A1: Lab Practical Task – Password Analysis Group Assessment: No Submission method options: Turnitin with Blackboard (Interact 2)  Click here for Password file  Task Passwords are still the most common authentication factor in use today. The weaknesses of password-based authentication are well understood and documented, but their simplicity and familiarity mean that many systems still use passwords to authenticate users. While alternatives

Uncategorized

A1: Lab Practical Task – Password Analysis

Group Assessment: No

Submission method options: Turnitin with Blackboard (Interact 2)

Click here for Password file

Task

Passwords are still the most common authentication factor in use today. The weaknesses of password-based authentication are well understood and documented, but their simplicity and familiarity mean that many systems still use passwords to authenticate users. While alternatives to password-based authentication exist and are evolving, many companies still rely solely on passwords to protect their users and the information assets they have custodianship over.

This practical task requires you to perform a detailed analysis of system passwords as part of an ethical hacking engagement. You will first crack then analyse a sample password file from a client, then advise them on the weaknesses discovered. You will also provide recommendations for ways to improve their password hygiene and access control in general.

 

Your task are as follows:

Crack the password file supplied using any suitable tool, and report the contents

Analyse the contents of the password file using commonly accepted password hygiene and system security standards

Make recommendations for improving user access control supported by literature

Rationale

This assessment task will assess the following learning outcomes:

be able to analyse information system weaknesses, and demonstrate how these make an environment vulnerable to attack.

be able to apply reconnaissance tools and techniques to obtain information during this phase of the hacking process.

be able to compare and contrast different techniques used by intruders to penetrate a system and escalate privileges.

be able to implement countermeasures to prevent attackers causing harm to their target, and from covering their tracks.

be able to analyse and compare common web application attack techniques, and justify defences that mitigate these attacks.

Marking criteria and standards

Criteria

HD

DI

CR

PS

FL

Marks

Successfully crack the password file and identify the source system and password storage format.

All passwords are accurately recovered, the source file is accurately described, and source system identified.

All passwords are accurately recovered, the source file is described, and source system identified.

Most passwords are accurately recovered, the source file is described, and source system identified.

Some passwords are accurately recovered, the source file is mostly described, and source system identified.

The passwords are not accurately recovered and/or the source system and file are not accurately described or identified.

/30

Analyse the contents of the password file using commonly accepted password hygiene and system security standards

The passwords are accurately and insightfully critiqued and the system security weaknesses comprehensively described.

The passwords are accurately critiqued, and the system security weaknesses clearly described.

The passwords are accurately critiqued, and the system security weaknesses described.

The passwords are critiqued, and the system security weaknesses described.

The passwords are not well critiqued, and/or the system security flaws are not well described.

/30

Make suitable recommendations for improving user access control

Insightful and appropriate recommendations are proposed and clearly explained that will improve the overall access control security posture.

Appropriate recommendations are proposed and well explained that will improve the overall access control security posture.

Clear recommendations are proposed and explained that will improve the overall access control security posture.

Recommendations are proposed and explained that will somewhat improve the overall access control security posture.

Recommendations are not clear or appropriate or will not improve the access control security posture.

/30

Present the information in a neat and professional format using appropriate literature to support your recommendations.

Presentation and formatting are professional and communicate with the reader very clearly. Appropriate literature has been sourced and effectively used to support the proposals.

Presentation and formatting are professional and communicate well with the reader. Appropriate literature has been sourced and effectively used to support the proposals.

Presentation and formatting are very clear and communicate well with the reader. Appropriate literature has been sourced and used to support the proposals.

Presentation and formatting are mostly clear and communicate reasonably well with the reader. Somewhat appropriate literature has been sourced and used to support the proposals.

Presentation and formatting is not clear or effective, and/or the literature sourced is inappropriate or not effectively used to support the proposals.

/10

Presentation

Reference no: EM132069492

WhatsApp
Hello! Need help with your assignments? We are here
Let's chat now!

GRAB 25% OFF YOUR ORDERS TODAY

PLACE YOUR ORDER NOW!
X