1. Defenses against injection attacks
A. Defenses to protect against SQL injection attacks, XML injection attacks, and XSS
Roth, Gregory & Brandwin (2018) showed the following measures to prevent SQL attacks
- Firewall: think of a web application firewall- this can be either hardware or a software application that can help to get rid of malicious data. The important and safe once are set to the default rules and make it flexible to add other rules whenever it is required. A WAF may be useful in providing some security against the vulnerability.
- Make use of suitable privileges- never connect to a database with the admin privileges unless you have a genuine reason to do so.
- Examine the SQL statements that come from your database.
Deactivate parsing of Inline DTDs- the Inline DTDs is a tool that is hardly used. Though external attacks will remain a threat due to XML parsing libraries and do not deactivate this tool by default.
Reduce the authorizations of web server process – execute most of your server processes with only sanctions they need. Track the least privilege principle. This is protecting directories that can be accessed in the file systems (EVANS &Flanagan 2018)
- Escaping- XSS attacks can only be prevented be avoiding the user inputs. Escaping involves taking the application data and making sure that it is safe for the end user. Build the data to your web page and ensure that it does not allow a view of coding characters used.
- Validating inputs- it is a process of ensuring that the seawards are performing the tasks it was built for and restricting unsecured data from harming the software.
- XSS threats are may be hard to restrict because of availability of several vectors where a XSS attack may be used in many applications. Furthermore other threats like
- SQL injection or operating systems command injections. XSS affects only the end users of the website. This makes the most challenging to know and even very hard to fix the issue. ((Girisan & Savitha & 2018)
XSS is more difficult than SQL because it has only one strategy to control cross-site scripting vulnerabilities, unlike SQL which make use of set documents.
The use XML as a mark-up language may be ill-suited in postulating multifarious metadata that active dependencies or wiring a logic that is command based or that defines domain particular languages.
Ending tags in XML, SQL helps much during the nesting runs deep. But it may hurt in cases where there is a requirement to prompt a modest construct using small data items. The problem comes when there is a need to process a certain number of objects at a specific time to prevent threats.
Symantec data loss prevention
Is known for its important in preventing cybersecurity attacks. This helps to protect and monitor both the consumers and the organization itself.
Furthermore, it helps to control, see and regulate how information is used whether the workers are connected or not. The software puts in a very secure state hence the data would never be stolen or lost at wherever it is stored (Roth et al, 2018)
- It is cloud compatible
- Has no free trial
- Work in desktop platforms
- Has no autonomous feature
This tool provides companies with all the tools they might want to discover, secure and monitor information while obeying both external and internal regulations. The system is equipped with risk and policy settings which is very flexible all the business needs in safeguarding their platforms (Antoun & Zuo, 2018).)
- It uses desktop platforms
- Has autonomous function
- Cloud compatible
- Has demo free trial
It includes much unique cybersecurity procedure to help the company to prevent data from being sent accidentally or being leaked to the wrong hands. It aims to educate all the users of software on threats of data loss (Sarin, et al 2018)
- Easy to use
- Use desktop platforms
- Has no autonomous function
- Not Compatible to cloud
- Has a free trial for data loss
- It uses desktop platforms
- Has autonomous feature
- Cloud compatible
- Has demo free trial solution
- Easy to use
- Use desktop platforms]
- Has no autonomous feature
- Not Compatible to cloud
- Has a free trial for data loss
- User data encryption- SSL certificates make data to be encrypted this means that no unauthorized person can access the information
- Better Search Engine Optimization- this is very important when it comes to online visibility. Taking SEO seriously helps the website to be at the top of the search engine
- Pages that are accessed through HTTPS cannot be cached in a joint cached because the communication between a server and a browser is secured.
- Some of the proxy or firewall does not prevent access to sites for HTTPS; this allow HTTPS to be secure by ensuring end-to-end encryption(Kalinin,2018)
HTTPS stands for HyperText Transfer Protocol Secure that is a combination of HTTP and SSL/TLS on the other hand HTTP is refers to HyperText Transfer Protocol. They are both made to transfer information between the server and the clients (QASAIMEH, ALA & KHAIRALLAH,2018)
- How server is set up for HTTPS transactions
- Host it using enthusiastic IP
- Purchase a certificate
- Activate certificate
- Install certificate
- Update your HTTPS
While you are on the Wi-Fi, the HTTPS is always encrypted and adds another stratum of security that makes the browsing more secure. Your traffics would never be visible to hackers when snooping around the network.
You should use HTTPS for all your web traffic because the encryption feature found in it is made to provide benefits such as integrity, identity, and confidentiality.
How HTTPS protected you when you connected you connect to a Wi-Fi
While you are on the Wi-Fi, the HTTPS is always encrypted and adds another stratum of security that makes the browsing more secure. Your traffics would never be visible to hackers when snooping around the network.
2. Data loss prevention products comparison
a) Literature review
Cloud computing is a computing technique where a pool of systems are linked together in a public or a private network, to give enthusiastically scalable structure for application, data storage, computing cost and hosting services.
The prevailing information systems in cloud computing that the organization apply for shows that there is a lack of research on the adoption of technology. Moreover, there is a necessity to benchmark and apply knowledge use by big companies like that of Amazon Web service (Byres & Lowe 2004)
Cloud computing has developed gradually. It has upsurge interest from business since it was intercepted. By the use of an innovative technology delivery model, cloud technology can add strategic and technical value to companies
Cloud computing allows the business and its clients to assimilate and combine several diverse services together that give rise to productivity and creativity. Cloud computing leads to positive gain and motivates staff in an organization since it offers several solutions and rewards to business like scalability, flexibility and minimizes the cost of goods and service.
Cloud computing has aided several enterprises by minimizing cost and enhancing focus on basic business competence, not only the information technology but also in issues of infrastructure
Security is a significant factor in cloud computing that should not be taken literally because it holds most of the organization’s resources. In case of any threat arising in the application technology, the enterprise would server a lot.
- Downtime is mostly cited as one of the major shortcomings of cloud computing, due to the facts that the cloud basically involves the use of website, service slowdown or service outages are the common issues.
- With the use of cloud computing, every task is performed online. This exposes possible vulnerabilities. Even the best enterprises may grieve severe attacks and safety shores every time. It is quite easy to use cloud computing because it is user-friendly than to learn and understand the facts behind it ((Armbrust et al, 2010))
Interviewer: Student
Interviewee: Network Administrator
Interview settings: Interview was carried out in the office of Network administrator at 4:20 PM on Tuesday afternoon:
Connection with the interviewee: the network administrator has been my lecturer for three units.
( Initiation of an interview)
Interviewer: mostly when it comes to cybersecurity, what is your role as a network administrator?
Interviewee: in my position, my work here is to safeguard the intuition’s data against unauthorized access and to put down measures that can help the organization to overcome the threats and vulnerability issues (Wang & Lu, 2013)
Interviewer: do you go for research?
Interviewee: many of my research are information technology
Interviewer: what kind of research do you do?
Interviewee: I major so much on threats and vulnerability issue that are related to cyber-attacks, everyday technology comes in with more IT techniques and inventions the fraudsters, on the other hand, work hard and takes the advantages of the technology to access people’s private information. Therefore there need to do everyday research to make sure that the institution is updated on such issues to take control (Antoun & Zuo,2018).
Interviewer: I have you ever work in any industry before you become a network administrator?
Interviewee? I was employed to be an assistant IT professional at FGIT Project for two years after my graduation with masters, and the field is not an industry, it’s more of educational.
Interviewer: what skills are required to overcome cybersecurity threats security?
Interviewee: security engineering skills are the first and most important, engineer and built a network that is very secure. The second skill is the encryption, protect network servers like a computer and the organization database, encryption is important to companies that have implemented the cloud computing technology, the third one detection to response skill, you need to examine any actions that look suspicious constantly monitor to prevent huge loses.
The fourth skill is firewall development that is getting read of data that might be malicious. Last but not least the vulnerability and analyses skills:
Interviewer: thank you for your time I have learned a lot.
Interviewee: you are always welcome.
Security is important given the design of how many work and our daily activities are getting embedded with the use of technology. When devices are connected it create a dialogs among devices interface, the cloud and private infrastructures, this create a chance for hackers to spy. This has led to high demand for information technology professionals to create and solid and less susceptible networks.
- Help to in developing foundational knowledge of the information technology principles and the state of cyber defences
- Understanding of how the engineering process is applied effectively to protect multifaceted clink systems.
- Help in developing and practice skills for accessing vulnerabilities and threats, creating a security plan and providing a procedure to be followed in case of an incident regarding security happens.
- Help to understand the importance of encrypting private data over a network
References
Antoun, R. A., & Zuo, J. (2018). U.S. Patent Application No. 15/419,756.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., … & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Byres, E., & Lowe, J. (2004, October). The myths and facts behind cyber security risks for industrial control systems. In Proceedings of the VDE Kongress (Vol. 116, pp. 213-218).
EVANS, B. F., & Flanagan, D. (2018). Java in a nutshell: a desktop quick reference. O’REILLY MEDIA, Incorporated, USA.
Girisan, E. K., & Savitha, T. (2018). High Secure Web Service to Resolve Different Web Vulnerabilities. Journal of Network Communications and Emerging Technologies (JNCET) www. jncet. org, 8(2).
Girisan, E. K., & Savitha, T. (2018). High Secure Web Service to Resolve Different Web Vulnerabilities. Journal of Network Communications and Emerging Technologies (JNCET) www. jncet. org, 8(2).
Kalinin, D. (2018). Database web application.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing
Roth, Gregory Branchek, Eric Jason Brandwine, and Matthew James Wren. “Data loss prevention techniques.” U.S. Patent No. 9,912,696. 6 Mar. 2018.
Sarin, Sumit Manmohan, Sumant Modak, Amit Shinde, and Bishnu Chaturvedi. “Technique for data loss prevention through clipboard operations.” U.S. Patent Application 15/798,482, filed February 22, 2018.
Qasaimeh, M., Ala’A, S. H. A. M. L. A. W. I., & Khairallah, T. (2018). Black Box Evaluation Of Web Application Scanners: Standards Mapping Approach.. Journal of Theoretical and Applied Information Technology, 96(14).
Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5), 1344-1371.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
