Turtle shell architecture

Assignment Help Computer Network Security
Reference no: EM133324

QUESTION 1

(a) Describe what a Turtle Shell Architecture is and give an instance.

(b) Briefly clarify the principle of least privilege using an appropriate instance.

(c) Judge the following block of codes underneath.

<?PHP
Include("db_connect.php")://handles database connection
$sql="INSERT
INTO users(reg_username,
Reg_password,
Reg_email)
VALUES(‘{$_POST[‘reg_username']}'
‘$reg_password'.
‘{$_POST[reg_email']})':
Mysql_close():
?>

Imagine that this query is creating a new account. The user gives a desired username and an email address. The registration application generates a temporary password and emails it to the user to verify the email address.

If a valid email address is given ([email protected], for example), and "hamp98" is what the application generates for the password.
Give explanation whether an SQL injection attack is possible. Explicate your reasoning with an appropriate example.

(d) Let's presume a query in a product detail page as follows:
$sql="SELECT*FROMproductWHEREproduct_id='".$_GET[‘product_id]."'";

Now an intruder inserts an SQL command in the URL of the page, the code is like this 10'; DROP TABLE product; # and the URL looks like this:

https://abcfoods.com/product.php?id=10'; DROP TABLE product; #

At this instant the query becomes this:

SELECT * FROM product WHERE product_id='10'; DROP TABLE product; #';

You might be doubting what the meaning of hash "#" is. It simply tells the MYSQL server to ignore the rest of the query.
Explain what happen when the URL is processed with the injection as shown above.

(e) Briefly portray four methods how confidentiality can be ensured.

(f) Jane wishes to transfer $100 to Bob using bank.com. The request generated by Jane will look similar to the subsequent:

POST https://bank.com/transfer.phpHTTp/1.1
....
....
....
Content-Length:19:
Acct=BOB&amount=100

On the other hand, Maria notices that the same web application will execute the same transfer using URL parameters as tag along:

GET https://bank.com/transfer.php?acct=100HTTP/1.1


Maria now made a decision to exploit this web application vulnerability using Jane as her victim. Maria has to construct the URL which will transfer $100,000 from Jane's account to her account.

(i) Create the above URL for Maria

At this instant that her malicious request is generated, Maria must trick Jane into submitting the request. The most basic method is to send Jane an HTML email containing the link and expect Jane to click on it.

Assuming Jane is authenticated with the application when she clicks the link, the transfer of $100,000 to Maria's account will occur. However, Maria realizes that if Jane clicks the link, then Jane will notice that a transfer has occurred. as a result, Maria come to a decision to hide the attack in a zero-byte image.

(ii) Write the code that Maria must send to Jane in the email making use of a zero-byte representation.

(iii) Describe using an appropriate example how bank.com can prevent such security vulnerability.

(g) Portray three types of biometric identification schemes.

QUESTION 2

(a) In essence security is holistic. Explain this reasoning using appropriate examples.

(b) All secure systems should aim at providing some security concepts. Explain seven of them.

(c) Explicate three ways to authenticate a user and give an example of a real world two-factor authentication.

(d) What is an Access Control List?

(e) Present two ways how webmasters can ensure maximum availability of their web applications.

(f) Describe what happen during a DNS Cache Poisoning attack.

QUESTION 3

(a) Tell apart symmetric and public key encryption cryptographic systems and their modes of operation.

(b) Describe what hash functions are and using a suitable example show how to Work out the hash on a string using MD5.

(c) Elucidate what you understand by the terms hash collision and rainbow tables giving an appropriate example for each. Also describe how they can be prevented.

(d) Mark a 16-pass iterative and 9-pass recursive PHP function using hash algorithm sha1 and salt "iamsexyandiknowit" to hash password "passwordcanon".

Reference no: EM133324

Questions Cloud

Discuss the role that loyalty programmes play : Discuss the role that Loyalty Programmes play in customer relationship development Using extensive theories, critically discuss the effectiveness of loyalty schemes in building customer loyalty in customer relationship programmes at Super U
Access control list : DNS Cache Poisoning attack, Turtle Shell Architecture,
Why might a best fit approach be more helpful : What are the severe limitations of the best practice approach What is meant by the best fit approach to the design and development of a human resource strategy Why might a best fit approach be more helpful
Define service recovery : Define service recovery Discuss the impact of the service recovery efforts on customer loyalty
Turtle shell architecture : Turtle Shell Architecture, zero-byte representation, Access Control List, DNS Cache Poisoning attack, 16-pass iterative and 9-pass recursive PHP function
Symmetric encryption algorithms : block cipher and a stream cipher, Caesar cipher, cryptanalytic attacks, mono alphabetic cipher and a poly alphabetic cipher, Mix Columns, Add Round key, PGP services, traffic padding, contrast link and end-to-end encryption
Discretionary and mandatory access control : Logic bombs, War dialing, Ping of death attack, steganography, RSA scheme, digital signature, A chain of certificates, A certificate revocation list, A trust anchor, asymmetric algorithm used by PGP, IPSec mode, IP virtual Private Networks
Network security : SLE, ARO, and ALE, behavioural biometric technology, Enterprise Information Security Policy, Issue Specific Security Policy, System Specific Security Policy, firewalls protect network, creating a DMZ during firewall implementation, use of SSL to se..
Digital forensic investigation : computer security incident, Trojan Defence, anti-forensics technique, chain of custody, FAT file system, SQLOracleHacks.txt, SQLOracleAttacks.txt, SQLInjection.html

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd