end (client or server)?

  • What damage is it capable of doing? What information does it target?

  • Has a fix been found? How does it work? Has it been implemented in all websites/servers with potential vulnerabilities?

  • If applicable, how can we defend ourselves against this attack?

Start by taking a look at the different types of attacks, and find one that intrigues you. From there, search the different examples of those attacks that have come up over the past few years and read a bit about each before picking the one you want to dive into. News stories covering major security breaches will be a good resource for you as well. This assignment will provide you with a deeper understanding of the creativity involved in these attacks and the necessity of robust testing - and it’s an interesting conversation topic too.

How to Submit

Step 1 of 3

Go to https://github.com/me50/USERNAME, substituting USERNAME in the URL with your own GitHub username. On the left side of the screen, click on "Branch: master". In the field that says "Find or create a branch…​", type cs50/problems/2019/ap/defender and click "Create branch".

Step 2 of 3

Click the button that says "Upload files". Drag your defender.(doc, docx, pdf, txt) file into the box that says "Drag files here".

Step 3 of 3

Click the green "Commit changes" button and you’re done!

If you run into any trouble, email sysadmins@cs50.harvard.edu!

You may resubmit any problem as many times as you’d like before the deadline.

Your submission should be graded for correctness within 2 minutes, at which point your score will appear at submit.cs50.io!

This was Defender of the Web.