Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Every registered user of Paul Gray\'s online share trading company is advised to

ID: 3661405 • Letter: E

Question

Every registered user of Paul Gray's online share trading company is advised to read the safety and privacy page of the portal. As a secure portal, it has Secure Socket Layer (SSL) as a security measure. Gray has asked you to help him with this aspect of security as well. On the basis of your understanding, respond to the following:

In addition to SSL, which other security measure may be deployed to ensure the privacy of users in an online environment? Provide at least two security measures and explain why they would be beneficial. What benefit does each provide to the user? How can the user be sure it is working properly?

As many of Gray's clients would also like to know about tax saving measures when they trade, Gray has hired Steve Davis as a tax consultant. Davis works from home and travels to his clients all over the country. Occasionally, he visits client sites, and takes his laptop with him on all such trips.

Gray has asked for recommendations for Davis on the following as well:

Which top two security measures should he take to ensure that his data and the connection to Gray's network are best protected against attack? Describe the security provided by each measure and explain why it is important. Defend your choice of measures in the discussions that follow.

Are these two measures sufficient to call the laptop secure? Why or why not? If not, what aspect of security is still missing?

Explanation / Answer

Today with increasing use of internet and increasing number of online users, web portal security has become one of the major concern.
As long as security of online users is concerned there are many points to keep in mind and there are many levels of security to be maintained.
One such step is use of SSL which is a protocol used to provide security over the Internet by encrypting the sensitive information sent over the internet from client to server or vice versa.
This is a basic and first security measure to be adopted. However using only SSL doesnt guarantee the security of the whole system. As there are number of different attacks thus there are are
number of security measures. The different attacks include SQL Injection, Cross Site Scripting (XSS), DOS or DDOS attacks,. Cross Site request forgery etc.
Thus there are various steps to security-centric computer programming necessary to build low-risk web-based applications. Few security tips are

1. Secure password storage

Never store plain passwords in the database, this is the worst method to store passwords because anyone having access to database can see the passwords. Store encrypted passwords instead.
Its is a good approach to encrypt a password by some encryption (hashing) algorithm like SHA or md5 (SHA and MD5 are hashing algorithms which cannot be decrypted) and store encrypted passwords in the database. This way even if a hacker hacks into the
database and steals passwords he/she wont be able login because the passwords are encrypted used directly to log into the system.

2. Query filtering or Query parametrisation

Never use user input data without filtering it. A web form comments box, data field or another area of a form that allows free data entry, especially open string input, can lead to various
attacks like SQL Injection and Cross Site Scripting (XSS). The user input must be filtered to stop hackers from entering some malicious SQL code and malicious scripts. This malicious SQL code
can be interpreted as part of sql command by the database and which can lead to information leaking. Validating user input is called Query Parametrisation.

In addition of all these security measures its also recommended to test website security by using some website security tools also known as penetration testing tools like Netsparke, openVAS etc.

As fas as clients like Steve Davis are concerned they also have some responsibility as well and they also need to take some security measures to be safe on the internet. Here are few tips for
clients
1. Always use upto date anti-virus and anti-malware software on their laptops.
2. Never use pirated or untrusted softwares.
3. Never click on unknown links or links sent via email from unknown users.
3. Keep your laptops password protected.
4. Do not use simple or easy passwords.
5. Always check for correct url (Web Address like facebook.com etc) in the address bar of browser before entering login credentials.

Related Questions

Every few years, the National Assessment of Educational Progress asks a national
Question #3261091
Every few years, winds in Boulder, Colorado, attain sustained speeds of 45.0 m/s
Question #778515
Every few years, winds in Boulder, Colorado, attain sustained speeds of 45.0 m/s
Question #1567713
Every few years, winds in Boulder, Colorado, attain sustained speeds of 45.0 m/s
Question #1616292
Every few years, winds in Boulder, Colorado, attain sustained speeds of 45.0 m/s
Question #2030908
Every field of study is replete with questions that are controversial and diffic
Question #123260
Every file has a name and might also have a file extension. The rules that speci
Question #3813799
Every firm has its approach for understanding a client’s internal control struct
Question #431403
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Every registered user of Paul Gray\'s online share trading company is advised to
Next
Every registered user of Paul Gray\'s online share trading company is advised to

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.