|
Information |
Value |
Packet |
|
MAC address of the client |
08:00:27:d5:21:a6 |
1 |
|
IP address of the Server |
192.168.2.21 |
1 |
|
Flags for 1st TCP segment containing data |
0x002 |
1 |
|
Length of data for 2nd TCP segment containing data |
40bytes |
2 |
|
Absolute sequence number of the 1st TCP |
134197502 |
1 |
2.1. Explanation of SQL Injection Attacks –
In this type of attacks malicious SQL codes are used by the attacker and for manipulating the database for the own benefit. The SQL attacks includes the successful access of the unauthorized views of the list of users, deletion or modification of tables and gaining the administrative rights on the database. SQL statements are used for the modification of the database for example:
“SELECT ItemName, ItemDescription
FROM Items
WHERE ItemNumber = 999 OR 1=1”
2.2. The two general approaches that can be used for the avoidance of the SQL injection attacks are given below:
2.3. The main weakness identified in the MyUni website that allowed the SQL injection attack to become successful is that the loophole that is exploited by the unauthorized users for gaining unlimited access and lack of verification of the query at the server end.
2.4. For attacking the MyUni website the attacker have to login with the student ID present in the table and use the hash code such that it seems that the user have previously logged into the system. Thus the access of the resources of the server are maintained and the user can login into the system.
2.5. The attacker could get the details of the course and the grade table and modify it according to their needs for performing the SQL injection attacks.
2.6. The website developer could implement a verification process at the server end such that each of the SQL query passes through the verification process for mitigation of the risk of SQL injection attack. The privilege for the normal user accounts should be restricted and they must be blocked to do modification on the database of the website.
The code and the steps that should be used for the mitigation of the risk of SQL injection attacks are given below:
“string userName = ctx.getAuthenticatedUserName();
string query = “SELECT * FROM items WHERE owner = “‘”
+ userName + “‘ AND itemname = ‘”
+ ItemName.Text + “‘”;
sda = new SqlDataAdapter(query, conn);
DataTable dt = new DataTable();
sda.Fill(dt);
SELECT * FROM items
WHERE owner =
AND itemname = ;
SELECT * FROM items
WHERE owner = ‘wiley’
AND itemname = ‘name’ OR ‘a’=’a’;
SELECT * FROM items;”
3.1. Description of the working of the Symmetric key encryption –
The symmetric key encryption system works by sharing a single key for the encryption and decryption of a message. It is faster and simple but the main problem arises for remote communication because the key needs to shred securely between the users. It works on files and disk by encrypting the contents with a key and generate a hash value. The key is required for the decryption of the files and access it.
3.2. In the full disk encryption the data residing in the hard disk is encrypted with a key and it provides no protection against the authorized users such as the administrators and it is used for encrypting the data base of the datacenters.
The file based encryption technique is applied for encrypting different files with different keys and it provides control of the access of data depending on the roles. The users can be divided into different levels for providing them authorization to access different files. It is ideally suited for all environment and it is more secure than the full disk encryption technique.
3.3. Backing up the file server using the cloud storage is an ideal option for the organization because there are different cloud services and security options provided by the cloud vendors. The security should be chosen wisely for securing the organizational data from illegal access. There are different threats acting during moving the files to the backup server and it should be taken for securing the backup. During the transmission of the data to the cloud server precaution against sniffing, electronic theft and physical theft should be considered. Moreover moving the data in the cloud server increases its scalability and makes it available to the users from remote location. The data moved to the cloud platform can be encrypted for resolving the issues of unauthorized access.
4.1. The main motivation and the goals of the malicious users is to take the partial or full control of the targeted host. As an example off the malicious attack the change of the author name of a word document may be a cause of the malicious software. More over adware and spyware can be used by an attacker to monitor the activity of the user. The software developer can be affected by the malicious users by changing the codes of a program or deleting or embed codes in the application developed to spread the virus.
4.2. Two example of malware that is distributed by the reputable sources are the browser plugin of the adobe flash player and the adobe reader. This is because sometimes the installation of the new version of the plugin does not removes the older version and it can be used by the malicious used to cause buffer overrun and not allowing the new data to be accommodated.
4.3. The file hash, digests and the digital signature plays a significant role for securely download a file from the web. The hash is appended with the message and sent to the receiver such the receiver can find the alternation (if any) by comparing the hash value. In case of the man in the middle attack the hash value can be altered and regenerated such that the user cannot find the difference between the altered messages. The verification of the file is done using the message digest and the digital signature is applied for checking the authenticity and the integrity of the file or the message sent over the network.
The file hash and message digest technique is vulnerable to the man in the middle attack because the well-known hash algorithm such as MD3 and SHA1 are used and the man in the middle can easily alter and regenerate the message for disguising the users. Moreover there are limitation to digital certificate this is because of their compatibility and sharing of the digital certificate is a complex task.
4.4. For the distribution of the software the software developers are provided the following recommendations such as:
The source code must be compiled to form a single executable file that can be downloaded form the internet.
Different software distribution tools can be used such as LANDesk management suite for the windows, OS X and Linux software distribution.
4.5. For downloading the software the following recommendations are made such as:
References
Acemoglu, D., Malekian, A. and Ozdaglar, A., 2016. Network security and contagion. Journal of Economic Theory, 166, pp.536-585.
Anwar, R.W., Bakhtiari, M., Zainal, A., Abdullah, A.H. and Qureshi, K.N., 2014. Security issues and attacks in wireless sensor network. World Applied Sciences Journal, 30(10), pp.1224-1227.
Jang, H., Jeong, J., Kim, H. and Park, J.S., 2015, March. A survey on interfaces to network security functions in network virtualization. In Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on (pp. 160-163). IEEE.
JOSEPH. PHILLIPS, P.M.P., CBAP, I. and PMP, C., 2018. PMP PROJECT MANAGEMENT PROFESSIONAL STUDY GUIDE. McGraw-Hill Education.
Joshi, M.R. and Karkade, R.A., 2015. Network security with cryptography. International Journal of Computer Science and Mobile Computing” IJCSMCVol, 4, pp.201-204.
Kizza, J.M., 2017. Guide to computer network security. Springer.
Loo, J., Mauri, J.L. and Ortiz, J.H. eds., 2016. Mobile ad hoc networks: current status and future trends. CRC Press.
Moon, C.S. and Kim, S.H., 2014. A study on the integrated security system based real-time network packet deep inspection. International Journal of Security and Its Applications, 8(1), pp.113-122.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.
Pawar, M.V. and Anuradha, J., 2015. Network security and types of attacks in network. Procedia Computer Science, 48, pp.503-506.
Perlman, R., Kaufman, C. and Speciner, M., 2016. Network security: private communication in a public world. Pearson Education India.
Yan, F., Jian-Wen, Y. and Lin, C., 2015, June. Computer Network Security and Technology Research. In Measuring Technology and Mechatronics Automation (ICMTMA), 2015 Seventh International Conference on (pp. 293-296). IEEE.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download