Apple app store software distribution sites
•Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words.
Wherever you need student id use ID = 12052313
COIT20262 Assignment 1<press ENTER>
My ID is <type in your actual student ID><press ENTER>
<Ctrl-D>
You need to perform steps 3-5 in the correct sequence, switching from client to server to client.
(b)Draw a message sequence diagram that illustrates all the TCP packets generated by using netcat (do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH). A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down). Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between
computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in workshops. Note that you do not need to show the packet times, and the diagram does not have to be to scale. [3 marks]
|
||
|
||
However you must follow these specific steps when performing the attack:
1.Before performing the attack, add two new student users to the database with the following details:
a.New student 1: username is your ID, password is your ID
b. New student 2: username is 12039999, password is hacker
2. For both of the new students add the following courses and grades:
a.New student 1: coit20262, C
b.New student 1: coit20264, D
c.New student 2: coit20262, HD
d.New student 2: coit20264, F
3.Perform the SQL injection attack as new student 2, i.e. logged in as 12039999 4.Take a screenshot of the attacker web browser showing the web form the attacker uses to perform the attack. Make sure the screenshot clearly shows the fields/data entered by the attacker. Save the screenshot as screenshot-attack.png.
For this specific attack on
(c)Explain the limitation/weakness in the MyUni website that allowed the SQL injection attack to be successful. In your explanation refer to the file(s) and line(s) of code and give samples of the code in your answer.
(h)Explain what the website developer could do to prevent this SQL injection attack. In your explanation, give exact code and steps the developer should use.
Question 3. Cryptography Concepts
(b)With respect to the file server, explain to the company what full-disk encryption and file-based encryption is, and explain the trade-offs between the two approaches. Include recommended technologies.
The company is considering backing up the file server to a cloud storage provider.
Question 4. Trojan Downloads Research
Many people download free or paid software from reputable sources for use on their computers and mobile devices. The sources include: app stores (Google Play, Apple App Store); software distribution sites (e.g. SourceForge, GitHub, CNET Download) and individual websites of software developers. However, there have been cases when reputable sources hosting popular software have been compromised, resulting in people downloading infected software (e.g. Trojans). For example, see stories about HandBrake video converter, Transmission BitTorrent, and Google taking down potentially harmful apps from the Play Store. Your task is to study how such reputable software sources can host malicious software, and what measures software developers and hosting sites can take to reduce infection.
(c)What role can file hashes, digests or signatures play in securing downloads? What are the limitations of these techniques?
(d)List and explain recommendations should be given to software developers in distributing software.