Most users would not follow the listed guideline because most of them want to have easy to remember passwords, one would wish to use his phone number or spouse name because they are guaranteed not to forget, unlike long passwords short passwords are much easier to memorize and incase it is forgotten it might not take long before its remembered.
Changing of passwords every time might look cumbersome in order to avoid this user might be tempted to only use the same kind of password all the time. Use of the same password every time a user logs in to a computer system exposes the system to threats such as unauthorized access by friends.
Mixing of characters bring out confusing characters this tend to be a bit more difficult to memorize and even if one has memorized it, it might be hard to pick each character as they follow because they do not flow. Character mixing, though effective, users may be tempted to note down the mixed-up-character password to aid their memory which may be picked up by other persons.
Identity management
This is the authentication and verification from a single point; it’s a one stand in procedure across several different applications.
1. Pros and cons for federated identity manager.
Pros
a. This would do away with the need for one to log in every time he want s to access an account that is either on the same machine or related to the previous or one whose access level is below the one he accessed last.
b. It will increase efficiency because the time spent between logout and login to different accounts and back will now be spent doing other useful things such as performing a search and retrieving the required information.(Bell, 2008)
c. Also promotes auditing; auditing is tracking which clients accessed what, and which way. Audit trails will enable unearth irregular system access patterns leading to implementation of security measures.
Cons
a. It can increase insecurity such other unauthorized people can access certain accounts in the network once one person with higher privilege is logged in.
b. Implementation may be costy.
c. Requires frequent monitoring which might be time consuming in order to actualize auditing.
Part B
1. Number of possible combinations we use permutation (nPr)
nPr = n!
(n-r)!
Where n is number of character to chose from, r is the length of password.
= 26!
(26-9)!
= 1.133836704 * 10 pow 12
Time taken =1133836704000*1
100*60*60*24= 131231 days
2. Ways in which a process could challenge the security of a computer system if not stopped by the operating system.
a. Process could alter system files hence hinder the performance of the system
b. Process could delete or manipulate sensitive file in the system.
c. Process could invoke other processes which do which would be deadly to the system performance or even destroy the system totally.
3. The developer can only be responsible to the extent in which he has guaranteed the system would resist this software. Most of these malicious software’s have the makeup of any other programs only that they perform unwanted activities. If the developer was to prevent them from gaining access to sensitive data this would to some extent also prevent other software’s that are supposed to gain access from doing so and thus also causing other problems.
Development in programming improves day in day out hence an operating system developed five years ago can be obsolete, such system can have flaws and because of the advanced technology malicious programmer can gain access to files, the blame will only be on the operating system developer if he provides no upgrades, but if he has the upgrades and the user doesn’t use then the developer is not to be blamed.
Because of such problems, the developer can only be held responsibly to a very limited extent and the rest is upon the user to take other measures to ensure the safety of such sensitive data.
4. It’s the owners responsibility to lock the house in such a way that intruders cannot get in. In a perfect world this responsibility could have been entrusted to the public but putting into consideration that the intruders agenda is to enter the house then this cannot be left at the public.
In this regards it becomes the responsibility of the operating system to guard the system and not the hackers to stay away.
48. Encryption
Encryption refers to algorithmic schemes that encode plain text into non-readable form or cyphertext, providing privacy. The encrypt text receiver do use a key in descrypting the message and making it acquire the original meaning. This key used by the receiver triggers the algorithm mechanism.
Public key encryption
Public key encryption falls under the asymmetric key this scheme creates a key pair for the user a public key and a private key. The senders of texts can get this key online when a public key is published. This key can therefore be used to send the text to the public key owner. Once encrypted, the cipher text cannot be decrypted except by the one who holds the private key of that key pair. The base of this algorithm is in the keys which work hand in hand with the other. Public key encryption is considered one step more secure than symmetric encryption, because the decryption key can be kept private.
Public key encryption is a secure and easy way that can be used to encrypt data that you will be receiving. It is done electronically. This public key is posted to the public to see and to use. Through this, the public can use the key, encrypt a text and send it to you. This is what happens when writing e-mails. On the other hand there is a private key that only a single person can use thus the encrypted code is deciphered. This means that while any can encrypt the data with the public key, it can only be read again by whoever has the private key.
49. Unprotected P.C is danger to the internet in the following ways; this are said to be threats to computer systems.
Interception: an unauthorized party has gained access to a service or data e.g. when someone is eavesdropping into a private conversation or communication of others. Also include copying data illegally.
Interruption: the situation when a service or data becomes unavailable, unusable, destroyed etc. Examples include: when a file is lost or corrupted, denial of service by malicious attacks
Modification: unauthorized changing the data or service so that it no longer adheres to its original specification. Examples include: intercepting and changing transmitted data; altering database entries
Fabrication: generating data or activity that would not normally exist. For example, adding a password into a password file or database or falsifying a service.
#11 Denial of service attack
This is an attempt to make a computer resource unavailable to its intended user. The symptoms to denial of service can be
- Unusually slow network performance
- Unavailability of particular files.
- Inability of access to any data
- Dramatic increase in the number of spam emails e.g. (email bomb)
The responsibility will only lie to the P.C user if he is a knowledgeable user but when he is a naïve user he takes less blame or no blame at all this because prevention needs to be done at the I.P packet level individual packets can be detected during transmission but the i.p packet contents (payload) cannot be read.
Encryption and decryption of i.p packets occur only at the routers that you configure for network data, encrypted packets can be exchanged between peer routers only during encrypted sessions. A sophisticated user can perform this process of encryption while a naïve user cannot thus the blame is not shared equally among the two.
The issues of firewall also play a major role. This is because installation of proper firewall will ensure only the required programs by the user are allowed to access the files in the P.C
Reference
Bell, M. (2008).Introduction to service –oriented Modeling: service analysis, design, and Architecture: London: Willy and sons.2008 print
