Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Advanced E-Security: Defences against Injection Attacks, DLP Products, HTTPS, Cloud Services, and Cybersecurity Approaches

Verified

Added on 2023/06/07

AI Summary

This article discusses defences against SQL injection attacks, XML injection attacks, and XSS, as well as DLP products, HTTPS, cloud services, and cybersecurity approaches. It includes a comparison of AWS and Azure, and an interview with an IT professional.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: ADVANCED E SECURITY
Advanced E-Security
Assignment 1
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1ADVANCED E SECURITY
1a: What are the defences to protect against SQL injection attacks, XML injection attacks,
and XSS?
The method of preventing an XML injection attack is to use static SQL, prepared
statements, parameterized queries while writing the source codes of the program. The
functionalities of the database which are not needed in a program should be removed in order to
reduce the attack surface (Som, Sinha, & Kataria, 2016). The existing module of the SQL
statements should be continuously monitored as it helps in the identification of the
vulnerabilities.
The process of prevention of an XML injection attack is to monitor all the user input
before the query reaches the database and work accordingly (Jan, Nguyen, & Briand, 2016). The
reduction of the single and double quotes used in the user input helps to prevent the XML
injection attack; the syntax should be used only from the XML library. The use of a firewall also
provides some sort of security against the external attacks.
The method of preventing an XSS injection attack is to have a secure sanitization of
every user input (Alwan & Younis, 2017). The users of the systems should be aware of all the
inputs which the website accepts as incoming data.
1b: How difficult are they to implement?
There are lots of difficulties to implement the preventive measures regarding the different
kinds of injections attacks such as the confidentiality of the data might get distorted. Many useful
advanced systems may not be working properly due to the recent patches of the firewalls. The

2ADVANCED E SECURITY
unlogged injection control codes reduce the performance of the system so it is difficult to
incorporate them into any program.
1c: Why are these defences not used extensively?
The preventive ways of the injection attacks are not extensively used because it is
generally not possible to optimise all the sources in a particular program. The use of
parametrised queries limits the efficiency of the programs. The updated versions of the firewall
sometimes restrict the application in different kinds of ways so they are not always widely used.
The SQL statements cannot be regularly managed on a regular basis. The user inputs are also
very difficult to implement in some cases where thousands of inputs are accepted by the system
in a fraction of a second.
2a: Use the Internet to identify three DLP products.
The three most commonly used DLP products are PCI, HIPAA and HITECH.
2b: Make a list of their features, architecture, strengths, weaknesses, and so on.
The features of the different types of data loss prevention tools are as followings:
PCI: Payment Card Industry is a type of data loss prevention tool which are used during
the online transactions of an enterprise or individual (Chorney, 2016). The prime benefit of using
this is ensuring complete security during any online transactions. The prime limitations of PCI
are the cost involved in its data prevention techniques.
HIPAA: The prime advantage of using Healthcare Information Portability and
Accountability Act is its ability to lock the files used by the patients with the help of the web

3ADVANCED E SECURITY
console (Martínez-Pérez, Torre-Díez, & López-Coronado, 2014). The encrypted locked files can
only be accessed with a user defined login credential; this feature enhances the security of the
programs which incorporates this data loss prevention technique. It is used in healthcare industry
to provide security to the families of the patient. The disadvantage of this tools is that for
implementation of this tool every organisation needs experienced trainers which are not easily
available as they are always engaged in other training departments of an organisation. The
privacy rules of HIPPA are very difficult to understand as it has the capability to post any data
without the consent of the involved stakeholders. The billing and legal issues are also ab added
disadvantage for this tool as it shares information with many external stakeholders.
HITECH: The Health Information Technology for Economic and Clinical Health Act is
a type of data loss prevention tool which enforces the internal policies of the organisation who
are incorporating this tool into their systems. The main strength of this tool is to identify all the
possible risks such as the unauthorised access in a private network (Latasha Blake). Protection of
the sensitive data in a health information industry is the most important advantage regarding this
tool. The cost of adoption, implementation and maintenance of this data loss prevention tools is a
significant issue regarding this tool. Another disadvantage of this tool is its disruption in work
flow for the medical stuffs which results in temporary loss along with that the privacy of patient
is also compromised by using this tools.
2c: Then determine if each of these products could be used by an attacker to identify
vulnerabilities in an organization’s data protection. Create a table comparing the products
and write an analysis of your research.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4ADVANCED E SECURITY
The data loss preventions tools sometimes help the attackers to identify the vulnerabilities
in an organization because of the lack of data inventory and inefficient audit process. Some
organization do not know about the location of their data and its authorization. The attackers get
aware of the security regulations of an organization by evaluating the different data loss
prevention tools (Katharina Krombholz, Heidelinde Hobel, Markus Huber, Edgar Weippl, 2015).
Inefficient working of the organization after incorporation of these tools also provides a big
opportunity for the attackers to challenge the integrity of the data.
Feature PCI HIPAA HITECH
Full Form Payment Card
Industry
Healthcare
Information
Portability and
Accountability Act
The Health
Information
Technology For
Economic and
Clinical Health Act
Application Associated with
business working
with financial
transactions
Associated with
health insurance
coverage.
Associated with
health information
industry.
Help in providing
security to all the
online transactions
Help to combat fraud
and abuse in
healthcare industry
Help to reduce
healthcare disparities
by engaging patients
and their family
members. Also helps

5ADVANCED E SECURITY
in providing privacy
and security to the
patient.
Table 1: Created by the author
Comparison of three types of DLP
Analysis: From the above table it can be understood that these three products are extensively
used in different organization for the accomplishment of the common purpose which is to
provide privacy and security to the people associated with those organization.
3a: What are the advantages of HTTPS?
The prime advantage of using https is its improved security and updated browser labels.
HTTPS is the modified version of HTTP used for allowing the exchange of content on the
internet. The online transactions are much more secured in an https protocol (Durumeric, et al.).
Maintaining the data integrity is the other type of advantage regarding the use of https.
3b: What are its disadvantages?
The foremost disadvantage of using https is its utilisation in lots of servers. It requires
more processing power and memory as compared with the HTTP. Latency is an issue in the https
as the SSL connections are very much time consuming. HTTPS has other issues such as browser
caching which reduces the speed of the modern websites. The other types of disadvantage
regarding https is that is required to buy SSL certificates to enhance its trustworthiness.

6ADVANCED E SECURITY
3c: How is it different from HTTP?
The use of HTTPS provides more security as compared with the HTTP. HTTPS prevents
the cybercriminals from accessing critical information. HTTP utilizes port 80 by default and
HTTPS makes use of the port 443 by default. It is much safer to use the HTTPS while
performing vital tasks such as financial transactions (Naylor, et al., 2014). The other difference
between the two protocol is that HTTP do not scramble the data to be transmitted that is the main
reason behind the attackers getting access to the data where as in HTTPS data is scrambled
before transmission.
3d: How must the server be set up for HTTPS transactions?
The different steps of setting up of the server for https transactions are as follows:
 Hosting with the help of a dedicated IP address, this dedicated IP address is
essential by the SSL certificates.
 An authenticated certificate has to be bought, installed and activated into the
system.
 After the certificate is installed into the system the transactions are required to be
updated in order to start using the HTTPS service.
3e: How would it protect you using a public Wi-Fi connection at a local coffee shop?
The use of HTTPS in a public Wi-Fi is very much secured as compared with HTTP as
only a public key and encrypted messages are communicated during the setup of TLS. The data
is protected as it is authenticated by the principal secret and pseudo random numbers; when the
TLS handshake occurs it uses public private key encryption (McShane, Wilson, & Gregory,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7ADVANCED E SECURITY
2017). The transactions are secured as the encryption is designed in such a way so that it will not
be functional unless it is accessed by the private key, even the public keys are also signed by
authenticated root certificates.
3f: Should all Web traffic be required to use HTTPS? Why or why not? Fully argument
your answers.
The utilization of the secure socket layers to monitor and transfer data between two users
is one of the main reasons why HTTPS must be used in every Web Traffic. All the personal and
financial transactions can be done in a much-secured environment in HTTPS. HTTPS also
ensures the privacy, authenticity and security to all its users. Only the associated parties involved
in a transaction have the authority to access the data in case of HTTPS.
4a: Research AWS’s Virtual Private Cloud or another cloud vendor’s similar offering.
What are your impressions?
This section will be comparing the Amazon Web Services and Azure Services. The users
of the AWS can fully configure their own space according to their requirement, while the Azure
services use Virtual hard disk where clients can partially configure their space. The storage
provided by AWS is temporary it gets activated when an case is started and gets dissolved when
it is completed. Block blobs and files are used for storage purposes in Azure. Both the cloud
service provides specifications such as site recovery and they also support relational database
and NoSQL database (Serrano & Gallardo, 2015). Isolated network creation is one of the most
glorifying features of AWS which makes it unique from the other types of cloud services and is
one of the main reason behind its incorporation in different organisations.

8ADVANCED E SECURITY
4b: Would this be something that an organization should consider?
The advanced specification of AWS makes it suitable and compatible for use in different
types of organizations. The isolated networks of AWS help the user to route tables, create
subnets, private IP address ranges and network gateways, all these features are very important
for every organisation who uses cloud computing technology. The flexible pricing models are
very much helpful for the organisation to adopt this cloud service; the price of the bill depends
on their usage. The open source communities mostly use the service of the AWS which makes
way for different open source integrations such as Jenkins and GitHub. The AWS is always
compatible with different types of servers.
4c: What are its technical limitations? Write a two-page summary of your research.
Like every other cloud services, Amazon cloud services also have certain technical
limitations such as the hardware level challenges. Security issues are one of the major issues in
cloud computing. The other technical related with AWS is the low bandwidth. The application of
the remote servers is one of the other technical issues in AWS. The creation of the
incompatibility issues in AWS due to the virtualization of each of the modules is also one of the
main technical limitations in AWS.
5a: Interview a network administrator or an IT professional. Ask questions to find out how
cyber security is approached in his /her line of work
The foremost security questions that is asked to an IT professional regarding cyber
security in his organisation are:
Q: What is the security policy of your organisation?

9ADVANCED E SECURITY
A: The security policy of my organisation is very much easy to understand and implement,
the two main things which my company focus regarding the security policy are:
1. Read and understand the policies of all the stakeholders who are associated with the
business.
2. All the online transactions have to be done in an encrypted message.
Q: How cyber securities are dealt with in your company?
A: Every employee have their personal portals which are protected by their alphanumeric
passwords, the systems have advanced anti-virus software and updated firewalls. The security
objectives of the company are to provide equal security to each of the stake holders of the
corporations irrespective of their designations by maintaining the rules and regulations of the
company.
5b: Write a summary of the interview
With the increasing number of cybercrimes each day there is a need for adopting certain
policies by every organisation who deals with cloud computing. The security objectives of the
organisation are very necessary for the growth and development of the organisation as every
employee should be flexible and their roles should be defined by the organisation so that the
security of the organization is maintained. Based on the previous and latest trends the
organisation should be adopting effective resolution techniques so that it can cope with the cyber
challenges. The employees should be aware of all the security issues faced by the corporations so
that they can effectively contribute to maintaining security in the company.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10ADVANCED E SECURITY
5c: Using critical thinking and considering the knowledge gained from this subject, what
have you learned about e-security from this professional?
From the above interview, it can be concluded that every organisation should be
focussing on all the effective strategies by which the security of the organisation will be
maintained. The effective strategies adopted by the organisation should always be modified as
cybercriminals are also using the latest technologies and innovative process to harm the growth
and productivity of any organisation or individual.

11ADVANCED E SECURITY
Bibliography
Alwan, Z. S., & Younis, M. F. (2017). Detection and Prevention of SQL.
Chorney, R. (2016). Payment Card Industry Data.
Durumeric, Z., Ma, Z., Springall, D., Barnes, R., Sullivan, N., Bursztein, E., et al. (n.d.). The
Security Impact of HTTPS Interception.
Jan, S., Nguyen, C. D., & Briand, L. C. (2016, July 18). Automated and effective testing of web
services for XML injection attacks. Retrieved from ACM DIGITAL LIBRARY:
https://dl.acm.org/citation.cfm?id=2931042
Katharina Krombholz, Heidelinde Hobel, Markus Huber, Edgar Weippl. (2015). Advanced
Social Engineering Attacks. Journal of Information Security and applications,
113-122.
Keromytis, S. W. (2004). SQLrand: Preventing SQL Injection Attacks. Retrieved from Springer
link: https://link.springer.com/chapter/10.1007/978-3-540-24852-1_21
Latasha Blake, V. F. (n.d.). Developing Robust Data Management Strategies for Unprecedented
Challenges to Healthcare Information. North American Business Press.
Martínez-Pérez, B., Torre-Díez, I. d., & López-Coronado, M. (2014). Privacy and Security in
Mobile Health Apps: A Review and Recommendations.
McShane, I., Wilson, C., & Gregory, M. (2017). Practicing Safe Public Wi-Fi: Assessing and
Managing Data-Security Risks.

12ADVANCED E SECURITY
Naylor, D., Finamore, A., Leontiadis, I., Grunenberger, Y., Mellia, M., Munafò, M., et al.
(2014). The Cost of the "S" in HTTPS. Sydney.
Serrano, N., & Gallardo, G. (2015). Infrastructure as a Service and Cloud Technologies.
Som, S., Sinha, S., & Kataria, R. (2016). STUDY ON SQL INJECTION ATTACKS: MODE,.

1 out of 13

+13062052269

info@desklib.com

Advanced E-Security: Defences against Injection Attacks, DLP Products, HTTPS, Cloud Services, and Cybersecurity Approaches

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Desklib: Study Material Library with Solved Assignments & Essays

Advanced Network Security: Wireshark Analysis, Web Application Attacks, Cryptography Concepts, Trojan Download Research

ITNE2005 Assessment: Network Attacks and Security Audit Tools

Information Security Awareness Assignment PDF

Setting Up WebGoat and BackTrack VM

COIT20262 - Advanced Network Security