A software solution to be used by a large organization (let us say 1000 users) can be provided by a physical network infrastructure and a private data center, or by cloud infrastructures and the Internet. Discuss the two cases and compare their effectiveness and efficiency. Introduce suitable metrics to support your points

Computer Networking: A Top-Down Approach (7th Edition)
7th Edition
ISBN:9780133594140
Author:James Kurose, Keith Ross
Publisher:James Kurose, Keith Ross
Chapter1: Computer Networks And The Internet
Section: Chapter Questions
Problem R1RQ: What is the difference between a host and an end system? List several different types of end...
icon
Related questions
Question

A software solution to be used by a large organization (let us say 1000 users) can be provided by a physical network infrastructure and a private data center, or by cloud infrastructures and the Internet. Discuss the two cases and compare their effectiveness and efficiency. Introduce suitable metrics to support your points.

 

ABC bank had their security systems checked and updated almost three years ago and believe it is now time to call in the experts to fish out any vulnerabilities and resolve them in a suitable way. The company hired to do these checks found the following security flaws: 

FLAW #1 - BROKEN AUTHENTICATION
An attacker can easily brute force user passwords by sending an unlimited amount of POST requests to /login. 

FLAW #2 - SENSITIVE DATA EXPOSURE
The bank's web application uses HTTP to send user credentials and passwords are stored in plain text. 

FLAW #3 - BROKEN ACCESS CONTROL
A cookie is set to the browser in order to remember the user which contains the unique ID. An attacker can easily obtain the user's ID from the transaction form and impersonate the victim

FLAW#4 - CROSS-SITE SCRIPTING (XSS)
When a user registers to the bank, he/she gets to choose a username. This username is shown on every user's homepage since there is a form which has all the usernames and they are unescaped. When the victim logs in to the home page, the script executes. 
FLAW#5 - INSUFFICIENT LOGGING AND MONITORING
When a user performs a transaction, there is no logging for it and so it's difficult to get a transaction history if an attack happened. In addition, if the system crashes, all logs would be lost. 

Explain why these flaws are considered to be huge threats for the bank and highlight the methods and/or techniques that can be used to fix the security issues. 

 

 

 

Expert Solution
steps

Step by step

Solved in 2 steps

Blurred answer
Recommended textbooks for you
Computer Networking: A Top-Down Approach (7th Edi…
Computer Networking: A Top-Down Approach (7th Edi…
Computer Engineering
ISBN:
9780133594140
Author:
James Kurose, Keith Ross
Publisher:
PEARSON
Computer Organization and Design MIPS Edition, Fi…
Computer Organization and Design MIPS Edition, Fi…
Computer Engineering
ISBN:
9780124077263
Author:
David A. Patterson, John L. Hennessy
Publisher:
Elsevier Science
Network+ Guide to Networks (MindTap Course List)
Network+ Guide to Networks (MindTap Course List)
Computer Engineering
ISBN:
9781337569330
Author:
Jill West, Tamara Dean, Jean Andrews
Publisher:
Cengage Learning
Concepts of Database Management
Concepts of Database Management
Computer Engineering
ISBN:
9781337093422
Author:
Joy L. Starks, Philip J. Pratt, Mary Z. Last
Publisher:
Cengage Learning
Prelude to Programming
Prelude to Programming
Computer Engineering
ISBN:
9780133750423
Author:
VENIT, Stewart
Publisher:
Pearson Education
Sc Business Data Communications and Networking, T…
Sc Business Data Communications and Networking, T…
Computer Engineering
ISBN:
9781119368830
Author:
FITZGERALD
Publisher:
WILEY