Free Samples
SIT716 Computer Networks And Security
.cms-body-content table{width:100%!important;} #subhidecontent{ position: relative;
overflow-x: auto;
width: 100%;}
SIT716 Computer Networks And Security
0 Download6 Pages / 1,494 Words
Course Code: SIT716
University: Deakin University
MyAssignmentHelp.com is not sponsored or endorsed by this college or university
Country: Australia
Questions:
Task 1
Unix treats file directories in the same fashion as files; that is, both is defined by the same type of data structure, call an inode. As with files, directories include a non-bit protection string. If care is not taken, this can create access control problems. For example, consider a file with protection mode 644 (rw-r-r) contained in a directory with protection mode 730 (rwx -wx). Write a small report how might the file be compromised in this case?
Task 2
There are several popular (consumer) cloud storage options, including Amazon Cloud Drive, Apple iDrive, Box, Dropbox, Google Drive, Microsoft One Drive, etc. Review the file transmission and storage security measures and concerns of any of the two in above options.
Task 3
Define Advanced Persistent Thread (APT) and explain the stages. How the use of APT in a Cyber War can inflict damage on Industrial Control Systems.
Answers:
Task 1
The directory permissions are critical. File permissions are immaterial. However, system commands such as rm allows the user to know whether he or she has write permission on the specific file. Members of the directory with protection mode 730 (rwxwx) can access the directory (execute) and modify it . However, they cannot list the directory (missing r). This means that a group member knows the name of the file. As such, the member can remove the file since removing a file requires write permission to the directory. It is worth noting that the file write permissions do not matter to the unlink system call which performs the file removal (Donald Bren School of Information and Computer Sciences, 2018).
Therefore, a member belonging to the group that owns the directory can remove the file provided the filename is known. Accordingly, they can read the file. Besides removing and reading the file, a group member can create a file with the very filename if the original file is missing in the said directory. Undoubtedly, having read privileges to a file based on file permissions is no compromised. Although a group member cannot modify the file contents, they can delete the file or create a new file with the same filename. The overall implication is that a user can modify the file with the directory protection mode 730. The only advantage is that the file owner will know the user that did the file deletion or creation.
Task 2
Google Drive
Google Drive is a service that enables storage of personal files on the “cloud”. The files are stored in a central server allowing ubiquitous access from several devices across the globe. In addition, the service offers different levels of backup protection in situations of data, account, or device loss.
File transmission from a person’s device is encrypted using TLS standards, the very standards used to secure browser connections. The files are then uploaded to Google servers. Before reaching Google, the files are decrypted and re-encrypted using 128-bit AES, a process that happens on the fly. The 128-bit AES encryption protects files against leakages during the storing process. In addition to file encryption, the AES encryption keys are encrypted using rotating set of master keys. This acts as an additional security layer onto the files stored on Google’s hard drives. During data retrieval by a Google Drive user, the process is reversed and files served to the authenticated and authorized user device (Google Cloud, 2018).
Besides the standard TLS and 128-bit AES encryption measures, Google provides other security measures to Google Drive user files. These include two-factor authentication, metadata encryption, and data encryption on transmission, especially when moving between Google servers (Google Privacy, 2018). The two-factor authentication is an ideal feature that protects user files in case s where the account login credentials are stolen. Besides the login email address and password, an additional security layer prompting for additional confirmation such as phone number or email address is requested for authenticity of the user. Metadata encryption protects additional information describing or defining your files. This information is encrypted as well before storage. Further, as Bobby (2016) (Bobby, 2016) explained, file transfer within Google’s internal networks (i.e. data centers) is encrypted to protect against hacking or spying.
Dropbox
Dropbox provides file storage services for files. The files are synchronized across multiple devices. Dropbox places a copy of the file on every device, which is updated synchronously in case of changes. A central server manages all files. When a user uploads a file, it is stored on the central server before a copy is send to all other devices.
The Dropbox client installed on the user’s device provides a secure connection between the server and the user device. The program encrypts the data using standard SSL/TLS with 128-bit AES encryption for transmission over the Internet. Once the data reaches the Dropbox server, it is decrypted. Therefore, the previous encryption protects the data on transit against eavesdropping. Before storage, the data is re-encrypted for storage using 128-bit AES. This protects the stored data against hacking. After storage, the data is copied onto user’s devices using SSL/TLS encryption to protect it over Internet. Upon reaching the user devices, the data is then decrypted for local storage (Bobby, 2013).
Inspite of the encryption maneuvers above, there are security issues that arise regarding Dropbox’s security measures. Dropbox is able to manually decrypt and access the data residing on their servers. This can be risky. For instance, a rogue Dropbox employee can maliciously access your data and a database breach may result in hackers accessing your encryption keys. Because Dropbox can manually decrypt and access your data, it can be disclosed to third parties for marketing reasons, against the user’s consent.
