User Account

All Pages

Difference between a rainbow table and a hash lookup table

Assignment Help Computer Network Security
Reference no: EM13764034 , Length: 3000 Words

Question 1

You are the administrator for a tracking system application for a Human Resources (HR) Department that tracks different employee cases such as processing retirements or changing health benefits for ACME Inc... There are different permissions that different members the HR Staff need to execute on the cases to perform their duties. The available permissions that may be accomplished for each case are:

Read a case - you can open a case and view the contents.
Create a case - you can make a new case and save it...
Update a case - you can open a saved case, make changes to it and save the changes..
Search a case - you can search for cases using criteria and get returned cases that match the criteria..
Delete a case - you can delete an entire case..
Assign a case - you can assign a case to someone else to be worked on..

A. I want to have a group of HR managers that can perform all of the functions above.

B. I want to also have a separate group of HR personnel that can do everything except for alter or delete cases.

C. I want to have a separate group of HR personnel that can open and make changes to a case but only after it assigned to them.

D. I also want a separate group that if an ACME employee calls the HR helpdesk with a problem, the HR personnel that answers the phone should be able to: search for their case, look at its contents, and either make the appropriate changes or assign it to the group responsible for making the changes.
1.Out of Discretionary Access Control, Mandatory Access Control, and Role Based Access Control, which access control method (choose only one) is best at accommodating these permissions and why?.
2. Using least privilege principles; list all of the different groups you would make to accomplish the functions above along with the permissions that would be included in each group. Feel free to name all of the groups anything you like such as the HR Editors or HR Supervisors, etc. but include what permissions each group would have (Read, Create, Update, Search, Delete, and Assign) and list which requirement above it is addressing such as A, B, C, or D. .

Question 2

You are charged with maintaining a legacy Web application. It is a publicly facing e-Commerce site that allows customers to search for and order commemorative memorabilia and souvenirs using credit or debit card through an HTTP interface. Even though the Web server software is outdated and is no longer supported, it has been extremely reliable and has supported all updates to the application. There is a publicly accessible search mechanism that allows you to pull up your previous order and payment information using other previous order information. To order souvenirs or memorabilia, you are required to search for the items you would like to order and submit your order request via a Web form. The customer service personnel login and are granted full access rights to the application and database to assist customers with any issues including ordering questions and credit card issues.

List and explain, at least three, attack surfaces for this scenario. (Hint: there are four)

Question 3

Explain the difference between a rainbow table and a hash lookup table in respect to trying to compromise a computer system's password? What is reduction function, what does it do, and what is its purpose?

Question 4

Define and describe the terms threat, vulnerability, exploit, and risk.

Out of the four terms:

Which one would an approaching hurricane represent?

Which one would a Denial of Service (Dos) represent?

Which one would a hacker represent?

Which one would be represented by using a lookup table to compromise the password from a LAN Manager hash?

Question 5

Explain four general means (factors) of authenticating a user's identity?

Give a specific example and describe how a system would work that uses two of these factors together.

Give a specific example and describe how a system would work that uses three of these factors together.

Question 6

I have sensitive file deliveries to a high-profile client on a regular weekly interval. I suspect that someone is doing passive analysis on my data communication on my system so I decide to encrypt all of my data and data transmission to prevent any passive analysis of my data.
If I encrypt all of my data and transmissions, have I protected myself from passive attacks? Explain why or why not?

Question 7

1. Explain the difference between salting a password and peppering a password?

2. Your organization provides customer service for a variety of high-profile clients. The system used by the customer service representatives need to provide additional security to the hashed passwords in the database to ensure the sensitive client information is protected, however, you also need to ensure that your customer service reps can login quickly and efficiently to rapidly help customers with problems with their accounts.

In addition to the hashed passwords in the database, would you salt, pepper, or both? Explain why you would use the option you chose. Explain why you didn't choose the other option(s).

Question 8

An attacker is able to get the IP address of the target organization's Web server. From information leakage and social engineering, the attacker finds out that the company has Wake-On-LAN (WOL) implemented to save power as part of their green initiative. This lets you know that IP directed broadcasts are enabled.

If the attacker plans to spoof his address as the mail server, explain why this information might be beneficial to an attacker that plans on carrying out an ICMP Flood style Denial of Service attack.

Question 9

Describe two safeguards that a Web based system might have in place to prevent dictionary attacks.

Question 10

List and fully explain seven different types of biometric authentication. Give an example, for each one, of how they could be implemented into a system to authenticate a user such as device that currently exists or an example of how you would implement this in an authentication mechanism.

Reference no: EM13764034

Questions Cloud

Explain the interview with a teacher or caregiver : Explain the Interview with a Teacher or Caregiver. Explain that the interview will take approximately one hour and the purpose is to help you better understand the processes involved in special education.
Define the portfolio audit form to the dropbox : Next week, you will conduct a full and formal audit of your career portfolio. For now, however, you need to get started on that process. For this assignment, fill and post a copy of the Portfolio Audit Form to the Dropbox.
Summary of the company annual payroll-related costs : Magnum Plus, Inc., is a manufacturer of hunting supplies. The following is a summary of the company's annual payroll-related costs:
Osha to help for negotiations or hearings : The evidence collected by compliance officers during walk arounds will be used by OSHA to prove alleged citations. A pre-citation settlement can be a favorable way to resolve an enforcement action
Difference between a rainbow table and a hash lookup table : Explain the difference between a rainbow table and a hash lookup table in respect to trying to compromise a computer system's password? What is reduction function, what does it do, and what is its purpose?
Journal entries necessary to reflect the transactions above : Prepare all journal entries necessary to reflect the transactions above
Explain the bases and sources of international law : Explain the bases and sources of international law. How will accomplishing these objectives support your success in management
Security was merely checking virus updates : When you first started in this field, security was merely checking virus updates and making sure you put patches on your computers to protect the system from intruders. If the servers or workstations did get a virus, you conducted research on your..
The promises and perils of nuclear power : Discuss the scientific and technical concepts related to the use of nuclear power as an energy resource. Address the following in your response.

Reviews

Write a Review

 

Computer Network Security Questions & Answers

  Relationship between it execution and it governance

What is the relationship between IT execution and IT governance - describe how the COBIT framework institutes mechanisms to control IT risk.

  Explain it director and staff to how to mange complexities

Host the discussion with IT director and staff and let them know what you believe to be most significant of these extra complexities and reasons why you believe them to be difficult to manage.

  Create class to maintain personal budget for a year

Create a class to maintain a personal budget for a year. The name of this class is Budget. The data your class will need, at a minimum.

  Examine the contents of the security and privacy tabs

Examine the contents of the Security and Privacy tabs. How can these tabs be configured to provide: (a) content filtering and (b) protection from unwanted items like cookies?

  Detailed network security recommendations

As the company's subject matter expert/consultant, the CEO wants a 4-6 page report at the end of your assignment. The CEO tells you they will have remote users, so firewall and VPN technologies are needed.

  Academic method to project management

Sunnyville Corporation is in the business of selling home appliances. Sunnyville Corporation  has over 50 sales agents across the country. The management at Sunnyville Corporation has decided to implement an online sales program.

  Using the diffie-hellman key agreement protocol find the

1 using the diffie-hellman key agreement protocol find the common key that can be used by two parties with keys k1 7

  It infrastructure management pg assessment item 2enterprise

assessment item 2 ltbrgtenterprise architect3939s bog amp swot analysis ii ltbrgtvalue 35 ltbrgtdue date 04-oct-2014

  Analyze the header files of spams

Analyze the header files of spams. The file 199803.zip is a collection of spams received by someone during 1998 March (http://untroubled.org/spam/, other spam archives could be found at:http://spamlinks.net/filter-archives.htm, etc.).

  Security management

Choose a topic from your major field of study. For example, if you pursuing a degree in education, your topic will come from the education field.

  How is biometric method more beneficial than keypad

Those links are just for downloading required files. There is no work needed from any links. How is this biometric method more beneficial than keypad where the employee just presses in Pin number?

  Effective biometric systems

Discuss why are many of the reliable, effective biometric systems perceived as intrusive by users and what are stateful inspection firewalls and how do the tables track the state and context of each exchanged packet?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd