(Telecommunications and network security) Problem 1 Part A - Discuss why it is s
ID: 3729577 • Letter: #
Question
(Telecommunications and network security)
Problem 1
Part A - Discuss why it is so important for all application builders to always check data received from unknown sources, such as Web applications, before using that data.
Part B - Why should Web site operators that allow users to add content, for example forums or blogs, carefully and consistently patch and configure their systems?
Part C - Discuss the pros and cons of an organization regularly engaging in penetration testing.
Part D - What are the motivations of the ethical hacker?
Problem 2
I will be posting these as a separate question as per chegg's policies.
Explanation / Answer
Part A:
Answer:
it is so important for all application builders to always check data received from unknown sources, such as Web applications, before using that data because
The two most common risks in the Web environment, injection-namely SQL injection, which lets attackers alter SQL queries sent to a database-and cross-site scripting (XSS), are also two of the most dangerous (Category:OWASP_Top_Ten_Project). Injection attacks take advantage of improperly coded applications to insert and execute attacker-specified commands, enabling access to critical data and resources. XSS vulnerabilities exist when an application sends user-supplied data to a Web browser without first validating or encoding that content.
Part C:
Answer:
A penetration test or pen test for short is the term for simulating an attack. Pen tests are done formany reasons. When a company needs to make sure their security is working correctly, they hirewhite hackers to try and simulate an attack, this allows them to Fnd vulnerabilities and reportthem to the company that hired them. Companies can also do this to test their products they wantto ship. An effective test with also provide the system owner with a risk assessment to showwhere the damage was done and how it could impact the business.There are some things to remember in concerning white hackers. There are no credentials forwhat they do and there is no measurement for how well they will accomplish the job. The way tosee how well they did is based on the past successes and failures. tinding a good ethical hackerfalls on the owner of the system. It would be highly recommended to have the ethical hackerprovide a list of clients that would be willing to vouch for their ability
Pros
Cons
Part D:
1. Curiosity
Small time tech-savvy people may want to begin hacking to understand how a device or network operates. With this curiosity, individuals may hack everyday mundane objects simply because they can. They may be able to gain access into a small item such as a digital photo frame, and alter the photos within it. Attacks like this allow amateur hackers to enhance their skills and try out new techniques. By testing out new hacking methods, small time hackers can use these for bigger, more serious targets.
2. Bragging
Amateur hackers may commit cyberattacks for bragging rights. A 17-year-old who hacked TalkTalk in 2015 claimed he only committed the crime to boast to his friends. By using hacking tool software, he identified vulnerabilities on TalkTalk’s website, and managed to access over 150,000 customers’ personal data including bank account numbers and sort codes.
3. Ethical Hacking / Moral Compass
Now, more than ever businesses are actively seeking cyber-security professionals to keep up with the growing number of evolving threats in the IoT. Yet, despite the rise in security breaches most companies lack the security needed to keep networks safe.
Ethical hackers, or ‘White hat’ hackers are trained to discover system weaknesses by exposing vulnerabilities and faults. These types of hackers may aim to help companies protect themselves rather than being motivated by a monetary reward.
4. Financial Gain
The potential for rewards means hackers are willing to devote more time and resources to creating and implementing ever more complex and well planned attacks.
Hackers have access to increasingly sophisticated software and an array of cyber weapons to help them potentially reap financial benefits. The cyber criminals can gain financial rewards through either their own means or by being hired by nation states to protect and seek out potential threats and faults in networks.
5. Retaliation
Distributed Denial-of-Service (DDoS) attacks are a hacking technique that can disrupt access to Internet services or websites. Certain services allow people to ‘rent’ a DDoS attack for low prices that can last for as little as a minute.
Users can flood websites with unwanted data in order to crash them and prevent legitimate users from accessing them. These types of attacks are among the most common cyber threats businesses face. Incidents like these may be launched in retaliation. People can use DDoS on business competitors and can threaten the safety of internal systems.
Urgent action is needed to improve the security of vulnerable devices. Considerations such as users’ data privacy are falling by the wayside, as there is an increasing rush for technology growth. Although some attacks are minor, a serious cyber-attack could result in a complete power shutdown of the National Grid, causing economic and financial disruption.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.