Task 3
What is an Advanced Persistent Thread (APT)?
An Advanced Persistent Thread is an elaborate, prolonged, and targeted multi-step cyber-attack aimed at infiltrating a specific network (Avira, n.d). APTs are designed in a way to evade detection. Usually, they involve a malware intruding a network to exploit vulnerabilities. Once intruders gain network access, they monitor the network traffic and siphon off desired information such as financial assets, computer source codes, or intellectual property. The intention is to steal information rather than cause harm to the corporate network (Rouse, 2018). Usually, APT attackers target institutions with high-value data.
How an APT works
Usually, APT attackers follow a sequential approach to execute APTs and gain ongoing access to a target network that has four phases: incursion, discovery, capture, and exfiltration (Symantec, 2011).
Incursion
Gain access: APT intruders gain access to a target network through the Internet. The access can be gained by spear phishing emails or exploiting an application vulnerability with the sole intention of gaining access using malicious software.
Discovery
Establish a foothold: upon gaining access, the attackers perform a reconnaissance of the network and begin exploiting the malware that they have installed on the target system to create tunnels and backdoors for their mobility. Advanced malware techniques including code rewriting can be used to cover their footprints in the victim network.
Greater access privileges: Once inside the victim network, APT attackers can leverage password cracking to gain administrative rights. Using administrative privileges, attackers can control a significant portion of the system to help gain greater depth access.
Lateral movement: Upon gaining administrative rights, attackers can move around the enterprise network freely. Besides, they can use this deeper access to access more secure areas of the network such as servers.
Capture
Stage the attack: The APT attackers centralize, encrypt, and compress target data for exfiltration.
Exfiltration
Take data: the APT attackers harvest the desired data and transfer it to their own system.
Maintain access: the attackers can repeatedly access the victim network until they are detected. In some situations, they can create backdoors for subsequent access to the enterprise network.
Impact of APT on Industrial Control Systems
Majority of APTs search commodity assets including storage or confidential information for malicious use. For instance, APT attackers can launch an attack to gain access to storage capacity to store illegal materials on the victim’s servers. If such information is leaked, it can cause legal concerns between the victim firm and the rightful owner of the information from which it was initially stolen. In some situations, APT attackers can target an enterprise network to analyze its processing power so as they can send spam to disrupt the normal operation of the system. The spam congests the network rendering it extremely slow for business operations. This may adversely affect organizational processes and hence efficiency of the system. Further, an APT attack can be targeted at stealing credentials to access more secure areas of the victim’s system. With administrative rights, the attacker can cause physical damages to the enterprise including broadcasting inappropriate information on their victim network. This in turn affects the company’s reputation and brand image (Symantec, 2011).
Bibliography
Avira, n.d. Advanced persistent threat. [Online] Available at: https://www.avira.com/en/security-term/t/advanced-persistent-threat/id/2[Accessed 22 September 2018].
Bobby, 2013. Is Dropbox Safe to Use? How Dropbox Works to Secure Your Files Online. [Online] Available at: https://tiptopsecurity.com/is-dropbox-safe-to-use-how-dropbox-works-to-secure-your-files-online/[Accessed 22 September 2018].
Bobby, 2016. Is Google Drive Safe to Use? How Google Secures Your Files Online. [Online] Available at: https://tiptopsecurity.com/is-google-drive-safe-to-use/[Accessed 22 September 2018].
Donald Bren School of Information and Computer Sciences, 2018. Understanding and Setting UNIX File Permissions. [Online] Available at: https://www.ics.uci.edu/computing/linux/file-security.php[Accessed 23 September 2018].
Google Cloud, 2018. Security and Privacy Considerations. [Online] Available at: https://cloud.google.com/storage/docs/gsutil/addlhelp/SecurityandPrivacyConsiderations[Accessed 22 September 2018].
Google Privacy, 2018. Your security comes first in everything we do. [Online] Available at: https://privacy.google.com/safer-internet.html[Accessed 22 September 2018].
Rouse, M., 2018. advanced persistent threat (APT). [Online] Available at: https://searchsecurity.techtarget.com/definition/advanced-persistent-threat-APT[Accessed 22 September 2018].
Symantec, 2011. Advanced Persistent Threats: A Symantec Perspective, Mountain View, CA: Symantec Corporation.
Free Membership to World’s Largest Sample Bank
To View this & another 50000+ free samples. Please put
your valid email id.
Yes, alert me for offers and important updates
Submit
Download Sample Now
Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.
UploadUnique Document
DocumentUnder Evaluation
Get Moneyinto Your Wallet
Total 6 pages
PAY 4 USD TO DOWNLOAD
*The content must not be available online or in our existing Database to qualify as
unique.
Cite This Work
To export a reference to this article please select a referencing stye below:
APA
MLA
Harvard
OSCOLA
Vancouver
My Assignment Help. (2020). Computer Networks And Security. Retrieved from https://myassignmenthelp.com/free-samples/sit716-computer-networks-and-security/provides-file-storage-services.html.
“Computer Networks And Security.” My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/sit716-computer-networks-and-security/provides-file-storage-services.html.
My Assignment Help (2020) Computer Networks And Security [Online]. Available from: https://myassignmenthelp.com/free-samples/sit716-computer-networks-and-security/provides-file-storage-services.html[Accessed 18 December 2021].
My Assignment Help. ‘Computer Networks And Security’ (My Assignment Help, 2020)
My Assignment Help. Computer Networks And Security [Internet]. My Assignment Help. 2020 [cited 18 December 2021]. Available from: https://myassignmenthelp.com/free-samples/sit716-computer-networks-and-security/provides-file-storage-services.html.
×
.close{position: absolute;right: 5px;z-index: 999;opacity: 1;color: #ff8b00;}
×
Thank you for your interest
The respective sample has been mail to your register email id
×
CONGRATS!
$20 Credited
successfully in your wallet.
* $5 to be used on order value more than $50. Valid for
only 1
month.
Account created successfully!
We have sent login details on your registered email.
User:
Password:
MyAssignmenthelp.com is one of the noted service providers that deliver essay help. We provide tailored essay assistance to make sure that student gets online essay help exactly in the way they want it to be written. We at MyAssigemnthelp.com have built teams of consultants, who readily attend every query related to help me writing my essay. We provide essay writing help in forms of tips and steps in order o assist students with tough essay assignments.
Latest Management Samples
div#loaddata .card img {max-width: 100%;
}
MPM755 Building Success In Commerce
Download :
0 | Pages :
9
Course Code: MPM755
University: Deakin University
MyAssignmentHelp.com is not sponsored or endorsed by this college or university
Country: Australia
Answers:
Introduction
The process of developing a successful business entity requires a multidimensional analysis of several factors that relate to the internal and external environment in commerce. The areas covered in this current unit are essential in transforming the business perspective regarding the key commerce factors such as ethics, technology, culture, entrepreneurship, leadership, culture, and globalization (Nzelibe, 1996; Barza, 2…
Read
More
SNM660 Evidence Based Practice
Download :
0 | Pages :
8
Course Code: SNM660
University: The University Of Sheffield
MyAssignmentHelp.com is not sponsored or endorsed by this college or university
Country: United Kingdom
Answers:
Critical reflection on the objective, design, methodology and outcome of the research undertaken Assessment-I
Smoking and tobacco addiction is one of the few among the most basic general restorative issues, particularly to developed nations such as the UK. It has been represented that among all risk segments smoking is the fourth driving purpose behind infections and other several ailments like asthma, breathing and problems in the l…
Read
More
Tags:
Australia Maidstone Management Business management with marketing University of New South Wales Masters in Business Administration
BSBHRM513 Manage Workforce Planning
Download :
0 | Pages :
20
Course Code: BSBHRM513
University: Tafe NSW
MyAssignmentHelp.com is not sponsored or endorsed by this college or university
Country: Australia
Answer:
Task 1
1.0 Data on staff turnover and demographics
That includes the staffing information of JKL industries for the fiscal year of 2014-15, it can be said that the company is having problems related to employee turnover. For the role of Senior Manager in Sydney, the organization needs 4 managers; however, one manager is exiting. It will make one empty position which might hurt the decision making process. On the other hand, In Brisba…
Read
More
MKT2031 Issues In Small Business And Entrepreneurship
Download :
0 | Pages :
5
Course Code: MKT2031
University: University Of Northampton
MyAssignmentHelp.com is not sponsored or endorsed by this college or university
Country: United Kingdom
Answer:
Entrepreneurial ventures
Entrepreneurship is the capacity and willingness to develop, manage, and put in order operations of any business venture with an intention to make profits despite the risks that may be involved in such venture. Small and large businesses have a vital role to play in the overall performance of the economy. It is, therefore, necessary to consider the difference between entrepreneurial ventures, individual, and c…
Read
More
Tags:
Turkey Istanbul Management University of Employee Masters in Business Administration
MN506 System Management
Download :
0 | Pages :
7
Course Code: MN506
University: Melbourne Institute Of Technology
MyAssignmentHelp.com is not sponsored or endorsed by this college or university
Country: Australia
Answer:
Introduction
An operating system (OS) is defined as a system software that is installed in the systems for the management of the hardware along with the other software resources. Every computer system and mobile device requires an operating system for functioning and execution of operations. There is a great use of mobile devices such as tablets and Smartphones that has increased. One of the widely used and implemented operating syste…
Read
More
Tags:
Australia Cheltenham Computer Science Litigation and Dispute Management University of New South Wales Information Technology
Next