1) Describe two distinct types of attack against password systems and the countermeasures against eachof those attacks.2) Describe two general "good practices in coding". For each of them explain why they are appropriateand give an example of what could go wrong if that practice is not followed.3) A company has two departments, A and B, and has determined that it is appropriate to have two levelsof sensitivity, in increasing order: 0 and 1. Draw a BLP lattice system to represent this scenario. Usingexamples referring to this lattice, explain the three BLP rules, 2 mandatory and 1 discretionary.4) Explain what tailored attacks are. Give some specific examples in two different domains and explainhow they perform relative to other attacks in those domains.5) Explain two outcomes an attacker may aim for with a Buffer overflow attack. Sketch how and why aBuffer overflow attack works. You do not need to write code but can if it helps you to explain.6) Explain what a Trojan Horse is. Describe two distinct methods of identifying a Trojan Horse and explainwhen and why each of those methods might be appropriate.

Actually, given information regarding types of attack.

Answered: Describe two distinct types of attack…

Engineering

Computer Science

Describe two distinct types of attack against password systems and the countermeasures against each of those attacks.

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter10: Planning For Contingencies

Section: Chapter Questions

Problem 1EDM

See similar textbooks

Related questions

Q: What precisely is multifactor authentication, and how does it function in practice? What function…

A: Introduction: SMP systems share a memory, and programs that process vast quantities of data and…

Q: What is multifactor authentication and why is it important? What function does it play in the…

A: Intro multifactor authentication Proof of most things is when you use two or more validations.…

Q: what are the different crypto-malware ransomware attacks? What do they do?

A: Crypto-malware ransomware attack: Crypto-ransomware is a type of harmful program that encrypts…

Q: What is multifactor authentication? In what ways does it assist to protect passwords from being…

A: The Solution: Authorization is contingent on a number of factors, including To log into an account…

Q: What is multifactor authentication and why is it useful? What role does it play in preventing…

A: Introduction: Security is critical when it comes to securing sensitive information.

Q: escribe the multifactor authentication technique and the phrase's meaning. What level of security…

A: Intro Describe the multifactor authentication procedure and the meaning of the phrase. What level of…

Q: What are the benefits of multifactor authentication? In what way does it contribute to preventing…

A: Answer the above question are as follows

Q: An explanation of the challenge–response authentication mechanism is needed. What makes it more…

A: NOTE :- Below i explain the answer in my own words by which you understand it well. Challenge…

Q: Describe the challenge–response authentication technique and its operation. What makes it more…

A: Introduction In this question, we are asked to Describe the challenge-response authentication…

Q: In terms of safety, how can the benefits and drawbacks of different forms of authentication be…

A: Distinguished: Being differentiated means valuing someone. It's not uncommon for outstanding…

Q: In terms of authentication, define what a challenge–response system is. How does it give a higher…

A: Introduction : Authentication is the process of identifying users that request access to a…

Q: The notion of challenge–response authentication must be understood. In what way is it more secure…

A: Challenges in Security Authentication: 4 Problems with User Authentication That Developers and…

Q: A detailed discussion of cookies, at least two distinct types of cookies, and their influence on…

A: Cookies: Cookies are text files containing tiny information, such as a login and password, that are…

Q: In the context of authentication, describe the notion of a challenge–response system. Is this…

A: The question has been answered in step2

Q: What exactly is meant by the term "multifactor authentication," and how does its application work in…

A: In this question we need to define the term "multifactor authentication" and provide the real life…

Q: What exactly is multifactor authentication and how does it work? What role does it play in…

A: Multifactor authentication, or MFA, is a type of security in which an account must be accessed using…

Q: What is multifactor authentication, and how does it work? What role does it play in password…

A: Introduction: Using a password in conjunction with a code delivered to your smartphone to verify…

Q: Compare and contrast the benefits and drawbacks of the various authentication techniques now…

A: This authentication method does not rely on the users in any way since it is outsourced to a…

Q: In reality, what does multifactor authentication include and how does it work? To what goal does it…

A: Multi-Factor Authentication: MFA is an authentication method that requests two or more verification…

Q: When it comes to two-factor authentication, I'm still fuzzy on the details. How much of an…

A: Two-factor authentication: Is a security procedure that requires users to provide two separate means…

Q: My grasp of multifactor authentication is, at best, incomplete. How therefore does it aid in…

A: Is a kind of security that employs numerous security measures to assess if a user is authorized to…

Q: Please define the concept of a challenge-and-response authentication system in your own words…

A: challenge-and-response authentication system A family of protocols known as challenge-response…

Q: Give a breakdown of the many preventative measures that may be taken against phishing and spoofing…

A: Phishing is done by using the techniques of spoofing and making you the bait by lurking you around.…

Q: My understanding of multifactor authentication is limited at best. What role does it play in…

