Question 1a describe what a turtle shell architecture is

Assignment Help Computer Networking
Reference no: EM13349374

QUESTION 1

(a) Describe what a Turtle Shell Architecture is and give an instance.

(b) Briefly clarify the principle of least privilege using an appropriate instance.

(c) Judge the following block of codes underneath.

<?PHP
Include("db_connect.php")://handles database connection
$sql="INSERT
INTO users(reg_username,
Reg_password,
Reg_email)
VALUES(‘{$_POST[‘reg_username']}'
‘$reg_password'.
‘{$_POST[reg_email']})':
Mysql_close():
?>

Imagine that this query is creating a new account. The user gives a desired username and an email address. The registration application generates a temporary password and emails it to the user to verify the email address.

If a valid email address is given ([email protected], for example), and "hamp98" is what the application generates for the password.
Give explanation whether an SQL injection attack is possible. Explicate your reasoning with an appropriate example.

(d) Let's presume a query in a product detail page as follows:
$sql="SELECT*FROMproductWHEREproduct_id='".$_GET[‘product_id]."'";

Now an intruder inserts an SQL command in the URL of the page, the code is like this 10'; DROP TABLE product; # and the URL looks like this:

https://abcfoods.com/product.php?id=10'; DROP TABLE product; #

At this instant the query becomes this:

SELECT * FROM product WHERE product_id='10'; DROP TABLE product; #';

You might be doubting what the meaning of hash "#" is. It simply tells the MYSQL server to ignore the rest of the query.
Explain what happen when the URL is processed with the injection as shown above.

(e) Briefly portray four methods how confidentiality can be ensured.

(f) Jane wishes to transfer $100 to Bob using bank.com. The request generated by Jane will look similar to the subsequent:

POST https://bank.com/transfer.phpHTTp/1.1
....
....
....
Content-Length:19:
Acct=BOB&amount=100

On the other hand, Maria notices that the same web application will execute the same transfer using URL parameters as tag along:

GET https://bank.com/transfer.php?acct=100HTTP/1.1


Maria now made a decision to exploit this web application vulnerability using Jane as her victim. Maria has to construct the URL which will transfer $100,000 from Jane's account to her account.

(i) Create the above URL for Maria

At this instant that her malicious request is generated, Maria must trick Jane into submitting the request. The most basic method is to send Jane an HTML email containing the link and expect Jane to click on it.

Assuming Jane is authenticated with the application when she clicks the link, the transfer of $100,000 to Maria's account will occur. However, Maria realizes that if Jane clicks the link, then Jane will notice that a transfer has occurred. as a result, Maria come to a decision to hide the attack in a zero-byte image.

(ii) Write the code that Maria must send to Jane in the email making use of a zero-byte representation.

(iii) Describe using an appropriate example how bank.com can prevent such security vulnerability.

(g) Portray three types of biometric identification schemes.

QUESTION 2

(a) In essence security is holistic. Explain this reasoning using appropriate examples.

(b) All secure systems should aim at providing some security concepts. Explain seven of them.

(c) Explicate three ways to authenticate a user and give an example of a real world two-factor authentication.

(d) What is an Access Control List?

(e) Present two ways how webmasters can ensure maximum availability of their web applications.

(f) Describe what happen during a DNS Cache Poisoning attack.

QUESTION 3

(a) Tell apart symmetric and public key encryption cryptographic systems and their modes of operation.

(b) Describe what hash functions are and using a suitable example show how to Work out the hash on a string using MD5.

(c) Elucidate what you understand by the terms hash collision and rainbow tables giving an appropriate example for each. Also describe how they can be prevented.

(d) Mark a 16-pass iterative and 9-pass recursive PHP function using hash algorithm sha1 and salt "iamsexyandiknowit" to hash password "passwordcanon".

Reference no: EM13349374

Questions Cloud

Question 1case study the retail landscape has undergone a : question 1case study the retail landscape has undergone a lot of changes in the last 15 years in mauritius. the
Question 1a there are two analysis techniques in reverse : question 1a there are two analysis techniques in reverse engineering for mobile apps static and dynamic.i set apart
Question 1the best practice approach to the development of : question 1the best practice approach to the development of a human resource strategy has severe limitations. best fit
Question 1successful service managers identify that : question 1successful service managers identify that managing demand and capacity is vital for both productive use of
Question 1a describe what a turtle shell architecture is : question 1a describe what a turtle shell architecture is and give an instance.b briefly clarify the principle of least
Question 1a what are the indispensable ingredients of a : question 1a what are the indispensable ingredients of a symmetric cipher?b what are the two basic meanings used in
Question 1a sort out each of the following as a violation : question 1a sort out each of the following as a violation of privacy integrity and ease of use authenticity or some
Question 1a explain network security what are the types of : question 1a explain network security. what are the types of security features used in client server types of network?b
Question 1aname five significant activities involved in a : question 1aname five significant activities involved in a digital forensic investigation.bwhy is computer forensic

Reviews

Write a Review

Computer Networking Questions & Answers

  Networking and types of networking

This assignment explains the networking features, different kinds of networks and also how they are arranged.

  National and Global economic environment and ICICI Bank

While working in an economy, it has a separate identity but cannot operate insolently.

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

  Network simulation

Network simulation on Hierarchical Network Rerouting against wormhole attacks

  Small internet works

Prepare a network simulation

  Solidify the concepts of client/server computing

One-way to solidify the concepts of client/server computing and interprocess communication is to develop the requirements for a computer game which plays "Rock, Paper, Scissors" using these techniques.

  Identify the various costs associated with the deployment

Identify the various costs associated with the deployment, operation and maintenance of a mobile-access system. Identify the benefits to the various categories of user, arising from the addition of a mobile-access facility.

  Describe how the modern view of customer service

Describe how the greater reach of telecommunication networks today affects the security of resources which an organisation provides for its employees and customers.

  Technology in improving the relationship building process

Discuss the role of Technology in improving the relationship building process Do you think that the setting of a PR department may be helpful for the ISP provider? Why?

  Remote access networks and vpns

safekeeping posture of enterprise (venture) wired and wireless LANs (WLANs), steps listed in OWASP, Securing User Services, IPV4 ip address, IPV6 address format, V4 address, VPN, Deploying Voice over IP, Remote Management of Applications and Ser..

  Dns

problems of IPV, DNS server software, TCP SYN attack, Ping of Death, Land attack, Teardrop attack, Smurf attack, Fraggle attack

  Outline the difference between an intranet and an extranet

Outline the difference between an intranet and an extranet A programmer is trying to produce an applet with the display shown in Figure 1 below such that whenever one of the checkboxes is selected the label changes to indicate correctly what has..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd