Reference no: EM133001153
BN324 Enterprise Cyber Security and Management - Web application Security, IoT Security and Cloud Security
The purpose of the assignment is to analyse the web application attacks in cyber security; evaluate available defensive resolutions, and recommend a security solution. Students will be able to complete the following ULOs:
a. Articulate cyber security imperatives to key decision makers in an enterprise organisation.
b. Evaluate the cyber security posture of an organisation.
d. Analyse the cyber security consequences of the increasing connectedness of end-point devices and control systems to an organisation's mission.
e. Devise strategies and risk management solutions.
Assignment Description
Royal Consulting Services (RCS) provides security consulting and services to over 500 clients across a wide range of enterprises in Australia. A new initiative at RCS is for its two offices in Sydney and Melbourne to provide internships to one student who is pursuing his/her postgraduate studies in reputed institutes in Sydney and Melbourne in the Networking and Cyber Security domains.
The student is required to demonstrate outstanding writing and presentation skills about his/her theoretical as well as practical knowledge related to information security domain.
To evaluate suitable candidates/groups for this prestigious internship program, RCS has advised student from multiple institutes to prepare a detailed report and a video demonstration of two port scanning tools. Detailed descriptions of these two tasks are given in the following sections.
Part I: Report
The report must include the following sections:
A. SQL Injection Attacks
SQL injection attacks continue to be a significant attack vector for threat actors to manipulate database servers. Use the Online and library resources to research these attacks. Based on your research
1. Explain how SQL injection attacks are carried out. Report any two SQL statements crafted by the threat actors to manipulate databases.
2. Discuss one recent attack that has been initiated by the SQL injection.
3. Identify and discuss possible defences against SQL injection attacks.
B. Load Balancing Algorithms
Load balancing is a technology that can help to distribute work across a network. Different algorithms are used to make decision on the load balancing. These include random allocation, round-robin, weighted round-robin, round-robin DNS load balancing, and others.
1. Explain the importance of load balancing in today's networks. What benefits are achieved with load balancing from information security perspective?
2. From current literature survey, research about two load balancing algorithms (mentioned above) and discuss their working mechanism with advantages and disadvantages.
3. Do these algorithms compromise security? Provide proper justification for your recommendation.
C. Blockchain for the Internet of Things (IoT)
With recent developments, it is predicted that there will be 18 billion internet of things (IoT) enabled devices by 2022 having a large influence across many vertical markets. Blockchain technologies have potential to track, coordinate, carry out transactions and store information from these large number of devices, enabling the creation of applications that require no centralized cloud. Based on your research and analysis
1. Discuss IoT and their Characteristics.
2. Explain the working mechanism of Blockchain and Its advantages in comparison to centralised coordination.
3. Evaluate how Blockchain can ensure security in IoT domain.
D. Cloud Computing
Cloud computing is a pay-per-use computing model in which customers pay only for the online computing resources they need. It is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provide interaction. Based on your research and analysis
1. Discuss the importance of cloud computing in today's world. Explain four service models in the cloud computing.
2. Report one security protection for cloud computing used in an organization.
3. Compare Microsoft Azure with Amazon Web Services (AWS). Create a table that lists at least five options. Include the advantages and disadvantages of each. Which would you recommend? Why?
Part II: Video Demonstration (5-7 Minutes)
Most communication in TCP/IP networks involves the exchange of information between a program running on one system (known as a process) and the same, or a corresponding process, running on a remote system. TCP/IP uses numeric value as an identifier to the application and services on these systems. This value is known as the port number.
Use the library resources/ the Internet to locate two port scanner applications. Download and install each selected tool on a Virtual machine (Kali Linux /Windows). Create a 5-7 minutes video demo using the Zoom application (along with presenters' video) addressing the following tasks.
1. Analyse and discuss the importance of port scanners.
2. Perform port scanning using both applications.
3. Identify and discuss the strengths and weakness of each scanner.
4. Which scanner would you recommend? Justify your recommendation.
Attachment:- Cyber Security and Management.rar