



























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Master **Password Protection**, a fundamental topic in Information Security, with these clear and exam-focused study notes. Designed to simplify complex concepts, these notes will help you understand password security faster and prepare confidently for quizzes, assignments, midterms, and finals. **Topics covered:** • Password security fundamentals • Strong password creation and best practices • Common password attacks and vulnerabilities • Password hashing and salting • Multi-Factor Authentication (MFA) • Authentication methods • Password management and security policies These student-friendly notes are organized for quick learning and efficient revision, making them an excellent resource for **Cybersecurity, Computer Science, Information Technology, and Software Engineering** students. **Includes:** Lecture 5 – Password Protection Study Notes (PDF)
Typology: Lecture notes
1 / 35
This page cannot be seen from the preview
Don't miss anything!




























■ Intrusion and intruder
■ Intrusion techniques
■ Intrusion prevention and detection
■ Password management
■ UNIX scheme
■ Password selection strategies
■ How to choose secure password.
■ References
■ The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system.
■ system must maintain a file that associates a password with each authorized user.
■ Number of password crackers, reports the following techniques for learning passwords:
❑ Try default passwords used. ❑ Try all short passwords (those of one to three characters). ❑ Try words in the system's online dictionary or a list of likely passwords.
❑ Collect information about users, such as their full names. ❑ Try users' phone numbers, social security numbers, and room numbers. ❑ Use a Trojan horse.
■ The best intrusion prevention system will fail. A system's second line of defense is intrusion detection, and this has been the focus of much research in recent years.
■ Intruder Detection is Novell's way of tracking invalid password attempts.
■ Statistical anomaly detection: Involves the collection of data relating to the behavior of legitimate users over a period of time. Then statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior.
■ Password Protection: The front line of defense against intruders is the password system. Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password. The password serves to authenticate the ID of the individual logging on to the system. In turn, the ID provides security in the following ways:
■ The ID determines whether the user is authorized to gain access to a system.
■ The ID determines the privileges accorded to the user.
❑ The modified DES algorithm is exercised with a data input consisting of a 64-bit block of zeros. ❑ The output of the algorithm then serves as input for a second encryption. ❑ This process is repeated for a total of 25 encryptions. ❑ The resulting 64-bit output is then translated into an 11-character sequence. ❑ The hashed password is then stored, together with a plaintext copy of the salt, in the password file
■ The salt serves three purposes:
❑ It prevents duplicate passwords from being visible in the password file. ❑ It effectively increases the length of the password without requiring the user to remember additional characters.
■ Access Control: One way to thwart a password attack is to deny the opponent access to the password file. If the encrypted password portion of the file is accessible only by a privileged user, then the opponent cannot read it without already knowing the password of a privileged user.