Team1_LabReport2

Create a simple password recovery page. •        Make sure that both login page and the password recovery page are secure against SQL injection attack. •       Write a report contains the list of the countermeasures you made to secure this websits against SQL injection attack. •       List the potential vulnerabilities in this designed pages that need to be addressed in the future. •       Take screenshots for the system and code as evidnences

Case Project 10-1: Password Security Inadequate password security is one of the areas that the auditors believe needs improve-ment. A former server administrator acquiesced to bank employees’ complaints about fre-quent password changes and set very lax account policies for passwords. The audits raised the following concerns: Some bank employees have used the same user account password for several years. Many of the existing passwords are only four or five characters in length. Several bank employees regularly change their passwords but rotate between the same three or four passwords with each change. An employee who has forgotten a password can keep trying different combinations for as long as they like, until they hit upon the password or give up trying. What capabilities in Windows Server 2016 enable the bank to address the auditors’ concerns? Create a detailed report of your recommendations for the bank’s Audit Response Committee. Also, for the IT manager who is a committee…

Audit logs should be protected by time stamps and can be digitally-signed? true or false

Draw a sequence diagram using the Dataflow diagram below

Because of how data is kept, distributed and centralized version control systems differ. Version control offers two advantages:

....

Audit logs should be timestamped and digitally signed?True or False.

As part of a website redesign at Sunshine State University, a directory search application was developed. It allows any- one to search for Sunshine State students, staff, and faculty names and email addresses. Before the website is released to the public, you have been asked to work with the team evaluating the security. And you found out this system could possibly be suffering for system misconfiguration. write a paragraph brief (one to two paragraphs) summary of your findings that could be presentedto the administration of Sunshine State University. Make sure to include:a) What vulnerability or vulnerabilities this application suffer from?b) Possible harm that could come from this vulnerability.c) Reasons that you feel this vulnerability is presen

the rationale of utilising syslog. What is it, how does it work, what are some advantages to this kind of log management, and what challenges may it present? [

Please help me in revising this memo: 5.3 Radical Rewrite: Informational Memo- Lost in the Cloud In the following memo, product manager Alexander Amato reports to CEO   Manager Razipour the high points of a workshop he asked her to attend. Alexandra’s jumbled memo offers solid information but is poorly written. Your Task: Analyze the message and list at least five weaknesses. Revise this memo Date: July 10, 2016 To: Mason Razipour CEO From: Alexandra Amato, Product Manager Subject: Cloud Computing Some time ago you signed me up to attend The Promise of Cloud Computing workshop. I did attend it on July 8. Herewith is a short report, as you requested. If you prefer, I could give a presentation about what I learned at the next management council meeting. Is that coming up in August?   Okay, here’s my report. I know you asked that it be brief, so will do? Lisa Moritz, the workshop leader told the group that the big problem today is that in this anytime/ anywhere workplace employees are…

A key component of modern version control systems (such as GIT) is a main repository. What is the purpose of the main repository?

The storage methods used by distributed and centralized version control systems are distinct from one another. Utilizing version control affords users two distinct advantages.

Explain the role of the journalctl command in viewing system logs.

Explain the handling of Execute Response of the Facebook Database System.

5. Given various PHP loop statements, what are the methods available for looping over records in a record set? What are the pros and cons of loop statements and why they may be time savers, or why they may be detrimental to building your web application.

The reason for using syslog. What is it, how does it function, what are some of the positive characteristics of this form of log management, and what difficulties may it cause?

Different from browser-based password managers, standalone password managers are designed to be used without the need for an internet connection. Do you have a suggestion for me? Why?

Sub:- Cyber security 9 Permissions at the OU level     Right Click OU USA and select delegation control to start the wizard.    In the wizard select the group staff,     select reset user password and force password change at next logon     Note: you are doing this at the OU level thus if you had 1000 users this reset     would make all 1000 users change there passwords at next logon.

Complete the attached table with the principles below relating to server security The principles are: Economy of mechanism Fail-safe defaults Complete mediation Open design Separation of privilege Least privilege Least common mechanism Psychological acceptability

Réflection 5-1 Scenario: You have learned how SMB and NFS can be used to provide secure access to files on an NTFS or ReFS filesystem, as well as how quotas and file screens can further restrict filesystem access. You've also learned how auditing can record file system access, and DFS can be used to both provide centralized access to multiple filesystems, as well as replicate filesystem contents. After joining a new tech startup, you've been tasked with designing and implementing the storage needed by the 30 developers in your organization. 1. Read the scenario. 2. Write a report of at least 100 words outlining your answers to the following questions: a. What filesystems and file sharing protocols would you use and why? b. How would you ensure that only authorized developers are allowed to access the files tha they need? C. How would you configure fault tolerance for developer files?

Based upon your readings this week, explain what each of the following terms mean and how they can be prevented.  This will aid you in preparing for the quiz on this material.  Topics: Buffer Overflow Injections (SQL, HTML, Command, Code) Authentication Credential brute force Session hijacking Redirect Default credentials Weak credentials Kerberos exploits Authorization Parameter pollution Insecure direct object reference Cross-site scripting (XSS) Stored/persistent Reflected DOM Cross-site request forgery (CSRF/XSRF) Clickjacking Security misconfiguration Directory traversal Cookie manipulationLinks to an external site. File inclusion Local Remote Unsecure code practices Comments in source code Lack of error handling Overly verbose error handling Hard-coded credentials Race conditions Unauthorized use of functions/unprotected APIs Hidden elements (sensitive info in the DOM) Lack of code signing

Describe the purpose and benefits of code version control systems like Git.

Do not copy from other websites

Premier University's admissions process is well-known to you. Students can access the enrollment portion of their accounts by logging in. Afterwards, individuals can choose the courses they wish to take. When all the courses are submitted, they move on to the awaiting requests. Each request that has been put on hold is approved by the adviser. For the whole registration process, create an SRS document

Describe the concept of system logging, including the types of logs generated by a typical computer system and their use in troubleshooting.

Question 24 Dynamic & manually defined blacklist are composed of the Botset Traffie Filher (BTF) & manually created black lists True False Question 25 can be accessed by any entity trying to check the validity of any giveu certificate Question 26 The tatag T LSee w t el True False 539

33 DO NOT COPY FROM OTHER WEBSITES Correct and detailed answer will be Upvoted else downvoted. Thank you!

Standardize a file integrity monitoring system.