COMP1427: Websites are vulnerable to attacks from a number of different sources including denial-of-service, SQL injection: Cyber Security Course Work, UOG, UK

University University of Greenwich (UOG)
Subject COMP1427: Cyber Security
  • Websites are vulnerable to attacks from a number of different sources including denial-of-service, SQL injection, and tampering of the website code. [Based on articles from ITNow BCS publication 2020]
  1. Compare and contrast the security weaknesses of the two main types of programming that are associated with websites that enable remote users to request dynamic content and services over the Internet. Use a diagram to illustrate your answer.
  2. Discuss the potential effects that distributed denial of service attacks could have on a web server of an e-commerce website. (10 marks)
  3. One way of ensuring the integrity of the programming code of a website and that it has not been tampered with is by hashing the code and periodically checking that the hash remains the same. Show how a 4-bit hash may be prepared on a code sample of Hex AB using the seed of Hex 6 and using the algorithms used in the lectures. Show all your work and give your hash in Hex.
  4. Password hashes, because passwords are much shorter, can be cracked by Rainbow Tables. Explain what Rainbow Tables are and how used.

Do You Need Assignment of This Question

  • Organizations are often at risk from insiders such as employees and contractors who are part of the organization’s defense perimeter. Many approaches such as utilizing firewalls and intrusion detection systems and usage of security policies are used to control the activity of such insiders especially now that BYOD (Bring Your Own Device) is common. [Based on articles on IEEE website 2021]
  1. Firewalls are usually deployed to protect the perimeter boundary of the organization, with threats perceived as coming from the outside. Discuss a strategy to secure the internal networks and devices, giving a clear and reasoned argument as to why this is essential for the security of the organization. Include in your argument an intrusion detection system, which is deemed essential to the organization. Clearly identify the function of the intrusion detection system within your strategy. Use a diagram to further support your strategy. (15 marks)
  2. Your organization is considering introducing a Bring Your Own Device (BYOD) policy. Critically evaluate the effect of the BYOD policy. Include in your answer your opinion as to whether you agree or disagree with this policy, clearly stating your reasons. (10 marks)
  3. A ‘BYOD security policy’ often insists that employees encrypt all company files at all times (except when working on them). Show how this encryption might work using binary symmetric encryption with a sample plaintext of Hex A6: B7:C3 and a key of Hex E3 and using the algorithm demonstrated in lectures. Show all your work and give your answer in Hex notation.
  4. One of the issues likely addressed in the above BYOD security policy of 2(c) is how to keep the encryption key itself secret. Suggest FOUR ways that might be suggested in the BYOD security policy.
  • “Internet of Things (IoT) is the network of physical objects or “things” embedded with electronics, sensors, and network connectivity, which enables these objects to collect and exchange data. IoT allows objects to be sensed and controlled remotely across existing network infrastructure, creating opportunities for more direct integration between the physical world and computer-based systems. However, man-in-the-middle attacks, replay attacks, tampering attacks, and denial of service attacks still occur.” [Based on articles on the ISACA website 2021]
  1. The Internet of Things (IoT) enables ordinary users to be able to connect household devices to the Internet. Discuss how you think man-in-the-middle attacks, replay attacks, impersonation attacks, and tampering attacks will impact the security of communication between IoT devices.
  2. Propose secure and resilient solutions that are capable of mitigating any three of the attacks presented in “3a” above.
  3. Explain how a ‘man-in-the-middle’ attack might achieve impersonation when Sue sends a plaintext message to Joe asking for his public key so she can send encrypted communications to him.
  4. One of the ways of preventing a ‘man-in-the-middle’ attack is to use a digital certificate. Explain what is a digital certificate and how it might have helped in the scenario above in 3c if Sue had asked for one from Joe.

Buy Answer of This Assessment & Raise Your Grades

Explore top-notch online assignment writers at Diploma Assignment Help UK! Secure your academic journey at the University of Greenwich (UOG) with our impeccable “Do My Assignment” service. Our dedicated writers ensure comprehensive coverage of COMP1427 while prioritizing cyber security nuances. Elevate your performance and understanding with our tailored solutions. Trust us for originality, timely delivery, and confidential support. Excelling in cyber security has never been this accessible!

Answer

Do You Need Assignment of This Question