Lecture-5-Password-Protection, Lecture notes of Information Security and Markup Languages

Master **Password Protection**, a fundamental topic in Information Security, with these clear and exam-focused study notes. Designed to simplify complex concepts, these notes will help you understand password security faster and prepare confidently for quizzes, assignments, midterms, and finals. **Topics covered:** • Password security fundamentals • Strong password creation and best practices • Common password attacks and vulnerabilities • Password hashing and salting • Multi-Factor Authentication (MFA) • Authentication methods • Password management and security policies These student-friendly notes are organized for quick learning and efficient revision, making them an excellent resource for **Cybersecurity, Computer Science, Information Technology, and Software Engineering** students. **Includes:** Lecture 5 – Password Protection Study Notes (PDF)

Typology: Lecture notes

2025/2026

Available from 06/30/2026

sanwal-fareed
sanwal-fareed 🇵🇰

9 documents

1 / 35

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Information System Security,
Intruders and password
protection
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23

Partial preview of the text

Download Lecture-5-Password-Protection and more Lecture notes Information Security and Markup Languages in PDF only on Docsity!

Information System Security,

Intruders and password

protection

Contents

■ Intrusion and intruder

■ Intrusion techniques

■ Intrusion prevention and detection

■ Password management

■ UNIX scheme

■ Password selection strategies

■ How to choose secure password.

■ References

Intruder

Someone who intrudes on the privacy or

property of another without permission.

Intrusion Techniques

■ The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system.

■ system must maintain a file that associates a password with each authorized user.

Intrusion Techniques

■ Number of password crackers, reports the following techniques for learning passwords:

❑ Try default passwords used. ❑ Try all short passwords (those of one to three characters). ❑ Try words in the system's online dictionary or a list of likely passwords.

Intrusion Techniques

❑ Collect information about users, such as their full names. ❑ Try users' phone numbers, social security numbers, and room numbers. ❑ Use a Trojan horse.

Intrusion prevention and detection

■ The best intrusion prevention system will fail. A system's second line of defense is intrusion detection, and this has been the focus of much research in recent years.

■ Intruder Detection is Novell's way of tracking invalid password attempts.

Intrusion detection approaches

■ Statistical anomaly detection: Involves the collection of data relating to the behavior of legitimate users over a period of time. Then statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior.

Password Management

■ Password Protection: The front line of defense against intruders is the password system. Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password. The password serves to authenticate the ID of the individual logging on to the system. In turn, the ID provides security in the following ways:

Password Management

■ The ID determines whether the user is authorized to gain access to a system.

■ The ID determines the privileges accorded to the user.

Password Management

❑ The modified DES algorithm is exercised with a data input consisting of a 64-bit block of zeros. ❑ The output of the algorithm then serves as input for a second encryption. ❑ This process is repeated for a total of 25 encryptions. ❑ The resulting 64-bit output is then translated into an 11-character sequence. ❑ The hashed password is then stored, together with a plaintext copy of the salt, in the password file

Password Management

Password Management

■ The salt serves three purposes:

❑ It prevents duplicate passwords from being visible in the password file. ❑ It effectively increases the length of the password without requiring the user to remember additional characters.

Password Management

■ Access Control: One way to thwart a password attack is to deny the opponent access to the password file. If the encrypted password portion of the file is accessible only by a privileged user, then the opponent cannot read it without already knowing the password of a privileged user.