Free Essay

Password Security

In: Computers and Technology

Submitted By crstlblues
Words 2777
Pages 12
[pic]

Password Security

And Other Effective Authentication Methods

[pic]

Table of Contents
Introduction 1

User Accounts 1

Account and Password Policy 2

Password Attacks 4

Authentication Methods and Password Management 5

Public Key Infrastructure 6

Single Sign-On (SSO) 6

One-Time Password (OTP) Tokens 7

Biometrics 7

Fingerprints 7

Face Scans 7

Retina Scans 7

Iris Scans 7

Palm Scans 8

Hand Geometry 8

Heart Patterns 8

Voice Pattern Recognition 8

Signature Dynamics 8

Keystroke Patterns 8

Password Managers 8

Conclusion 9

Bibliography 10

Introduction

Human beings are arguably the weakest link in computer and information security. People pose such a significant threat to their own computer networks and personal information simply because they don’t keep password security in the forefront of their mind. This is one of the reasons passwords are considered a poor security mechanism. Still, passwords are the most common method for user authentication on computer systems and websites. Passwords are so easily hacked and used to steal personal information such as bank account credentials, credit card numbers, etcetera, contributing to the significant growth of identity theft, most of which could be prevented by using strong passwords and not writing them down. End user education on more secure authentication methods such as strong password creations and two factor authentication can help to improve cyber security for all organizations.

User Accounts

One of the key tasks to administering a network is managing user accounts. User accounts have two main functions according to the Guide to Networking Essentials: 1. To provide a way for end users to authenticate to a network, and 2. To provide detailed information about the user on the network (Tomsho).
User accounts allow network administrators to control who has access to network resources by creating a username and password. End users log into the network and access network resources using the assigned username and password. If an end user attempts to access network resources with the incorrect username and password, they typically receive an access denied error message. Secure networks that use this method will typically lock an account after a specified number of unsuccessful log in attempts, usually three (3). This keeps the network resources secure from unauthorized users.

Account and Password Policy

Network administrators for large networks should develop a naming scheme for user accounts. This ensures that usernames use the same naming convention to keep things consistent. Many organizations use a combination of the user’s initials and part of their name. Other organizations use a combination of letters and numbers. Either way, the naming convention should be the same for all end users. Consideration should be made for whether or not a minimum and maximum number of characters in account names should be enforced. Network administrators should also determine how cryptic the username needs to be in order to maintain security. This will help determine if a combination of uppercase, lowercase, and special characters should be used.
Passwords should have the same considerations as the user name. However, they should be even more secure. To promote a secure network, according to Gregory Tomsho, administrators should set up a password policy that restricts or dictates certain password characteristics (Tomsho). Some common examples are: a minimum length for the password as longer passwords are harder to guess, a minimum and maximum age so that the same password isn’t used for extended periods of time, specific complexity requirements such as requiring a certain amount of character types like uppercase, lowercase, and special characters makes it hard to guess passwords even with software designed to guess passwords. Account lockouts should also be set up to restrict access to or disable a user’s account after a specified number of failed logons.
Often times, a network administrator creates a random password as the initial password for end users. The end user is typically required to change the password at first log on and can then set the password to whatever they want as long as it meets the complexity requirements. Networks should always require that end user passwords expire at certain intervals. This enhances the network’s security, however, the interval should not be so short that the users have to write the password down to remember which one they’re using.
When creating their own passwords, users should understand not to reuse parts of their name, logon name, email address, employee number, social security number, phone number, extension, or any other identifying name or code according to the Certified Information Systems Security Professional Study Guide (Steward, Tittel and Chapple). They should be advised not to set dictionary words, slang, or acronyms specific to an industry as their password but should instead use nonstandard capitalization and spelling and should switch letters and replace letters with numbers when possible for additional security.
The United States Computer Emergency Readiness Team cites three common mistakes users make when it comes to passwords. The biggest and most common mistake is using a weak password (Huth, Orlando and Pesante). They refer to it as “closing your front door but not locking it.” Dictionary terms, common phrases, your name and birthday constitute weak passwords as they are typically things that can be guessed easily. Using complex passphrases are much more secure. This means using a sentence or two and combining them, misspelling, adding numbers or special characters, and turning the sentences into shorthand create a strong passphrase. An example of this would be taking a sentence like “Complex passwords are safer”, according to Microsoft’s Safety & Security Center, and turning it into “ComplekspasswordsRsafer2001.”
The second mistake is using the same password for all accounts. If an attacker gains access to any one of a user’s accounts, they can access all of the user’s accounts if the same password is used for each one. It is more secure to use a separate password for each separate account and use a password manager to keep track of them. The third common mistake involves exposing passwords to others. This is done in a variety of ways maybe even without the user realizing it. Writing their passwords down, using public computers to log into accounts, and allowing your browser to remember your passwords are three of the common ways passwords are exposed to others.

Password Attacks

U.S. consumers have suffered more than $7.5 billion in damages due to malware and online scams according to Consumer Reports’ State of the Net 2009 survey (Consumer Reports). The majority of the losses came from malware while worms and viruses continue to cause billions of dollars in damage to corporate networks, email system, and data each year. As Kenneth and Jane Laudon explain in Essentials of Management Information Systems, malware is considered to be malicious software programs “which include a variety of threats such as computer viruses, worms, and Trojan horses (Laudon and Laudon).” Computer viruses consist of programs that attach executable files to other programs or files on a computer without the user realizing it causing the malicious program to be launched when the user performs a specific action. Worms are independent computer programs that copy themselves from computer to computer over a network. A Trojan horse is referred to as a software program that behaves in ways other than expected and serves as sort of a gate for viruses and worms to be introduced into a computer system. Often times, malware is used to send specific information to a certain computer system in order for malicious users to use the information for financial gain.
There are several ways a malicious user attempts to gain unauthorized access to a computer or network. One of the most common ways is by using network traffic analysis, also known as sniffing, where the attacker captures network traffic while users are attempting to authenticate and once they discover the password, they replay the packet against the network in order to gain access. Once they gain access, they can use a password cracking tool to extract usernames and passwords from the password database file. Once a password database file is stolen, an attacker can use a brute-force attack or a dictionary attack.
With a brute-force attack, attackers use a systematic trial of all possible character combinations to try and discover an account’s password. Similarly, a dictionary attack uses a script of common passwords and dictionary terms for the same purpose. Another common password attack is the hybrid attack which is a combination of a dictionary attack and then a brute-force attack. According to Stewart, Tittle, and Chapel, one way to monitor against these types of attacks is to use a password cracking tool on the password database file and require discovered passwords to be changed immediately (Steward, Tittel and Chapple).
Login spoofing attacks are also common these days. Attackers set up fake login screens that look like the real thing for a legitimate website, such as an online bank account. They email non-suspecting users with links to these login pages and some justification for the user to click on the link. When the user clicks on the link, it takes them to the fake login page where they put in the username and password for that site. The site records the user name and the password giving the attacker access to the user’s bank account.
Another common method for attackers to gain access to accounts is through social engineering. Attackers deceive a user into performing specific actions that give the attacker access to an account. For example, an attacker could call a helpdesk claiming to be somebody’s manager and request a password reset for their employee. Once the password is reset and they are given a temporary password, they are able to access the network under the employee’s account.

Authentication Methods and Password Management

Authentication is the process of verifying that a person is who they say they are. As mentioned previously, the most common authentication method is the password. There are three authentication type factors or information factors, according to the CISSP Study Guide, type 1 refers to something you know like a password, type 2 is something you have such as a one-time password token, and type 3 is something you are which could be a body part or other physical characteristic (Steward, Tittel and Chapple). Something you do and somewhere you are have been identified as two additional factors. Many organizations have started using multiple-factor authentication to grant access to secure resources. This way, if a token, a password, and a biometric factor are all used to authenticate, then a physical theft, a password crack, and a biometric duplication attack would all have to occur simultaneously and succeed in order to gain entry to the resource.

There are multiple authentication methods that can be used to create a stronger combination:

Public Key Infrastructure

According to The Government of Hong Kong’s Password Management, Public Key Infrastructure (PKI) uses mathematical algorithms to provide data confidentiality, data integrity and authentication in order to facilitate secure transactions (The Government of the Hong Kong Special Administrative Region). This technology provides proof of identity by using digital certificates. A digital certificate is a digital document which binds a public key to a person for authentication. A trusted Certificate Authority (CA) creates the digital certificate and digitally signs it using the CA’s private key which authenticates the identity of the requestor. PKI allows users to authenticate themselves on various applications without having to pre-register with the website and has proven particularly useful for companies that run multiple applications which require authentication.

Single Sign-On (SSO)

The single sign on method of authentication allows users to authenticate one time through the authentication server to access multiple applications both internal and external to the organization. This allows users to only need to keep track of one password for the multiple systems. Of course the downfall is if a single authentication event is compromised, all resources that the user has access to are compromised as well.

One-Time Password (OTP) Tokens

With the one-time password token, users are able to authenticate using two unique factors, types 1 and 2. This is referred to as two factor authentication. In this case, users authenticate with something they have which is the token, and something they know, which is the PIN or password. The physical token generates a one-time use password during specific intervals, every 90 seconds for example. The user will use that one-time password and the PIN for the token in order to authenticate which grants access to the protected resources. Many companies use this type of authentication for accessing their virtual private networks (VPNs).

Biometrics

The use of biometric factors is another common type of authentication method. This method falls under type 3, something you are. These are physical factors that are unique to an individual. Biometric factors include the following:

Fingerprints

The macroscopic patterns on the tips of the fingers and thumbs are used to authenticate.

Face Scans

Scanning the geometric patterns of the face is used for recognition.

Retina Scans

Measuring the pattern of blood vessels at the back of the eye are the most accurate form of biometric authentication.

Iris Scans

Iris scans are the second most accurate form, they focus on the colored area around the pupil but are unable to differentiate between identical twins as retina scans do.

Palm Scans

This is also known as palm topography and utilizes the entire area of the hand working much the same way as fingerprint scans.

Hand Geometry

This recognizes the physical dimensions of the hand including the width and length of the palm and fingers.

Heart Patterns

Measuring the user’s heartbeat ensures that a real person is attempting to authenticate.

Voice Pattern Recognition

This factor differentiates between one person’s voice and another relying on the sound of the user’s speaking voice.

Signature Dynamics

This examines how a subject performs the act of writing a string of characters.

Keystroke Patterns

This measures how the user types on a keyboard by analyzing flight time and dwell time.

Each of the biometric authentication factors has varying levels of accuracy and user acceptance. Which combination of authentication methods is dependent upon how secure the organization needs access to be and how much money they have available to spend on implementing such authentication methods.

Password Managers

A password manager is essentially an encrypted database that stores all of your passwords in one location that is protected by one master passphrase. There are a multitude of password management tools out there and it is important for each user or organization to pick the one that they are most comfortable with. Reading the consumer reviews on each of the tools will give a better idea of what people that have used it think about it. Many antivirus programs are now offering password managers as part of the computer security package as well.

Conclusion

While passwords are the most common method of authenticating on computer systems and websites, they are only effective when a single, strong passphrase is used for each account. Using password managers and other authentication methods significantly increase the security of computers and accounts by making it harder for attackers access the secured resources. User education plays a vital role in keeping networks safe from attack so strong password policies combined with a thorough understanding of how to be used appropriately will greatly reduce malicious attacks to user accounts and network resources reducing the massive monetary damages to users and organizations throughout the world.

Bibliography

Huth, Alexa, Michael Orlando and Linda Pesante. "Password Security, Protection, and Management." n.d. United States Computer Emergency Readiness Team. http://www.us-cert.gov/sites/default/files/publications/PasswordMgmt2012.pdf. 01 02 2015.

Laudon, Kenneth C. and Jane P. Laudon. "System Vulnerability and Abuse." Laudon, Kenneth C. and Jane P. Laudon. Essentials of Management Information Systems. Upper Saddle River: Pearson Education, Inc., 2011. 235-259. Book.

Londis, Dino. Informaton Week 10 Top Password Managers. 30 04 2013. http://www.darkreading.com/risk-management/10-top-password-managers/d/d-id/1109759? 01 02 2015.

Steward, James Michael, Ed Tittel and Mike Chapple. Certified Information Systems Security Professional Study Guide. Indianapolis: Wiley Publishing, Inc., 2011. Book.

The Government of the Hong Kong Special Administrative Region. "Information Security." February 2008. Password Management. www.infosec.gov.hk/english/technical/files/password.pdf. 01 02 2015.

Tomsho, Gregory. Guide to Networking Essentials. Boston: Course Technology, Cengage Learning, 2011. Book.

Consumer Reports. State of the Net 2009. June 2009.

Microsoft Safety & Security Center. Create Strong Passwords. 2012. Available from: http://www.microsoft.com/security/online-privacy/passwords-create.aspx. (accessed March 1, 2015).

-----------------------
March 1, 2015
Network Theory and Design…...

Similar Documents

Free Essay

Secured Authentication 3d Password

...SECURED AUTHENTICATION: 3D PASSWORD INTRODUCTION: Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc. Current authentication systems suffer from many weaknesses. Textual passwords are commonly used; however, users do not follow their requirements. Users tend to choose meaningful words from dictionary or their pet names, girlfriends etc. Ten years back Klein performed such tests and he could crack 10-15 passwords per day. On the other hand, if a password is hard to guess, then it is often hard to remember. Users have difficulty remembering a password that is long and random appearing. So, they create short, simple, and insecure passwords that are susceptible to attack. Which make textual passwords easy to break and vulnerable to dictionary or brute force attacks. Graphical passwords schemes have been proposed. The strength of graphical passwords comes from the fact that users can recall and recognize pictures more than words. Most graphical passwords are vulnerable for shoulder surfing attacks, where an attacker can observe or record the legitimate user’s graphical password by camera. Token based systems such as ATMs are widely applied in banking systems and in laboratories entrances as a mean of authentication. However, Smart cards or tokens are vulnerable to loss or theft. Moreover, the user has to carry the token whenever access required. Biometric......

Words: 4892 - Pages: 20

Free Essay

Ad Password Policys

...A reasonable approach for an AD password policy, this will a be determined by how, & what your ideas are and what your trying to accomplish. I know that you’d mention that a competitor has recently been hack into and security is the number one thing that should be addressed. But putting too many limitations on yourself and your employee might hinder production or have conflicts within the company. Let’s be honest, passwords are annoying. These days we need a password or PIN’S everywhere for security and protect with a peace of mind. Now days we have so many that we can’t even keep track of them all, I myself have this issue. Here is some issue that might be well in doubt with you and your company. We forget to update them; it’s difficult to come up with effective ones that we can still remember, so we procrastinate changing them for months, even years. We all know that this is bad practice, but the alternative along with the painful, irritating password creation and memorization process, is sometimes more than we can tolerate. Password is simpler and cheaper than others, more secure forms of authentication like special key cards, fingerprint ID machines, and retinal scanners. While passwords are becoming more and more vital component of system security, and with that they can be cracked or broken relatively easily. Password cracking is the process of figuring out or breaking passwords in order to gain unauthorized entrance to a system or accounts. The difference......

Words: 969 - Pages: 4

Free Essay

Password Planning

...your dilemma. Productivity should be the focus but we can’t overlook security, otherwise we will be at a standstill. We can tighten up security without having employees jump through those 17 hoops. We will need to spend time and educate these employees as to our security concerns and maybe it will help them get on board with the necessary changes as well as well as making it easy on them. Passwords are like passports or a blank check; if lost or stolen they give hackers a world of opportunity by providing access to your personal, financial and work data. The company wide Password Policy helps you be proactive in selecting a strong password and managing them, to protect your identity and company resources. Once you've read and understood the password policy, you should change your password and other passwords that do not meet the standards. Strong Password Characteristics * Are at least eight alphanumeric characters long * Contain at least three of the following four categories: * upper case characters (e.g., A-Z) * lower case characters (e.g., a-z) (Note: Oracle does not distinguish between upper and lower case in passwords.) * Digits (e.g., 0-9) * Special characters ( e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./) (Note: Oracle allows only the special character underscore (_) in a password, unless the password is enclosed in quotes.) * Are kept private. Passwords should be memorized or, if written down, kept in a locked file......

Words: 557 - Pages: 3

Premium Essay

Security

...others. The following are examples of the media which may contain or comprise information assets. • • • • • • • • • • databases and data files system documentation user manuals training material operational or support procedures continuity plans and fallback arrangements back-up media on-line magnetic media off-line magnetic media paper Services • • computing and communications services (owned by MIS) heating, lighting and power (owned by Manager or Building Services Manager) 1 17/01/03 First•Base Technologies Town Hall Chambers High Street Shoreham-by-Sea West Sussex BN43 5DD UK Tel: +44 (01273 454 525 Fax: +44 (0)1273 454 526 info@firstbase.co.uk Guidance on Information Classification Categories for classifying document security Category 1 : Routine (non-confidential) documents Description: All documents of a routine nature. Effects of disclosure: No measurable damage to the company or a department. Examples: Normal memos, routine reports, circulars. Estimated occurrence of this classification: More than 80% of all documents would be within this class. Recommended marking of document: This is the default class. Therefore, there should be no need to mark non-confidential material, and all unmarked material would normally be expected to fall in this category. Recommended electronic storage: On network drives including shared areas without concern. Laptop users may store such documents on their local hard drive. Recommended paper storage: Normal filing......

Words: 2760 - Pages: 12

Premium Essay

3d Password

...Definition of 3D password Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc .Mostly textual passwords follow an encryption algorithm as mentioned above. Biometric scanning is your "natural" signature and Cards or Tokens prove your validity. But some people hate the fact to carry around their cards, some refuse to undergo strong IR exposure to their retinas(Biometric scanning).Mostly textual passwords, nowadays, are kept very simple say a word from the dictionary or their pet names, girlfriends etc. Years back Klein performed such tests and he could crack 10-15 passwords per day. Now with the technology change, fast processors and many tools on the Internet this has become a Child's Play. Introduction of 3D password Therefore we present our idea, the 3D passwords which are more customizable and very interesting way of authentication. Now the passwords are based on the fact of Human memory. Generally simple passwords are set so as to quickly recall them. The human memory, in our scheme has to undergo the facts of Recognition, Recalling, Biometrics or Token based authentication. Once implemented and you log in to a secure site, the 3D password GUI opens up. This is an additional textual password which the user can simply put. Once he goes through the first authentication, a 3D virtual room will open on the screen. In our case, let's say a virtual garage The 3D password is a multi......

Words: 602 - Pages: 3

Premium Essay

Password Guidance

...Resources Access and Use. Retrieved from http://www.nist.gov/director/oism/itsd/policy_accnuse.cfm Retrieved on February 27, 2014 HHS, 2007. HIPAA Security Series. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf Retrieved on March 8, 2014Task 1Heart Healthy Information Security Policy:The information security policy is divided into two major parts – the policy for any new user entering the organization and the password management:New Users:All the new users will get appropriate access and rights, which will be reflective of their responsibilities in the organization. These accesses will enable the user to access all the required data files and information to complete their tasks. While assigning the rights and accesses to the new user a a document should be signed between the new user and the supervisor which will detail all the roles and responsibilities that the user will perform and also the corresponding access and rights. In case the user requires any administrator access then signature of the respective manager will be required. All the new users will have to undergo an orientation program and some additional training which will tell them about the work place, work culture, security policies, information security policies etc. The additional trainings will focus on password management, remote device protection, file downloads, content management (how to manage the file transfers over open networks, especially for......

Words: 283 - Pages: 2

Premium Essay

Security

...their network during its regular monitoring of security check. The hackers made it through breaking in to the network and stole the sensitive and personal data of the customers which includes encrypted credit and debit card information, illegal access of customer ID's and also source code of other various Adobe products like Adobe Acrobat and ColdFusion, ColdFusion Builder. On the companies saying that the hackers got access to the encrypted customers passwords and debit and credit card numbers too. There is also a huge loss of data occurred during this data breach which impacted immense number of people internally and externally.[1][2][3] 2. Financial Loss According to Adobe initially it was said that over 2.9 million customers personal data has been breached during the cyber-attack by the hackers and is also believed to be that there is some data deletion done relating to the 2.9 million customers who were affected by this breach. The cyber-thieves stole the customer sensitive and personal data which also includes encrypted credit card information of many customers. After a few days the company confirmed that over 38 million active users have been affected and the attackers got access to their IDs and encrypted passwords and also to many Adobe accounts which are inactive. A 3.8 GB data was stolen from the Adobe by the attackers which includes of 152 million usernames. As a part of compromise the company is resetting the passwords for all the customers who are suspected......

Words: 888 - Pages: 4

Free Essay

Sans Password Protection

...Password Protection Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is no prior approval required. If you would like to contribute a new policy or updated version of this policy, please send email to policy-resources@sans.org. Things to Consider: Please consult the Things to Consider FAQ for additional guidelines and suggestions for personalizing the SANS policies for your organization. Last Update Status: Updated June 2014 1. Overview Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorized access and/or exploitation of <Company Name>'s resources. All users, including contractors and vendors with access to <Company Name> systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. 2. Purpose The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change. 3. Scope The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any <Company Name> facility, has access to the <Company Name> network, or stores any non-public <Company Name> information. 4. Policy 4.1......

Words: 1105 - Pages: 5

Premium Essay

Security

...Project Part 1 Multi-Layered Security Plan | NT2580 | | James Maus | 8/21/2015 | In the process of emerging a mulit-layered security plan, you will need to see the seven domains of the IT set-up. The security will be increased on each of the domains. Security increase on the seven domains increases complete security of the system and build a mulit-layered security plan. Only the users can negotiate the system in the user domain. Easy passwords can cause a lot of problems so we will need to use difficult passwords with eight characters and up. Passwords will include special characters with capitals and lowercase. A limit to how long you can use the password and to only a one time password use. Workstations will have antivirus and malware protection installed. Since laptops are very weak and easy to get lost or stolen, the companies will have a converted hard drive so only the owner can recover the data. On the LAN domain, you should never open any scam emails when on company systems. To reduce email malware, you should add spam filters to stop junk email and reduce employee mistakes. On the LAN to WAN domain, we should switch the FTP to secure FTP so only our suers can have access to the FTP server. On the WAN domain there should be firewalls put in place on the network to filter inbound traffic. In the case of the Richman investments, network of\ any kind of traffic that is coming in and out is not needed will be stopped by a firewall. Reference Courtesy of...

Words: 444 - Pages: 2

Free Essay

Pass Without a Password

...Pass without a password My PasswordSafe has 53 entries right now. It all started when I started using mail some years back. As I spent more time online the number of passwords increased. Though I tried all solutions like PasswordSafe, Firefox Sync it is never enough and I end up clicking ‘Forgot Password’ once in a while. I started dreaming of a password less browsing experience. . Let’s first dissect the problem. What is a password – it is something which only the user and the service provider know. This is established in the first meeting and used during the subsequent meetings to establish the identity of the user. What if there is some other data which both the service provider and the user know but need not be established as such? Can we use this data for authentication? What will be the challenges? . Firstly can service providers record data which is inherently known to user be used for authentication? . Data generated by the users while using a service can be used to authenticate the user in most cases. This is already in use in a variety of ways. If one logs into Facebook from an IP geographically disparate from one’s normal location, Facebook step-up authenticates the user with questions about his/her friends. Another example is where phone banking asks you for the last two transactions to establish genuine callers Now there are challenges in this approach – if the data used for the authentication is publicly available to a larger set of users it can’t......

Words: 377 - Pages: 2

Premium Essay

Security

...Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own......

Words: 93588 - Pages: 375

Free Essay

Password Strength Is Not Password Security

...Password Strength is not Password Security Kevin Marino November 11, 2013 MSCC697, Regis University Professor Garcia Password Strength is not Password Security When password security becomes the topic of conversation it generally focuses on how strong a password is and whether or not the user reuses a password across multiple sites. While these aspects can affect password security, there are certain measures that the server side of the authentication process can implement to increase security without the user changing their habits. This approach would solve many of the security problems that authentication servers are facing. The goal of this study is to determine a set of best practices that can be implemented to increase security without the intervention of the user. While passwords may not be around forever, due to the introduction of new authentication hardware, they will be around until one of these hardware become mainstream and readily available to the general public. These practices will offer greater security until that time comes. User authentication in today's world generally requires a user name and a password. Though the strength of the user's password is generally seen as the base line for security, the authenticating server can implement certain security measures that can compensate for weak passwords. One main factor for considering different security measures is the advancement of brute force attack......

Words: 1960 - Pages: 8

Free Essay

Passwords

...A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password should be kept secret from those not allowed access. The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only allow a person or group to pass if they knew the password. In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing programs, databases, networks, web sites, and even reading the morning newspaper online. Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words may be harder to guess, a desirable property. Some passwords are formed from multiple words and may more accurately be called a passphrase. The term passcode is sometimes used when the secret information is purely numeric, such as the personal identification number (PIN) commonly used for ATM access. Passwords are generally short enough to be easily memorized and typed. Authentication by password is less secure than authentication which uses......

Words: 253 - Pages: 2

Free Essay

Security

...few of these security issues and discuss ways to prevent attacks from occurring. Users pose the largest security threat to a pc. Users go out on the internet, haphazardly clicking away on links that could open their pc for an attack. Malware, phishing scams, bot herding, viruses, and worms are just a few of the ways that your pc can be attacked. First and foremost is the user needs to understand that they must use caution when accessing the network. Follow sensible rules such as, don’t open email from strangers, don’t click on strange links, and don’t walk away from the pc without logging out. Never give out passwords, and change passwords often. Every 30-90 days is good and make sure you create strong passwords. As a rule of thumb, only give users access to the specific files and folders that they need. Use common sense when you are on the network and you can prevent malicious attack on your pc and protect sensitive information. Another way to protect your pc from malicious attack is by utilizing patches and hotfixes to the operating system software. Regular updates to the OS ensure that your device has some protection from worms or other malicious code that can damage the pc. Use firewalls on the network. Antivirus software needs to be installed also to protect the pc and it is imperative that you ensure that the program is updated regularly (Brandt, 2009). It is very important to schedule regular scans of the pc to check for viruses or other security......

Words: 693 - Pages: 3

Premium Essay

Security

...SECURITY WEAKNESSES FOR QUALITY WEB DESIGN INTRODUCTION 3 ABSTRACT 3 COMPANY BACKGROUND 3 SOFTWARE WEAKNESSES 4 EMAIL SERVER WEAKNESSES 4 SOLUTION 4 DATABASE WEAKNESS 5 SOLUTION 5 HARDWARE RELATED WEAKNESSES 6 HARDWARE WEAKNESSES 6 SOLUTION 6 HARDWARE POLICY WEAKNESSES 6 SOLUTION 7 REFERENCES: 8 INTRODUCTION A company that deals with making web site and web business solutions is known as Quality Web Design (QWD). The company provides its customers to provide an opportunity so that they can spread their business through the internet. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. ABSTRACT QWD provides business solutions via Internet to its customers. The circuit used by the company may prove various flaws to security and the hardware and software used have various limitations as Microsoft share point which have limitations in supporting virtualization, upgrade whereas the web server provided by IBM provides various functionalities over the Microsoft web server. The company has a very good hardware, software, network system, the assets used by the company provide the support to the business process but there are many limitations of the hardware, software, assets and the network design. They provide the support to the companies by providing web solutions so that they can spread their business through internet. The company processes also......

Words: 1442 - Pages: 6