A: Introduction: Is a type of security that uses multiple security measures to determine if a person is…

Q: What is multifactor authentication and how does it function? What role does this play in the…

A: Multi-factor authentication is when a user must provide two or more pieces of evidence to verify…

Q: What is multifactor authentication, and how does it work? What role does it play in protecting…

A: Introduction: When it comes to establishing trust, authentication is the process of identifying…

Q: It is necessary to provide an explanation of what a challenge–response system for authentication is…

A: Challenge Response Authentication Mechanism (CRAM): The most often used method of authenticating…

Q: When it comes to security, what are the Distinguish between the advantages and disadvantages of…

A: This authentication technique is not reliant on the users because it is outsourced to a monitoring…

Q: Give a rundown of the many preventative actions that may be done against phishing and spoofing…

A: Phishing and Spoofing: When fraudsters collect personal information about you from websites or…

Q: Give two examples of a bad password and for each example, explain why it is considered as bad.

A: INTRODUCTION: Many security experts advise against using the same password in many locations,…

Q: What is multifactor authentication and how does it work? What role does it play in preventing the…

A: A multi-factor authentication system in which successful authentication involves the use of many…

Q: What is multifactor authentication and how does it work? How does it aid in the prevention of…

A: The answer :

Q: Describe what a challenge–response system for authentication is and how it works. What makes it more…

A: System of challenge–response In a client-server system, password-based authentication is often used.…

Q: I'm confused about the concept of two-factor authentication. To what extent does it contribute to…

A: Two-factor authentication, is a security process that verifies users with two different forms of…

Q: What is multifactor authentication, and what are the benefits of it? What role does it play in the…

A: The answer :

Q: Define the term "authentication challenge-response system" and provide some examples of its use. As…

A: Password-based authentication is often used in databases in client-server systems. But since…

Q: What are the advantages and disadvantages of various techniques of authentication in terms of…

A: Authentication is the process of ascertaining if someone or something is who or what they claim to…

Q: Could you please explain what a challenge-and-response authentication system is and how it works in…

A: Authentication system: In the field of computer security, challenge–response authentication refers…

Q: In your own words, please explain the notion of a challenge-and-response authentication system…

A: Given: In client-server systems, authentication that is based on a password is often used. However,…

Q: If we used authentication, would we be able to make any progress toward achieving any of our goals?…

A: Introduction: By adding an extra authentication step to the login process, a criminal will have a…

Q: challenge–response authentication mechanism is and how it works. It is not immediately apparent what…

A: challenge-response auditing is a system of rules that protect against unauthorized users of the…

Q: Make a list of the flaws in passwords and the ways in which their strength might be improved.

A: People all around the world uses Information and Communications technologies for so many essential…

Q: The concept of two-factor authentication is one that I do not fully understand. How much of a role…

A: Overview: Two-factor authentication has been enabled to safeguard better a user's credentials as…

Q: How exactly does one go about putting in place a multifactor authentication system? What part does…

A: Answer : Multifactor authentication system is a system in which the owner of any application or…

Q: What exactly is multifactor authentication and why is it useful? What role does it play in the…

A: The question has been answered in step2

Q: My knowledge of multi-factor authentication is at best naive at best. What is its function in…

A: Interview: Multifactor authorization is a kind of security that uses many security measures to…

Q: What exactly is a "single point of failure" in terms of passwords?

A: Introduction: The true single point of failure is the user. Passwords for the average American's 150…

Question

1) Describe two distinct types of attack against password systems and the countermeasures against each
of those attacks.
2) Describe two general "good practices in coding". For each of them explain why they are appropriate
and give an example of what could go wrong if that practice is not followed.
3) A company has two departments, A and B, and has determined that it is appropriate to have two levels
of sensitivity, in increasing order: 0 and 1. Draw a BLP lattice system to represent this scenario. Using
examples referring to this lattice, explain the three BLP rules, 2 mandatory and 1 discretionary.
4) Explain what tailored attacks are. Give some specific examples in two different domains and explain
how they perform relative to other attacks in those domains.
5) Explain two outcomes an attacker may aim for with a Buffer overflow attack. Sketch how and why a
Buffer overflow attack works. You do not need to write code but can if it helps you to explain.
6) Explain what a Trojan Horse is. Describe two distinct methods of identifying a Trojan Horse and explain
when and why each of those methods might be appropriate.

Expert Solution

This question has been solved!

Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.

This is a popular solution!

SEE SOLUTION Check out a sample Q&A here

Step 1

VIEW

Step 2

VIEW

Trending now

This is a popular solution!

Step by step

Solved in 2 steps

SEE SOLUTION Check out a sample Q&A here

Knowledge Booster

Learn more about

Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.

Similar questions

In the context of information security, the principle of 'need-to-know' is one of the most important ones to consider. What does the principle of 'need-to-know' implies? * Critical tasks can only be completed by at least two individuals, so that collusion is needed to be able to commit fraud. Users should have access to only the information that is needed to perform their tasks. Users should be assigned with a minimum level of access rights to perform their tasks. O Users should be assigned only temporary access rights to perform their tasks.
Denial of Service attacks are estimated to happen once every six months (twice a year) in a mid-size company. One such company, XYZ, estimates the cost of recovering from a single DoS attack to be $12000. The company decides to apply a number of controls to counter these attacks. With these controls, the frequency of successful DoS attacks against the company reduces to once a year and the cost of recovering from an instance becomes $8000. The cost of implementing these controls is $7,000 a year. The annual loss expectancy (ALE) without controls is $ A . The annual loss expectancy (ALE) with controls is $
Denial of Service attacks are estimated to happen once every six months (twice a year) in a mid-size company. One such company, XYZ, estimates the cost of recovering from a single DoS attack to be $12000. The company decides to apply a number of controls to counter these attacks. With these controls, the frequency of successful DoS attacks against the company reduces to once a year and the cost of recovering from an instance becomes $8000. The cost of implementing these controls is $7,000 a year. From a purely financial point of view, is it worth for the company to implement these controls? Calculate the prior and post ALE and do a cost-benefit analysis to answer the question. In your answer make sure that you indicate what ARO, SLE and ALE are with and without controls. State clearly whether the company should implement the controls and explain why.
Scenario 2 An organization dedicated to reducing spam tries to get Internet service providers (ISPS) in an East Asian country to stop the spammers by protecting their mail servers. When this effort is unsuccessful, the anti-spam organization puts the addresses of these ISPS on its "black list." Many ISPS in the United States consult the black list and refuse to accept email from the blacklisted ISPS. This action has two results. First, the amount of spam received by the typical email user in the United States drops by 25 percent. Second, tens of thousands of innocent computer users in the East Asian country are unable to send email to friends and business associates in the United States. Questions 1. Did the anti-spam organization do anything wrong? 2. Did the ISPS that refused to accept email from the black listed ISPS do anything wrong? 3. Who benefited from the organization's action? 4. Who was hurt by the organization's action? 5. Could the organization have achieved its goals…
3. Access control is one of the security approaches that enable an organization to restrict access of its group of users to information or tangible assets. a) Explain any TWO (2) the importance of access control implementation in an organization. b) Describe THREE (3) principles required to apply the access control. c) By considering Uniec Campus System, why a different group of users such as student and lecturer are assigned with different access rights to the same information such as coursework?
Provide an example of a situation in which one of the four different methods of access control may be put into practice. What makes this choice different from the others that are available in this category?
One common description of the security issue (from the perspective of the defender) is the preservation of the confidentiality, integrity, and availability of data (and services). From the attacker's point of view, it is possible to conceive about interruption, interception, modification, and creation in many ways. Is there any relationship between the last four ideas and the first three concepts mentioned? Is there a match-up between any of the four and any of the other three players? If so, does one or more of the four include at least one of the three? Is there anything that comes within the purview of one formulation but not the other, and vice versa? Which framework is more advantageous, and why is this so?
Question: Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.(Every aspect (degree of importance, examples etc) need to be addressed)
Two new computer codes are being developed to prevent unauthorizedaccess to classified information. The first consists of six digits (each chosenfrom 0 to 9); the second consists of three digits (from 0 to 9) followed by twoletters (A to Z, excluding I and O).(i) Which code is better at preventing unauthorized access (defined as breaking the code in one attempt)?(ii) If both codes are implemented, the first followed by the second, what isprobability of gaining access in a single attempt?
To complete this assignment, you will need to do some research and produce a report that addresses the following issues regarding digital fingerprinting: You should concentrate on the following issues: What exactly is Digital Fingerprinting, and why is it employed in the first place? What is the operation of the fingerprinting algorithm? Explain how it works on a fundamental level. To achieve the intended result—either blocking, deleting, or authorizing the use of content—a series of actions must be taken. Fingerprinting, according to several cybersecurity experts, is abusive and exposes users' privacy concerns. Some browsers have included specific methods to prevent browser fingerprinting from occurring. Describe the safeguards used by any of the browsers to protect themselves against fingerprinting. List two common Fingerprinting Algorithms that are used nowadays.
Let's look at an example of when the full denial of services caused a problem for the user (the user gets no response from the computer). Another scenario in which a 10 percent denial of service (that is, the user's calculation continues, but at a pace 10 percent slower than normal) represents a significant issue for that user is described below. Illegal access to a computer system may result in a 10% denial of service to the system's legitimate users. If this is the case, what steps would you take?
It is important to compile a list of all known hazard categories and rank them according to the frequency with which they occur, preferably with URL proof.