Product Detail
On Feb. 28, 2018, GitHub—a platform for software developers—was hit with an attack that clocked in at 1.35 terabits per second and lasted for roughly 20 minutes. According to GitHub, the traffic was traced back to “over a thousand different autonomous sys |
|
| University | Nmims Blog |
| Service Type | Questions |
| Course | NMIMS Assignment Questions |
| Semester | |
| Short Name or Subject Code | IT Security and Risk Management |
| Product | NMIMS Assignment Questions of Questions (Nmims Blog) |
| Pattern | |
| Price |
Click to view price |
NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management
Internal Assignment Applicable for April 2021 Examination
1. On Feb. 28, 2018, GitHub—a platform for software developers—was hit with an attack
that clocked in at 1.35 terabits per second and lasted for roughly 20 minutes. According
to GitHub, the traffic was traced back to “over a thousand different autonomous systems
(ASNs) across tens of thousands of unique endpoints.”
What type of attack was this and how should be the countermeasures for such attacks?
2. In traditional computer systems, users prove their identities by typing in passwords.
While easy to set up, this authentication method has a severe flaw. If hackers steal or
crack the password, it is easy to take on the user’s identity. Intruders log in as the real
user, and the system is wide open to an attack.
Kerberos authentication protects user credentials from hackers. This protocol keeps
passwords away from insecure networks at all times, even during user verification.
Explain the process of Kerberos authentication mechanism in detail.
(10 Marks)
3. A hacker broke into the database of Tornato, country’s largest online restaurant guide,
and accessed five vital details – names, emails, numeric user IDs, user names and
password hashes – of around 15 million users. The hacker then offered up the details for
sale on the darknet before entering into negotiations with the company. The incident set
alarm bells ringing in the country’s cyber security network as internet users often use the
same passwords for multiple accounts, including social network sites, mailbox services
and banking applications. Soon after, Tornato posted a series of blogs with details about
what had gone wrong. It also said the security breach in this case was the work of an
“ethical hacker” who merely wished to draw the company’s attention to the
vulnerabilities of its database and to convince it to launch a bug bounty programme.
a. Explain the different types of hackers and why did Tornato claim this to be the work of
an ethical hacker? (5 Marks)
b. What is the role and purpose of bug bounty programmes in security?