Computer science security (attempt question 2 only) 3 pages 750 words

User Generated

naablzbhf1

Writing

Description

Computer Security. Refer to the attachment for the question.

References is APA


Planet of the Grapes, a local wine and spirit merchant currently operates in three stores around Perth. Stores are independent from one another and there is no data sharing between stores, although this is not by design but simply a by-product of faster than expected expansion. The organisation is now moving into the online arena and has contracted your computer consulting company to perform a variety of audits on their computer network. The owners have never employed any IT security staff in the past and have preferred to set up systems for themselves. However, it has become apparent that the risks of moving business systems online are not to be ignored. For this reason you are being asked to investigate the security of the system and make recommendations.

There are two distinct tasks being requested in this phase of the audit. Each of these should be answered separately.

Question 2: Legacy code (40 marks)

The Internet in Perth is notoriously bad and the Internet connection between Planet of the Grapes and their bank is down on a regular basis. To avoid losing out on any purchases during outages, Planet of the Grapes intends to allow offline purchases (as in the good old times). However, credit card data entered by a customer still needs to be verified offline to prevent malicious users from trying to buy goods with fake credit card numbers.

Planet of the Grapes staff have acquired an application that can do this, but they suspect that this program (supposedly implemented in C) is vulnerable to a critical and very common type of software security vulnerability. Planet of the Grapes has supplied you with a copy of the program (part of http://www.it.murdoch.edu.au/szander/ICT287/assignment1/form.php.) When you inquire about this software you learn that it cannot be patched as the code is part of a suite of utilities supplied by the financial provider and Planet of the Grapes cannot get access to the code.

Name and explain the type of vulnerability. Discuss what types of systems it affects and why it happens (what is the issue?). Discuss the impact of the vulnerability and how it may be exploited theoretically.

Besides discussing how the vulnerability may be exploited in general, discuss the impact of the vulnerability in this specific case of the credit card validation tool and describe and demonstrate (e.g. screenshot) how it can be exploited. It is not required to use a disassembler for this task, simply manipulating the tool’s input directly is sufficient.

Given that it is not possible to patch the code directly, there is no vendor update and it must remain in use, make at least 3 different recommendations that would reduce the risk this application poses. The recommendation must be specific to this case and not general mitigation strategies that do not apply in this case.

These description of the vulnerability and the recommendations should be presented in a format suitable for a general technical audience – i.e. someone who is proficient in IT in general, but may not be a security expert. Citations should be used where appropriate.

The expected answer length is approximately 2-3 pages and the answer must not be longer 4 pages.


Unformatted Attachment Preview

Due Date: Sunday 14 October 2018, 23:55 Assignment Information You must submit your assignment online using the Assignment submission on LMS. Late submissions will be penalised at the rate of 10% of the total mark per day late or part thereof. You should submit your assignment as ONE word-processed document containing all of the required question answers. The document must have a title page indicating the assignment, student name and number and the submission date. The document must be submitted in PDF format. You must keep a copy of the final version of your assignment as submitted (PDF and source document) and be prepared to provide it on request. This is an INDIVIDUAL assignment. The University treats plagiarism, collusion, theft of other students’ work and other forms of academic misconduct in assessment seriously. Any instances of academic misconduct in this assessment will be forwarded immediately to the Faculty Dean. For guidelines on academic misconduct in assessment including avoiding plagiarism, see: Planet of the grapes Planet of the Grapes, a local wine and spirit merchant currently operates in three stores around Perth. Stores are independent from one another and there is no data sharing between stores, although this is not by design but simply a by-product of faster than expected expansion. The organisation is now moving into the online arena and has contracted your computer consulting company to perform a variety of audits on their computer network. The owners have never employed any IT security staff in the past and have preferred to set up systems for themselves. However, it has become apparent that the risks of moving business systems online are not to be ignored. For this reason you are being asked to investigate the security of the system and make recommendations. There are two distinct tasks being requested in this phase of the audit. Each of these should be answered separately. Question 2: Legacy code (40 marks) The Internet in Perth is notoriously bad and the Internet connection between Planet of the Grapes and their bank is down on a regular basis. To avoid losing out on any purchases during outages, Planet of the Grapes intends to allow offline purchases (as in the good old times). However, credit card data entered by a customer still needs to be verified offline to prevent malicious users from trying to buy goods with fake credit card numbers. Planet of the Grapes staff have acquired an application that can do this, but they suspect that this program (supposedly implemented in C) is vulnerable to a critical and very common type of software security vulnerability. Planet of the Grapes has supplied you with a copy of the program (part of http://www.it.murdoch.edu.au/szander/ICT287/assignment1/form.php.) When you inquire about this software you learn that it cannot be patched as the code is part of a suite of utilities supplied by the financial provider and Planet of the Grapes cannot get access to the code. Name and explain the type of vulnerability. Discuss what types of systems it affects and why it happens (what is the issue?). Discuss the impact of the vulnerability and how it may be exploited theoretically. Besides discussing how the vulnerability may be exploited in general, discuss the impact of the vulnerability in this specific case of the credit card validation tool and describe and demonstrate (e.g. screenshot) how it can be exploited. It is not required to use a disassembler for this task, simply manipulating the tool’s input directly is sufficient. Given that it is not possible to patch the code directly, there is no vendor update and it must remain in use, make at least 3 different recommendations that would reduce the risk this application poses. The recommendation must be specific to this case and not general mitigation strategies that do not apply in this case. These description of the vulnerability and the recommendations should be presented in a format suitable for a general technical audience – i.e. someone who is proficient in IT in general, but may not be a security expert. Citations should be used where appropriate. The expected answer length is approximately 2-3 pages and the answer must not be longer 4 pages.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Find the attached paper. In case you need edits feel free to seek clarification or edits

Outline

Introduction
Body
Conclusion
References


Running head: OFFLINE PURCHASES VULNERABILITIES
1

Offline Purchases Vulnerabilities

Name:

Institution:

OFFLINE PURCHASES VULNERABILITIES

2

Offline Purchases Vulnerabilities
Name and explain the type of vulnerability.
Planet of the Grapes having experienced a regular downtime of internet connection with
its bank opted to apply an offline purchase system like the Point-Of-Sale system to help them
whenever making sales. However, the vulnerability exists between the POS workstation and the
store server whereby it lacks basic protection mechanisms. Since the system does not check
whether an individual carrying out the transaction is authorized to perform the critical function, it
opens up the system to a series of attack vectors (Shimpi, 2016). For example, a malicious
hacker can use a Raspberry Pi to upload a malicious code designed to send card numbers to his
or her server by connecting it to the network where the POS terminal is located. Typically, the
vulnerability allows one to steal card information, but it goes beyond stealing such data. The
hac...


Anonymous
Super useful! Studypool never disappoints.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags