CNM 251 - Chapter 11 || with Errorless Solutions 100%.
8 views 0 purchase
Course
CNM 251 - Chapter 11
Institution
CNM 251 - Chapter 11
Types of authentication credentials correct answers -Where you are: military base
-What you have: key fob to lock your car
-What you are: facial characteristics
-What you know: combination to health club locker
-What you do: do something to prove authenticity
User logging in to a system cor...
CNM 251 - Chapter 11 || with Errorless Solutions 100%.
Types of authentication credentials correct answers -Where you are: military base
-What you have: key fob to lock your car
-What you are: facial characteristics -What you know: combination to health club locker
-What you do: do something to prove authenticity
User logging in to a system correct answers -asked to identify himself (enter username)
-asked to authenticate (enter password)
Password correct answers -most common type of authentication
-provide only weak protection -actions can be taken to strengthen passwords
Password weaknesses correct answers -Weakness is linked to human memory -> can only memorise limited number of items
-long, complex passwords are most effective (most difficult to memorise)
-user must remember passwords for different accounts
-each account password should be unique
-security policies mandate passwords must expire -> users must repeatedly memorise passwords
Users often take shortcuts (for passwords) correct answers -using weak passwords (common words, short, personal information, same passwords again)
-users follow patterns when attempting to create stronger passwords:
-Appending: using letters, numbers, punctuation in a pattern
-Replacing: users use replacements in predictable patterns
Online attack correct answers An attempt to enter different passwords at the login prompt until the right password is guessed.
Attacks to discover passwords correct answers -Social engineering (phishing, shoulder surfing, dumpster diving)
-Capturing (key logger, protocol analyser, man-in-the-middle attack, replay attack)
-Resetting
Offline attack correct answers -method used by most password attacks today
-attackers steal file of passwords digests and compare it with their own digest they have created -include: Brute force, Mask, Rule, Dictionary, Rainbow tables, Password collections
Brute Force correct answers -every possible combination of letters, numbers, and characters used
to create encrypted passwords and matched against stolen file
-slowest most thorough method
NTLM (New Technology LAN Manager) hash correct answers -A hash used by modern Microsoft Windows operating systems for creating password digests. -attacker can simply pretend to be the user and sen the hash to the remote system to then be authenticated -known as a pass the hash attack
Mask Attack correct answers -more targeted brute force attack that uses placeholders for characters in certain positions of the password
Parameters that can be entered in a mask attack: correct answers -Password length
-Character set
-Language
-Pattern
-Skips
Rule Attack correct answers Conducts a statistical analysis on the stolen passwords that is used to create a mask to break the largest number of passwords
Dictionary Attack correct answers -attacker creates digests of common dictionary words
-compares digests against stolen digest file
3 types of Dictionary Attacks correct answers -Pre-image attack: uses a set of dictionary words and compares it with the stolen digests
-Birthday attack: the search for any two digests that are the same
-Hybrid attack: combination of a dictionary attack and a mask attack
Rainbow Tables + steps to use it correct answers -creates a large pregenerated data set of candidate digests
-Steps for using a rainbow table: 1. Creating the table: -Chain of plaintext passwords -Encrypt initial password
-Feed into a function that produces different plaintext passwords
-Repeat for a set number of rounds
2. Using table to crack a password:
-run encrypted password through same procedure used to create initial table
-results in initial chain password
-Repeat, starting with this initial password until original encryption is found
-Password used at last iteration is the cracked password
Rainbow table advantages correct answers -can be used repeatedly -faster than dictionary attacks
-less memory on the attacking machine is required
Two key elements for password attacks correct answers -Password Collections gave attackers a large corpus of real-world passwords
-Provided attackers advanced insight into the strategic thinking of how users create passwords (Capital letter at the beginning,...)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller FullyFocus. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.99. You're not tied to anything after your purchase.