User Account

All Pages

Calculate the timing of password-guessing attacks

Assignment Help Management Information Sys
Reference no: EM131121773

Chapter 1

1. Distinguish between vulnerability, threat, and control.

2. Theft usually results in some kind of harm. For example, if someone steals your car, you may suffer financial loss, inconvenience (by losing your mode of transportation), and emotional upset (because of invasion of your personal property and space). List three kinds of harm a company might experience from theft of computer equipment.

3. List at least three kinds of harm a company could experience from electronic espionage or unauthorized viewing of confidential company materials.

4. List at least three kinds of damage a company could suffer when the integrity of a program or company data is compromised.

5. List at least three kinds of harm a company could encounter from loss of service, that is, failure of availability. List the product or capability to which access is lost, and explain how this loss hurts the company.

6. Describe a situation in which you have experienced harm as a consequence of a failure of computer security. Was the failure malicious or not? Did the attack target you specifically or was it general and you were the unfortunate victim?

Chapter 2

1. Describe each of the following four kinds of access control mechanisms in terms of (a) ease of determining authorized access during execution, (b) ease of adding access for a new subject, (c) ease of deleting access by a subject, and (d) ease of creating a new object to which all subjects by default have access.

• per-subject access control list (that is, one list for each subject tells all the objects to which that subject has access)
• per-object access control list (that is, one list for each object tells all the subjects who have access to that object)
• access control matrix
• capability

2. Suppose a per-subject access control list is used. Deleting an object in such a system is inconvenient because all changes must be made to the control lists of all subjects who did have access to the object. Suggest an alternative, less costly means of handling deletion.

3. File access control relates largely to the secrecy dimension of security. What is the relationship between an access control matrix and the integrity of the objects to which access is being controlled?

4. One feature of a capability-based protection system is the ability of one process to transfer a copy of a capability to another process. Describe a situation in which one process should be able to transfer a capability to another.

5. Suggest an efficient scheme for maintaining a per-user protection scheme. That is, the system maintains one directory per user, and that directory lists all the objects to which the user is allowed access. Your design should address the needs of a system with 1000 users, of whom no more than 20 are active at any time. Each user has an average of 200 permitted objects; there are 50,000 total objects in the system.

6. Calculate the timing of password-guessing attacks:

(a) If passwords are three uppercase alphabetic characters long, how much time would it take to determine a particular password, assuming that testing an individual password requires 5 seconds? How much time if testing requires 0.001 seconds?

(b) Argue for a particular amount of time as the starting point for "secure." That is, suppose an attacker plans to use a brute-force attack to determine a password. For what value of x (the total amount of time to try as many passwords as necessary) would the attacker find this attack prohibitively long?

(c) If the cutoff between "insecure" and "secure" were x amount of time, how long would a secure password have to be? State and justify your assumptions regarding the character set from which the password is selected and the amount of time required to test a single password.

7. Design a protocol by which two mutually suspicious parties can authenticate each other. Your protocol should be usable the first time these parties try to authenticate each other.

8. List three reasons people might be reluctant to use biometrics for authentication. Can you think of ways to counter those objections?

9. False positive and false negative rates can be adjusted, and they are often complementary: Lowering one raises the other. List two situations in which false negatives are significantly more serious than false positives.

10. In a typical office, biometric authentication might be used to control access to employees and registered visitors only. We know the system will have some false negatives, some employees falsely denied access, so we need a human override, someone who can examine the employee and allow access in spite of the failed authentication. Thus, we need a human guard at the door to handle problems, as well as the authentication device; without biometrics we would have had just the guard.

Consequently, we have the same number of personnel with or without biometrics, plus we have the added cost to acquire and maintain the biometrics system. Explain the security advantage in this situation that justifies the extra expense.

Reference no: EM131121773

Questions Cloud

Find the molar absorptivity of the complex : Determine the formula of the complex. Use linear least-squares to analyze the data.
Most significant differences in delivering a presentation : What are the most significant differences in delivering a presentation in person versus online? What are the most significant differences in watching a presentation in person versus online? How does the desired effect on the audience influence your c..
Explore the effect of the insulation thickness : Explore the effect of the insulation thickness on the temperature of the aluminum and the heat loss per unit tube length
Management repository can be used throughout organization : Why do all the business units in an organization that use technology need to be involved in developing management information systems? How does that relate to the goal that a “knowledge-management repository” can be used throughout the organization?
Calculate the timing of password-guessing attacks : Argue for a particular amount of time as the starting point for "secure." That is, suppose an attacker plans to use a brute-force attack to determine a password. For what value of x (the total amount of time to try as many passwords as necessary) ..
Shadowing utilization nurse in an acute care : You are shadowing a utilization nurse in an acute care setting as part of your practicum. A physician recommends extending a patient’s hospital stay seven days for I.V. antibiotic therapy. The patient’s managed care plan denies the extension. What st..
What is the force and displacement of each piston : what is the force and displacement of each piston and the work out put of the slave cylinder piston?
Produces electric knives used to cut fabric : Jan Kottas is the owner of a small company that produces electric knives used to cut fabric. The annual demand is for 8,000 knives, and Jan produces the knives in batches. On average, Jan can produce 150 knives per day; during the production process,..
What is the company''s price-earnings ratio for year two : What is the company's price-earnings ratio for Year 2? What is the company's dividend payout ratio for Year 2? What is the company's dividend yield ratio for Year 2? What is the company's book value per share at the end of Year 2?

Reviews

Write a Review

 

Management Information Sys Questions & Answers

  Roles of prototyping and rapid application developmet

Discuss the roles of prototyping, rapid application development, and agile development

  Important information about should information on the

important information about should information on the internet be unrestricted?please answer the following

  Identify at least 10 business problems the bi center

Based on the materials in the textbook, especially the Case Studies in each Chapter, identify at least 10 business problems the BI Center will be able to solve. Be specific (e.g., reduce the customer churn)

  Ientify and describe three different types of web

1- when you should test web applications for known vulnerabilities? provide at least two examples using the sdlc

  Organizations responses to security threatshow should

organizations responses to security threatshow should organizations respond to security threats? use at least 200 words

  Prepare a paper describing the telecommunication systems

Workplace Telecommunications systems - Prepare a paper describing the telecommunication systems used at your workplace.

  Discuss whether decisions to outsource data centers

Discuss whether decisions to outsource help desk were the right one for J-TRADING strategically. Discuss whether decisions to outsource data centers were the right one for J-TRADING strategically.

  Write a program that prompts the user

Write a program that prompts the user for the following information inputs. Your program should display these inputs back. Remember, any variable must be declared prior to being used in the program

  Describe the overall manner in which ial uses

Discuss the significant attributes of a wiki, and describe the overall manner in which IAL uses wikis for its internal collaboration

  Questiona discuss who are the key people in an

questiona. discuss who are the key people in an organisation that can have the most effect on implementing green is

  Tour operator agency database

Tour Operator Agency Database

  Case outlineas the newly appointed manager of global

case outlineas the newly appointed manager of global insurance company eva khan was trying to learn as much as possible

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd