Attempt all the following tasks in the assignment. Marks will be awarded for producing a documented system that meets the requirements as specified below.
Task 1: Security vulnerabilities
You are an Information Security officer working for InfoIT Limited. You have been informed of some vulnerabilities in your company's web server. These can be seen in the following list:
a.Give a detailed explanation of how each vulnerability from the above list can be exploited and give recommendations on what should be done against each of them.
b.You have been told that one of your application has a "SQL injection" vulnerability. What tool/techniques can be used to detect and exploit "SQL injection"? Perform a SQL injection using an appropriate tool and demonstrate the steps with a brief explanation.
Task 2: Security tools/Techniques
You are an Information Security officer working on TechnoIT Limited. The managing director calls you one day; he looks concerned and says "The festivities will soon be upon us and we have a new range of products ready to market. For operational reasons, all product files need to be kept on the local server for use by our managers. However, I fear our competitors will hire hackers to access our servers and steal or corrupt our files." The managing director outlines the need for three different methods of protections and requires expert opinion on a relevant technology for each.
a.For each of the following instances, choose a technology that would best serve the required need, describe its operation and justify your choice. Each instance should describe a different technology.
b.For each of the three choices of technology discussed in (a) above, critically analyse how a hacker might attempt to counteract your protection.
Task 3: Social engineering and BCM
The 2018 information security breaches surveys reveal that in 2017, 13% of large companies found hackers have penetrated their corporate defences, compared with 1% in 2016. The report, based on responses from more than 1,000 large companies, shows hackers are "using social engineering attacks to lure staff in insecure behaviour. Insiders have always been the biggest threat, so it is now essentials that boards improve security awareness and practice among staffs”. (Computer Weekly, 2018).
Could Business Continuity Management (BCM) be a solution to deal above breach scenario?
a.Describe the two main methods employed by social engineers to 'lure staff into insecure behaviour'.
b.Give a detailed explanation of BCM and its functions (purpose and benefits).
c.What are the three types of backup sites that an organisation can use? Evaluate them with examples.
Task 4: Ethical hacking