User Account

All Pages

Difference between a rainbow table and a hash lookup table

Assignment Help Computer Network Security
Reference no: EM13764034 , Length: 3000 Words

Question 1

You are the administrator for a tracking system application for a Human Resources (HR) Department that tracks different employee cases such as processing retirements or changing health benefits for ACME Inc... There are different permissions that different members the HR Staff need to execute on the cases to perform their duties. The available permissions that may be accomplished for each case are:

Read a case - you can open a case and view the contents.
Create a case - you can make a new case and save it...
Update a case - you can open a saved case, make changes to it and save the changes..
Search a case - you can search for cases using criteria and get returned cases that match the criteria..
Delete a case - you can delete an entire case..
Assign a case - you can assign a case to someone else to be worked on..

A. I want to have a group of HR managers that can perform all of the functions above.

B. I want to also have a separate group of HR personnel that can do everything except for alter or delete cases.

C. I want to have a separate group of HR personnel that can open and make changes to a case but only after it assigned to them.

D. I also want a separate group that if an ACME employee calls the HR helpdesk with a problem, the HR personnel that answers the phone should be able to: search for their case, look at its contents, and either make the appropriate changes or assign it to the group responsible for making the changes.
1.Out of Discretionary Access Control, Mandatory Access Control, and Role Based Access Control, which access control method (choose only one) is best at accommodating these permissions and why?.
2. Using least privilege principles; list all of the different groups you would make to accomplish the functions above along with the permissions that would be included in each group. Feel free to name all of the groups anything you like such as the HR Editors or HR Supervisors, etc. but include what permissions each group would have (Read, Create, Update, Search, Delete, and Assign) and list which requirement above it is addressing such as A, B, C, or D. .

Question 2

You are charged with maintaining a legacy Web application. It is a publicly facing e-Commerce site that allows customers to search for and order commemorative memorabilia and souvenirs using credit or debit card through an HTTP interface. Even though the Web server software is outdated and is no longer supported, it has been extremely reliable and has supported all updates to the application. There is a publicly accessible search mechanism that allows you to pull up your previous order and payment information using other previous order information. To order souvenirs or memorabilia, you are required to search for the items you would like to order and submit your order request via a Web form. The customer service personnel login and are granted full access rights to the application and database to assist customers with any issues including ordering questions and credit card issues.

List and explain, at least three, attack surfaces for this scenario. (Hint: there are four)

Question 3

Explain the difference between a rainbow table and a hash lookup table in respect to trying to compromise a computer system's password? What is reduction function, what does it do, and what is its purpose?

Question 4

Define and describe the terms threat, vulnerability, exploit, and risk.

Out of the four terms:

Which one would an approaching hurricane represent?

Which one would a Denial of Service (Dos) represent?

Which one would a hacker represent?

Which one would be represented by using a lookup table to compromise the password from a LAN Manager hash?

Question 5

Explain four general means (factors) of authenticating a user's identity?

Give a specific example and describe how a system would work that uses two of these factors together.

Give a specific example and describe how a system would work that uses three of these factors together.

Question 6

I have sensitive file deliveries to a high-profile client on a regular weekly interval. I suspect that someone is doing passive analysis on my data communication on my system so I decide to encrypt all of my data and data transmission to prevent any passive analysis of my data.
If I encrypt all of my data and transmissions, have I protected myself from passive attacks? Explain why or why not?

Question 7

1. Explain the difference between salting a password and peppering a password?

2. Your organization provides customer service for a variety of high-profile clients. The system used by the customer service representatives need to provide additional security to the hashed passwords in the database to ensure the sensitive client information is protected, however, you also need to ensure that your customer service reps can login quickly and efficiently to rapidly help customers with problems with their accounts.

In addition to the hashed passwords in the database, would you salt, pepper, or both? Explain why you would use the option you chose. Explain why you didn't choose the other option(s).

Question 8

An attacker is able to get the IP address of the target organization's Web server. From information leakage and social engineering, the attacker finds out that the company has Wake-On-LAN (WOL) implemented to save power as part of their green initiative. This lets you know that IP directed broadcasts are enabled.

If the attacker plans to spoof his address as the mail server, explain why this information might be beneficial to an attacker that plans on carrying out an ICMP Flood style Denial of Service attack.

Question 9

Describe two safeguards that a Web based system might have in place to prevent dictionary attacks.

Question 10

List and fully explain seven different types of biometric authentication. Give an example, for each one, of how they could be implemented into a system to authenticate a user such as device that currently exists or an example of how you would implement this in an authentication mechanism.

Reference no: EM13764034

Questions Cloud

Explain the interview with a teacher or caregiver : Explain the Interview with a Teacher or Caregiver. Explain that the interview will take approximately one hour and the purpose is to help you better understand the processes involved in special education.
Define the portfolio audit form to the dropbox : Next week, you will conduct a full and formal audit of your career portfolio. For now, however, you need to get started on that process. For this assignment, fill and post a copy of the Portfolio Audit Form to the Dropbox.
Summary of the company annual payroll-related costs : Magnum Plus, Inc., is a manufacturer of hunting supplies. The following is a summary of the company's annual payroll-related costs:
Osha to help for negotiations or hearings : The evidence collected by compliance officers during walk arounds will be used by OSHA to prove alleged citations. A pre-citation settlement can be a favorable way to resolve an enforcement action
Difference between a rainbow table and a hash lookup table : Explain the difference between a rainbow table and a hash lookup table in respect to trying to compromise a computer system's password? What is reduction function, what does it do, and what is its purpose?
Journal entries necessary to reflect the transactions above : Prepare all journal entries necessary to reflect the transactions above
Explain the bases and sources of international law : Explain the bases and sources of international law. How will accomplishing these objectives support your success in management
Security was merely checking virus updates : When you first started in this field, security was merely checking virus updates and making sure you put patches on your computers to protect the system from intruders. If the servers or workstations did get a virus, you conducted research on your..
The promises and perils of nuclear power : Discuss the scientific and technical concepts related to the use of nuclear power as an energy resource. Address the following in your response.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Present a short summary of the arguments for and against

you have been asked to help decide whether to outsource security or keep the security function within the firm. search

  Data standards and data security

Data Standards and Data Security

  Create list of security issues which the firm must monitor

You decide to create security checklist for New Century. Create list of security issues which the firm must evaluate and monitor. Make sure to organize items into categories which match five security levels.

  Assignment on internet hacking

The topic is internet Hacking it should be at least 6 to 8 body pargraph, I just waana let you now that im not native english speaker so plese have easy vocabulary

  Organization managing public information on its web server

omment on each of the following assets, by assigning a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers. An organization managing public information on its Web serv..

  Describe situations where end-to-end encryption combined

Give some examples where traffic analysis could jeopardize security. Describe situations where end-to-end encryption combined with link encryption would still allow enough traffic analysis to be dangerous. about 150 words with references

  Identify 3 different computer crimes that you are aware

computer crime has become a serious matter for your discussion board post consider the following do you think computer

  Discuss some of the problems nats create for ipsec security

Discuss some of the problems NATs create for IPsec security. (See [Phifer 2000]). Can we solve these problems by using IPv6? Why deployment of IPv6 has been slow to date. What is needed to accelerate its deployment?

  Will your file system of choice provide security

What type of OS to use along with the file system and why is this architecture is better than others? Will you use the same OS for servers and Desktops? Will your file system of choice provide security?

  You need to create an access list that will prevent hosts

1.you are working on a router that has established privilege levels that restrict access to certain functions. you

  Explain two-bit system noninterference-secure

The initial state is not output (in contrast to the example). Is this version of two-bit system noninterference-secure with respect to Lucy? Why or why not?

  Potential physical threats that require attention

Identify at least five (5) potential physical threats that require attention. Determine the impact of at least five (5) potential logical threats that require attention

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd