User Account

All Pages

Why does the use of passwords put the overall security

Assignment Help Computer Network Security
Reference no: EM131482997

Assignment

Why does the use of passwords put the overall security of the network in jeopardy?I n responding to your peers' posts, discuss whether additional measures could have been taken in order to reduce the threat potential. BELOW ARE FIVE PEER POST TO REPOND TO.

1.B) Passwords put the overall security of a network in jeopardy because they can be accessed by someone that is unauthorized. A password can be guessed, stolen, or even shared. (Shinder, 2003)

There are a ways that hackers can gain access to passwords. Below are a few.

• Brute force - If at first you don't succeed try, try, again. This type of attack just goes through every possible combination. When the Powerball gets up to that crazy jackpot do you ever think of playing every combination? (O'Donnell, 2017)

• Dictionary threat - In a dictionary attack the attacker tries to breach the security by just going through every word in their dictionary to see if it gets a hit on the decryption key and gains access to the data. (Techopedia, 2017)

• Rainbow tables - a bunch of pre-computed tables that contain possible passwords with hash values. These tables allow reversing of the hashing functions and gain access. Rainbow tables tend to be faster than the other 2 methods I mentioned but they take up a lot more space. (O'Donnell, 2017)

My current LAN password at work showed an online attack scenario of 1.83 billion centuries, offline of 18.8 centuries and 1.83 years for massive cracking array. A normal lazy password (asdfghjkl) came up with an online of 1.80 centuries, offline of 56.47 seconds and massive cracking of .0565 seconds. A password of 123456 is a fraction of the lazy password mentioned above. Anytime I added some kind of combination of numbers or symbols to go with uppercase or lowercase letters those timings got larger. My LAN password at work has a symbol and then is a mix of numbers and letters. It could probably be even more complex but I have been there for 20 years and we have to change it every 90 days. I have run out of things to use as a password.

2. H) One of the most popular ways to compromise a password is to simply ask for it. Yes. Social Engineering, in terms of technology is the manipulation of people into doing something that divulges personal or confidential information. Example, you get a call at work from someone claiming to be from the IT Department or working with the IT Department and needs to ask you some questions to help assist with a network issue they are having. They sound convincing, they can even spoof the phone number so it looks like it is coming from your company. Malware is another technique used to get your password. A user downloads malicious code that puts a key logger on your computer and the attacker has all your login credentials. Open wireless networks can be a heaven for criminals trying to steal your information. Packet sniffing on an unsecure wireless network is another tactic that can be used to compromise your password. Because password polices are not implemented and enforced, attackers can simply try to guess the password. People are still creatures of habit and sometimes they stick with things that just makes their life easier, not necessarily safer. 12345, QWERTY, password, and 123456789 are some of the most popular passwords that are used. (Smith, 2011)

The site www.grc.vom/haystack was an eye opener and would be something that people who do not take passwords seriously should spend some time with. In regards to passwords, size does matter. Using the password 123456789 it calculated an online attack scenario of 1 week or a massive attack of .0000111 seconds. Using a simple phrase like ‘1lovetheColts!' which has 14 characters bumps up those attack times to an online attack of 1.57 thousand trillion centuries. It proves that passwords need to be taken more seriously. Having a passcode (think of it as a passphrase) that is 13+ charters with complexity and you are making it a lot harder for someone to compromise your password.

3. MU) There are a couple ways to guess and crack passwords of users. Two of the most common ways are dictionary attacks and brute-force attacks. A dictionary attack uses a file containing words, phrases, common passwords, and other strings that are likely to be used as a password (Hornby, 2016). A hacker will try all possible combinations to compromise the passwords using this technique. Another method is to use a brute-force attack. A brute-force attack tries every possible combination of characters up to a given length (Hornby, 2016). This attack is not efficient and is the most "computationally expensive". These are the two most common methods hackers use.
Haystack:

On the website I tried and played with different passwords all using different requirements. I found that actually using a short memorable password but adding a unique padding policy actually work. With my strongest password, the time it'll take for an online attack scenario (1,000 guesses per second) would be 1.83 billion centuries. For a massive cracking array scneario (one hundred trillion guesses per second) would take 1.83 years. Without exposing the password, it contained one uppercase, one lowercase, 1 digit, and 8 symbols. I found that using something that is simple length in addition to unique personal padding often provides the best password protection.

4. JUL) Your username and password is what most networks use to authenticate user accounts. This is also a door for a criminal to crack open and have access to the network. Passwords can be a strength and a weakness. With a password, the user is only using one authentication method, the "something you know" category. If this is all that is being used for authenticating, the password needs to be a strong one that is changed frequently, and is never shared, or written down.
With weak passwords, a user is susceptible to dictionary attacks, brute force attacks, social engineering (where someone calls up impersonating a system admin, saying they need your password to fix your account), & shoulder surfing, these are just a few examples on how passwords can be a weak point in network security (Bishop & Klein, 1995).

Using the website, How Big is Your Haystack, putting in random passwords that are frequently used shows just how "safe" you think would be safe to use. The complexity of a password and a time framed password change is the only thing that can keep your password safer, not safe, but safer.

5. TH) I discussed briefly last week how my organization handles passwords and find as I read about password security they are onto something. My organization requires passwords to be a minimum of 10 characters in length, they must have at least 2 upper case characters, 2 lower case characters, 2 special characters, 2 numbers and we must change passwords every 3 months (it automatic). The systems we utilize also track old passwords so we can not reuse old passwords. I tried to use 3 passwords and cycle through it and the system flagged the first password when I tried to reuse it. When I change my password it really makes for a bad day trying to remember what I am using, especially because we have different systems all having passwords and we have been told we should not use the same password for every system. I do know some people do. I also know many people in the office write them on paper and hide it around the desk and hope the IT manager does not see the list. It is a terrible thing having a list of passwords.

The US Government on a Homeland Security website indicates this about passwords:

1: Use different passwords on different systems and accounts.
2: Don't use passwords that are based on personal information that can be easily accessed or guessed.
3: Use a combination of capital and lower case letters, numbers and special characters.
4: Don't use words that can be found in any dictionary of any language.
5: Develop mnemonics such as passphrases for remembering complex passwords.
6: Consider using a password manager program to keep track of your passwords"

(US-Cert. 2017)

Hackers can use a different methods to try and hack your account. They can use dictionary attacks, brute force attacks, or combination of these. One that I actually witnessed was a keylogger trojan. Norton indicates, "Keyloggers are a type of spyware that can be used legitimately by parents to watch the activity of their children online. But these tools are being used more and more for illegitimate purposes" (Norton, 2017) Once you have a keylogger virus/trojan on your computer a hacker can see every keystroke you complete as you type them. Make sure you have up to date and active virus protection.

I have seen phishing attacks. In this type of attack you may get an email indicating your account might be in jeapordy and you might be asked to immediately to click on a link to fix or update your account. Beware in this type of attack you are not hitting the site you might think you are. You are probably hitting a fake site from the hacker who is just sitting waiting for you to enter your user name and password. Once you do he has access to your account. This is one reason to keep different passwords for different accounts. INFOSEC Institue reports, "The British have reported that they are already up to 8000 phising attacks occuring monthly" (Inforsec, 2017) Other types of phishing attacks are out and about.

PLEASE READ THIS.IT IS VERY IMPORTANT

Allow your discussion posts to be detailed and capable of sharing knowledge, ideas and points. You must discuss the topic using your own words first. Using your own words indicate you understand the topic of discussions. Secondly, you must cite your sources in-text. This is necessary to justify your points. Sources from several sources showed good research abilities. Lastly, you must provide references at the bottom of your post. A discussion post without justification with sources does not show proper research abilities. A terse and not detailed discussions represent post that would not provide enough sharing of knowledge or proper understanding of the topic. DO NOT just copy and paste a sentence from online with citation at the end as your own discussion. I have not asked for definitions, I asked for discussions and will not buy this. You must show understanding of the discussion topic by using your own words to describe the topic and then justify that with sources.

Format references into the APA style if necessary. Extremely important. Intext citations is very essential and highly needed as well.

Use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA citation method (citation should be relevant and current). Page-length requirements: 2 PARAGRAPHS FOR EACH PROMPT ANSWER.Make sure you cite if you take a piece of someone's work, very important and your reference should relate to your writing (don't cite a reference because it relates to the course and not this very paper) at least 2 current and relevant academic references. No heavy paraphrasing of others work.

Reference no: EM131482997

Questions Cloud

How will systems receive ip addresses : How will systems receive IP addresses? Explain with details. How will DNS be accessed by the E3-R&D systems? Explain with details.
What is the initial investment outlay : What is the initial investment outlay for the machine? Round answers to nearest dollar. You must show your work to receive full credit.
Critically review current approaches to health promotion : Identify and critically review current approaches to health promotion at a local, national and international level
How many payments will you have made : How many payments will you have made when your account balance reaches $21,334? (Do not round your intermediate calculations.)
Why does the use of passwords put the overall security : Why does the use of passwords put the overall security of the network in jeopardy? Discuss whether additional measures could have been taken.
Describe the three types of unemployment : What types of government programs would be most effective in combating each type of unemployment?
Maturity risk premium for all bonds : Crockett's bonds is LP = 0.90% versus zero for T-bonds, and the maturity risk premium for all bonds is found with the formula MRP = (t - 1) 0.1%
Has median household income and adjusted for inflation : In 2000, median household income was $40,816. By 2004, it had grown to $44,389. The PCE for 2004 (2000 100) was 108.37. Has median household income.
What rate should the shop report : Big Dom's Pawn Shop charges an interest rate of 23 percent per month on loans to its customers. Like all lenders, Big Dom must report an APR to consumers.

Reviews

Write a Review

Computer Network Security Questions & Answers

  What is pki and why is it important

Explain how authentication works. What is PKI and why is it important? - What is a certificate authority? - How does PGP differ from SSL?

  Identify physical security methods and the role

Identify physical security methods and the role they play in a network security plan. Compare and contrast the advantages and disadvantages of the physical security methods you identified.

  What steps would you advise to prevent such attacks

What steps would you advise to prevent such attacks? What limitations does this form of attack have - explain why the flag has been set and what it means for TCP connection.

  Write application-layer protocols use to move message

Explain how message gets from Alice's host to Bob's host. Make sure to list series of application-layer protocols which are used to move message between the two hosts.

  What is a disaster recovery firm

What is a disaster recovery firm? When and why would you establish a contract with them?  -What is online backup?

  What firewall setup would provide the firm both flexibility

Which firewall technologies should be deployed to (a) secure the internet-facing web servers (b) to protect the link between the web servers and customer database (c) to protect the link between internal users and the customer database? Be sure to..

  Explain why we should not choose primes p and q that are

1 find the primes p and q if n pq 4386607 and phin 4382136.2 explain why we should not choose primes p and q that are

  What kind of environment is being faced by cybersecurity

Why will the policy decisions faced by a telecommunication executive be very different from the policy decisions faced by a military strategist? What kind of environment is being faced by cybersecurity decision makers

  Computer forensics investigation

After a computer forensics investigation, you require to meet with your section or group of fellow investigators and critique the case in an effort to improve your work.

  Difference between cyber-related crimes and cyber crimes

Summarize the difference between cyber-related crimes and cyber crimes. On cyber crimes, define cyber trespass, cyber vandalism and cyber privacy. On cyber-related crimes describe the difference between cyber-assisted and cyber-enhanced crimes.

  Description of a couple of cloud services

Develop a paper for him, at least 2 pages (1.5 spaced) in length, font 12, that discusses the different types of cloud computing, provide him with the description of a couple of cloud services which would be applicable to email, one of them which ..

  Identify strategies for combatting insider threats

Identify strategies for combatting Insider Threats. Out of the ‘'Top threats'' which threat you regard to be the most significant and why?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd